check4updates - npm Package Compare versions

Comparing version 1.2.10 to 1.3.0

package.json

 {
   "name": "check4updates",
-  "version": "1.2.10",
+  "version": "1.3.0",
   "description": "Check and update package dependencies.",
@@ -42,3 +42,3 @@ "keywords": [
     "all": "npm-run-all clean lint test",
-    "changelog": "conventional-changelog -p eslint -i CHANGELOG.md -s -r1",
+    "changelog": "npx conventional-changelog -p eslint -i CHANGELOG.md -s -r1",
     "clean": "rimraf coverage .nyc_output",
@@ -53,28 +53,25 @@ "coverage": "c8 -r text npm test",
     "debug": "^4.3.4",
-    "hosted-git-info": "git+https://github.com/spurreiter/hosted-git-info.git#semver:3.1.0-4",
-    "lru-cache": "^7.17.0",
+    "hosted-git-info": "^7.0.0",
     "lodash.get": "^4.4.2",
-    "pacote": "^15.1.1",
+    "lru-cache": "^10.0.1",
+    "pacote": "^17.0.2",
     "progress": "^2.0.3",
-    "semver": "^7.3.8",
+    "semver": "^7.5.4",
     "semver-utils": "^1.1.4"
   },
   "devDependencies": {
-    "c8": "^7.13.0",
-    "eslint": "^8.35.0",
-    "eslint-config-standard": "^17.0.0",
-    "eslint-plugin-import": "^2.27.5",
-    "eslint-plugin-n": "^15.6.1",
+    "c8": "^8.0.1",
+    "eslint": "^8.47.0",
+    "eslint-config-standard": "^17.1.0",
+    "eslint-plugin-import": "^2.28.1",
+    "eslint-plugin-n": "^16.0.1",
     "eslint-plugin-promise": "^6.1.1",
     "mocha": "^10.2.0",
     "npm-run-all": "^4.1.5",
-    "rimraf": "^4.1.2",
+    "rimraf": "^5.0.1",
     "shelljs": "^0.8.5"
   },
-  "bundleDependencies": [
-    "hosted-git-info"
-  ],
-  "noBump": {
-    "chalk": "^4"
+  "c4uIgnore": {
+    "chalk": "^4 // version >=5 uses ESM"
   }
 }

README.md

 # check4updates
 
-[![NPM version](https://badge.fury.io/js/check4updates.svg)](https://www.npmjs.com/package/check4updates/)
+[![npm version][npm-version-badge]][npm-version-badge-link]
 
@@ -13,3 +13,4 @@ > Check and update package dependencies.
 - local tgz packages
-- taged git versions on github/ gitlab/ bitbucket (thank you [uWebSockets.js][])
+- tagged git versions on github/ gitlab/ bitbucket (e.g. [uWebSockets.js][])
+- ignore updates using `c4uIgnore` in `package.json`
 
@@ -22,2 +23,27 @@ For other similar tools see:
 
+## ignore updates in package.json
+
+add a `c4uIgnore` field in the `package.json` file, like:
+
+```
+{ ...
+  "c4uIgnore": {
+    "<package-name>": "<allowed-range>[ // optional comment]"
+  }
+}
+```
+
+e.g.
+```json
+{
+  "name": "my-package",
+  "dependecies": {
+    "chalk": "^4.0.0"
+  },
+  "c4uIgnore": {
+    "chalk": "^4 // do not upgrade; ^5 is ESM only support"
+  }
+}
+```
+
 ## cli
@@ -82,1 +108,4 @@
 [uWebSockets.js]: https://github.com/uNetworking/uWebSockets.js
+
+[npm-version-badge]: https://badge.fury.io/js/check4updates.svg
+[npm-version-badge-link]: https://www.npmjs.com/package/check4updates

src/check.js

 const { eachLimit } = require('asyncc-promise')
+const semver = require('semver')
 const { PckgJson } = require('./PckgJson')
@@ -39,3 +40,19 @@ const { resolverPrepare, resolver, resolverRange } = require('./resolvers')
 
