check4updates
Advanced tools
Comparing version 1.2.10 to 1.3.0
{ | ||
"name": "check4updates", | ||
"version": "1.2.10", | ||
"version": "1.3.0", | ||
"description": "Check and update package dependencies.", | ||
@@ -42,3 +42,3 @@ "keywords": [ | ||
"all": "npm-run-all clean lint test", | ||
"changelog": "conventional-changelog -p eslint -i CHANGELOG.md -s -r1", | ||
"changelog": "npx conventional-changelog -p eslint -i CHANGELOG.md -s -r1", | ||
"clean": "rimraf coverage .nyc_output", | ||
@@ -53,28 +53,25 @@ "coverage": "c8 -r text npm test", | ||
"debug": "^4.3.4", | ||
"hosted-git-info": "git+https://github.com/spurreiter/hosted-git-info.git#semver:3.1.0-4", | ||
"lru-cache": "^7.17.0", | ||
"hosted-git-info": "^7.0.0", | ||
"lodash.get": "^4.4.2", | ||
"pacote": "^15.1.1", | ||
"lru-cache": "^10.0.1", | ||
"pacote": "^17.0.2", | ||
"progress": "^2.0.3", | ||
"semver": "^7.3.8", | ||
"semver": "^7.5.4", | ||
"semver-utils": "^1.1.4" | ||
}, | ||
"devDependencies": { | ||
"c8": "^7.13.0", | ||
"eslint": "^8.35.0", | ||
"eslint-config-standard": "^17.0.0", | ||
"eslint-plugin-import": "^2.27.5", | ||
"eslint-plugin-n": "^15.6.1", | ||
"c8": "^8.0.1", | ||
"eslint": "^8.47.0", | ||
"eslint-config-standard": "^17.1.0", | ||
"eslint-plugin-import": "^2.28.1", | ||
"eslint-plugin-n": "^16.0.1", | ||
"eslint-plugin-promise": "^6.1.1", | ||
"mocha": "^10.2.0", | ||
"npm-run-all": "^4.1.5", | ||
"rimraf": "^4.1.2", | ||
"rimraf": "^5.0.1", | ||
"shelljs": "^0.8.5" | ||
}, | ||
"bundleDependencies": [ | ||
"hosted-git-info" | ||
], | ||
"noBump": { | ||
"chalk": "^4" | ||
"c4uIgnore": { | ||
"chalk": "^4 // version >=5 uses ESM" | ||
} | ||
} |
# check4updates | ||
[![NPM version](https://badge.fury.io/js/check4updates.svg)](https://www.npmjs.com/package/check4updates/) | ||
[![npm version][npm-version-badge]][npm-version-badge-link] | ||
@@ -13,3 +13,4 @@ > Check and update package dependencies. | ||
- local tgz packages | ||
- taged git versions on github/ gitlab/ bitbucket (thank you [uWebSockets.js][]) | ||
- tagged git versions on github/ gitlab/ bitbucket (e.g. [uWebSockets.js][]) | ||
- ignore updates using `c4uIgnore` in `package.json` | ||
@@ -22,2 +23,27 @@ For other similar tools see: | ||
## ignore updates in package.json | ||
add a `c4uIgnore` field in the `package.json` file, like: | ||
``` | ||
{ ... | ||
"c4uIgnore": { | ||
"<package-name>": "<allowed-range>[ // optional comment]" | ||
} | ||
} | ||
``` | ||
e.g. | ||
```json | ||
{ | ||
"name": "my-package", | ||
"dependecies": { | ||
"chalk": "^4.0.0" | ||
}, | ||
"c4uIgnore": { | ||
"chalk": "^4 // do not upgrade; ^5 is ESM only support" | ||
} | ||
} | ||
``` | ||
## cli | ||
@@ -82,1 +108,4 @@ | ||
[uWebSockets.js]: https://github.com/uNetworking/uWebSockets.js | ||
[npm-version-badge]: https://badge.fury.io/js/check4updates.svg | ||
[npm-version-badge-link]: https://www.npmjs.com/package/check4updates |
const { eachLimit } = require('asyncc-promise') | ||
const semver = require('semver') | ||
const { PckgJson } = require('./PckgJson') | ||
@@ -39,3 +40,19 @@ const { resolverPrepare, resolver, resolverRange } = require('./resolvers') | ||
const calcRange = ({ patch, minor, major, max }) => results => { | ||
const setIgnoredFlag = ({ results, ignored, type }) => { | ||
if (!ignored) { | ||
return | ||
} | ||
results.forEach(res => { | ||
const range = ignored[res.package] | ||
if (range) { | ||
const selectedVersion = res[type] | ||
const satisfies = semver.satisfies(selectedVersion, range) | ||
if (!satisfies) { | ||
res.ignore = true | ||
} | ||
} | ||
}) | ||
} | ||
const calcRange = ({ pckg, patch, minor, major, max }) => results => { | ||
const type = patch | ||