-const calcRange = ({ patch, minor, major, max }) => results => {
+const setIgnoredFlag = ({ results, ignored, type }) => {
+  if (!ignored) {
+    return
+  }
+  results.forEach(res => {
+    const range = ignored[res.package]
+    if (range) {
+      const selectedVersion = res[type]
+      const satisfies = semver.satisfies(selectedVersion, range)
+      if (!satisfies) {
+        res.ignore = true
+      }
+    }
+  })
+}
+
+const calcRange = ({ pckg, patch, minor, major, max }) => results => {
   const type = patch
@@ -50,2 +67,6 @@ ? 'patch'
           : 'latest'
+
+  const ignored = pckg.getIgnored()
+  setIgnoredFlag({ results, ignored, type })
+
   const packages = resolverRange(results, type)
@@ -90,3 +111,3 @@ log('packages', packages)
     .then(calcVersions)
-    .then(calcRange({ patch, minor, major, max }))
+    .then(calcRange({ pckg, patch, minor, major, max }))
     .then(updatePckg(update, pckg))
@@ -93,0 +114,0 @@ }

src/PckgJson.js

@@ -0,4 +1,5 @@
+const fs = require('fs')
 const { promisify } = require('util')
-const fs = require('fs')
 const { resolve } = require('path')
+const semver = require('semver')
 
@@ -12,2 +13,3 @@ const fsReadFile = promisify(fs.readFile)
     this.filename = resolve(dirname, filename)
+    this.content = undefined
   }
@@ -54,2 +56,31 @@
 
+  /**
+   * get all files under c4uIgnore
+   * @returns {Record<string,string>|undefined}
+   */
+  getIgnored () {
+    const c4uIgnore = this.content?.c4uIgnore
+    if (c4uIgnore && typeof c4uIgnore === 'object') {
+      const rangesOnly = Object.entries(c4uIgnore)
+        .reduce((curr, [pckg, rangeComment]) => {
+          const [range] = String(rangeComment).split(/\s*\/\/\s*/)
+          if (semver.validRange(range)) {
+            curr[pckg] = range.trim()
+          } else {
+            throw new Error(`c4uIgnore: package "${pckg}" does not contain a valid range "${range}"`)
+          }
+          return curr
+        }, {})
+      return rangesOnly
+    }
+  }
+
+  /**
+   * @param {{
+   *  prod?: boolean
+   *  dev?: boolean
+   *  peer?: boolean
+   * }} opts
+   * @returns {Promise<Record<string,string>}
+   */
   read (opts = {}) {
@@ -68,2 +99,6 @@ if (!opts.prod && !opts.dev && !opts.peer) {
 
+  /**
+   * @param {Record<string,string>} packages
+   * @returns {Promise<void>}
+   */
   write (packages = {}) {
@@ -70,0 +105,0 @@ this.content = this._merge(this.content, packages)

src/resolvers/index.js

@@ -41,3 +41,3 @@ /**
   const packages = aVersionsO.reduce((o, versionO) => {
-    if (!versionO.error) {
+    if (!versionO.error && !versionO.ignore) {
       const { package: pckg, mode } = versionO
@@ -44,0 +44,0 @@ let final

src/ttyout.js

@@ -23,7 +23,11 @@ const chalk = require('chalk')
 
-const colorVersion = (version, range, wildcard = '') => {
+const colorVersion = (version, range, wildcard = '', ignore) => {
   let r
+  if (ignore) {
+    return chalk.gray(wildcard + version + ' (ignored)')
+  }
   if (!semver.satisfies(version, range)) {
     return chalk.red(wildcard + version)
-  } else if ((r = parse(range))) {
+  }
+  if ((r = parse(range))) {
     const v = parse(version)
@@ -40,5 +44,5 @@ let i = 0
       v[3]
-  } else {
-    return wildcard + version
   }
+
+  return wildcard + version
 }
@@ -67,8 +71,10 @@
   } else {
+    let needsUpdateCnt = 0
     const pckgInfo = !filtered.length
       ? ''
       : filtered.map(r => {
+        if (!r.ignore) needsUpdateCnt++
         const _pckg = r.package.padEnd(max.pckg)
         const _range = r.range.replace(/\s/g, '').padStart(max.range)
-        const _version = (!r.wildcard ? ' ' : '') + colorVersion(r[type], r.range, r.wildcard)
+        const _version = (!r.wildcard ? ' ' : '') + colorVersion(r[type], r.range, r.wildcard, r.ignore)
         return spacer + `${_pckg}  ${_range}  \u{2192}  ${_version}`
@@ -84,7 +90,9 @@ }).join(cr) + cr + cr
 
-    const updateInfo = spacer + (
-      update
-        ? `Run ${chalk.cyan('npm i')}`
-        : `Run ${chalk.cyan('c4u -u')} to upgrade package.json`
-    ) + cr
+    const updateInfo = needsUpdateCnt
+      ? spacer + (
+        update
+          ? `Run ${chalk.cyan('npm i')}`
+          : `Run ${chalk.cyan('c4u -u')} to upgrade package.json`
+      ) + cr
+      : spacer + 'All dependencies match the desired package versions...' + cr
 
@@ -91,0 +99,0 @@ return cr + pckgInfo + errorInfo + updateInfo

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Git dependency

Supply chain risk

Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.

Found 1 instance in 1 package

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Mixed license

License

(Experimental) Package contains multiple licenses.

Found 1 instance in 1 package

Unidentified License

License

(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.

Found 1 instance in 1 package

Improved metrics

Number of low license alerts

0

decreased by-100%

License quality

100

increased by25%

Number of lines in readme file

109

increased by36.25%

Number of high supply chain risk alerts

0

decreased by-100%

Worsened metrics

Total package byte prevSize

30845

decreased by-81.43%

Number of package files

16

decreased by-42.86%

Lines of code

912

decreased by-76.75%

Dependency changes

• + Added@npmcli/agent@2.2.2(transitive)

• + Added@npmcli/git@5.0.8(transitive)

• + Added@npmcli/package-json@5.2.1(transitive)

• + Added@npmcli/promise-spawn@7.0.2(transitive)

• + Added@npmcli/redact@1.1.0(transitive)

• + Added@npmcli/run-script@7.0.4(transitive)

• + Added@sigstore/bundle@2.3.2(transitive)

• + Added@sigstore/core@1.1.0(transitive)

• + Added@sigstore/protobuf-specs@0.3.2(transitive)

• + Added@sigstore/sign@2.3.2(transitive)

• + Added@sigstore/tuf@2.3.4(transitive)

• + Added@sigstore/verify@1.2.1(transitive)

• + Added@tufjs/canonical-json@2.0.0(transitive)

• + Added@tufjs/models@2.0.1(transitive)

• + Addedabbrev@2.0.0(transitive)

• + Addedagent-base@7.1.1(transitive)

• + Addedcacache@18.0.4(transitive)

• + Addedhosted-git-info@7.0.2(transitive)

• + Addedhttp-proxy-agent@7.0.2(transitive)

• + Addedhttps-proxy-agent@7.0.5(transitive)

• + Addedini@4.1.3(transitive)

• + Addedisexe@3.1.1(transitive)

• + Addedmake-fetch-happen@13.0.1(transitive)

• + Addedminipass-collect@2.0.1(transitive)

• + Addednode-gyp@10.2.0(transitive)

• + Addednopt@7.2.1(transitive)

• + Addednormalize-package-data@6.0.2(transitive)

• + Addednpm-package-arg@11.0.3(transitive)

• + Addednpm-packlist@8.0.2(transitive)

• + Addednpm-pick-manifest@9.1.0(transitive)

• + Addednpm-registry-fetch@16.2.1(transitive)

• + Addedpacote@17.0.7(transitive)

• + Addedproc-log@4.2.0(transitive)

• + Addedread-package-json@7.0.1(transitive)

• + Addedsigstore@2.3.1(transitive)

• + Addedsocks-proxy-agent@8.0.4(transitive)

• + Addedtuf-js@2.2.1(transitive)

• + Addedwhich@4.0.0(transitive)

• - Removed@gar/promisify@1.1.3(transitive)

• - Removed@npmcli/fs@2.1.2(transitive)

• - Removed@npmcli/git@4.1.0(transitive)

• - Removed@npmcli/move-file@2.0.1(transitive)

• - Removed@npmcli/promise-spawn@6.0.2(transitive)

• - Removed@npmcli/run-script@6.0.2(transitive)

• - Removed@sigstore/bundle@1.1.0(transitive)

• - Removed@sigstore/protobuf-specs@0.2.1(transitive)

• - Removed@sigstore/sign@1.0.0(transitive)

• - Removed@sigstore/tuf@1.0.3(transitive)

• - Removed@tootallnate/once@2.0.0(transitive)

• - Removed@tufjs/canonical-json@1.0.0(transitive)

• - Removed@tufjs/models@1.0.4(transitive)

• - Removedabbrev@1.1.1(transitive)

• - Removedagent-base@6.0.2(transitive)

• - Removedagentkeepalive@4.5.0(transitive)

• - Removedaproba@2.0.0(transitive)

• - Removedare-we-there-yet@3.0.1(transitive)

• - Removedbrace-expansion@1.1.11(transitive)

• - Removedcacache@16.1.317.1.4(transitive)

• - Removedcolor-support@1.1.3(transitive)

• - Removedconcat-map@0.0.1(transitive)

• - Removedconsole-control-strings@1.1.0(transitive)

• - Removeddelegates@1.0.0(transitive)

• - Removedfs.realpath@1.0.0(transitive)

• - Removedfunction-bind@1.1.2(transitive)

• - Removedgauge@4.0.4(transitive)

• - Removedglob@7.2.38.1.0(transitive)

• - Removedhas-unicode@2.0.1(transitive)

• - Removedhasown@2.0.2(transitive)

• - Removedhosted-git-info@6.1.1(transitive)

• - Removedhttp-proxy-agent@5.0.0(transitive)

• - Removedhttps-proxy-agent@5.0.1(transitive)

• - Removedhumanize-ms@1.2.1(transitive)

• - Removedinfer-owner@1.0.4(transitive)

• - Removedinflight@1.0.6(transitive)

• - Removedinherits@2.0.4(transitive)

• - Removedis-core-module@2.15.1(transitive)

• - Removedlru-cache@7.18.3(transitive)

• - Removedmake-fetch-happen@10.2.111.1.1(transitive)

• - Removedminimatch@3.1.25.1.6(transitive)

• - Removedminipass-collect@1.0.2(transitive)

• - Removedminipass-fetch@2.1.2(transitive)

• - Removednode-gyp@9.4.1(transitive)

• - Removednopt@6.0.0(transitive)

• - Removednormalize-package-data@5.0.0(transitive)

• - Removednpm-package-arg@10.1.0(transitive)

• - Removednpm-packlist@7.0.4(transitive)

• - Removednpm-pick-manifest@8.0.2(transitive)

• - Removednpm-registry-fetch@14.0.5(transitive)

• - Removednpmlog@6.0.2(transitive)

• - Removedonce@1.4.0(transitive)

• - Removedpacote@15.2.0(transitive)

• - Removedpath-is-absolute@1.0.1(transitive)

• - Removedproc-log@3.0.0(transitive)

• - Removedread-package-json@6.0.4(transitive)

• - Removedreadable-stream@3.6.2(transitive)

• - Removedrimraf@3.0.2(transitive)

• - Removedsafe-buffer@5.2.1(transitive)

• - Removedset-blocking@2.0.0(transitive)

• - Removedsignal-exit@3.0.7(transitive)

• - Removedsigstore@1.9.0(transitive)

• - Removedsocks-proxy-agent@7.0.0(transitive)

• - Removedssri@9.0.1(transitive)

• - Removedstring_decoder@1.3.0(transitive)

• - Removedtuf-js@1.1.7(transitive)

• - Removedunique-filename@2.0.1(transitive)

• - Removedunique-slug@3.0.0(transitive)

• - Removedutil-deprecate@1.0.2(transitive)

• - Removedwhich@3.0.1(transitive)

• - Removedwide-align@1.1.5(transitive)

• - Removedwrappy@1.0.2(transitive)

• Updatedhosted-git-info@^7.0.0

• Updatedlru-cache@^10.0.1

• Updatedpacote@^17.0.2

• Updatedsemver@^7.5.4