@@ -50,2 +67,6 @@ ? 'patch' | ||
: 'latest' | ||
const ignored = pckg.getIgnored() | ||
setIgnoredFlag({ results, ignored, type }) | ||
const packages = resolverRange(results, type) | ||
@@ -90,3 +111,3 @@ log('packages', packages) | ||
.then(calcVersions) | ||
.then(calcRange({ patch, minor, major, max })) | ||
.then(calcRange({ pckg, patch, minor, major, max })) | ||
.then(updatePckg(update, pckg)) | ||
@@ -93,0 +114,0 @@ } |
@@ -0,4 +1,5 @@ | ||
const fs = require('fs') | ||
const { promisify } = require('util') | ||
const fs = require('fs') | ||
const { resolve } = require('path') | ||
const semver = require('semver') | ||
@@ -12,2 +13,3 @@ const fsReadFile = promisify(fs.readFile) | ||
this.filename = resolve(dirname, filename) | ||
this.content = undefined | ||
} | ||
@@ -54,2 +56,31 @@ | ||
/** | ||
* get all files under c4uIgnore | ||
* @returns {Record<string,string>|undefined} | ||
*/ | ||
getIgnored () { | ||
const c4uIgnore = this.content?.c4uIgnore | ||
if (c4uIgnore && typeof c4uIgnore === 'object') { | ||
const rangesOnly = Object.entries(c4uIgnore) | ||
.reduce((curr, [pckg, rangeComment]) => { | ||
const [range] = String(rangeComment).split(/\s*\/\/\s*/) | ||
if (semver.validRange(range)) { | ||
curr[pckg] = range.trim() | ||
} else { | ||
throw new Error(`c4uIgnore: package "${pckg}" does not contain a valid range "${range}"`) | ||
} | ||
return curr | ||
}, {}) | ||
return rangesOnly | ||
} | ||
} | ||
/** | ||
* @param {{ | ||
* prod?: boolean | ||
* dev?: boolean | ||
* peer?: boolean | ||
* }} opts | ||
* @returns {Promise<Record<string,string>} | ||
*/ | ||
read (opts = {}) { | ||
@@ -68,2 +99,6 @@ if (!opts.prod && !opts.dev && !opts.peer) { | ||
/** | ||
* @param {Record<string,string>} packages | ||
* @returns {Promise<void>} | ||
*/ | ||
write (packages = {}) { | ||
@@ -70,0 +105,0 @@ this.content = this._merge(this.content, packages) |
@@ -41,3 +41,3 @@ /** | ||
const packages = aVersionsO.reduce((o, versionO) => { | ||
if (!versionO.error) { | ||
if (!versionO.error && !versionO.ignore) { | ||
const { package: pckg, mode } = versionO | ||
@@ -44,0 +44,0 @@ let final |
@@ -23,7 +23,11 @@ const chalk = require('chalk') | ||
const colorVersion = (version, range, wildcard = '') => { | ||
const colorVersion = (version, range, wildcard = '', ignore) => { | ||
let r | ||
if (ignore) { | ||
return chalk.gray(wildcard + version + ' (ignored)') | ||
} | ||
if (!semver.satisfies(version, range)) { | ||
return chalk.red(wildcard + version) | ||
} else if ((r = parse(range))) { | ||
} | ||
if ((r = parse(range))) { | ||
const v = parse(version) | ||
@@ -40,5 +44,5 @@ let i = 0 | ||
v[3] | ||
} else { | ||
return wildcard + version | ||
} | ||
return wildcard + version | ||
} | ||
@@ -67,8 +71,10 @@ | ||
} else { | ||
let needsUpdateCnt = 0 | ||
const pckgInfo = !filtered.length | ||
? '' | ||
: filtered.map(r => { | ||
if (!r.ignore) needsUpdateCnt++ | ||
const _pckg = r.package.padEnd(max.pckg) | ||
const _range = r.range.replace(/\s/g, '').padStart(max.range) | ||
const _version = (!r.wildcard ? ' ' : '') + colorVersion(r[type], r.range, r.wildcard) | ||
const _version = (!r.wildcard ? ' ' : '') + colorVersion(r[type], r.range, r.wildcard, r.ignore) | ||
return spacer + `${_pckg} ${_range} \u{2192} ${_version}` | ||
@@ -84,7 +90,9 @@ }).join(cr) + cr + cr | ||
const updateInfo = spacer + ( | ||
update | ||
? `Run ${chalk.cyan('npm i')}` | ||
: `Run ${chalk.cyan('c4u -u')} to upgrade package.json` | ||
) + cr | ||
const updateInfo = needsUpdateCnt | ||
? spacer + ( | ||
update | ||
? `Run ${chalk.cyan('npm i')}` | ||
: `Run ${chalk.cyan('c4u -u')} to upgrade package.json` | ||
) + cr | ||
: spacer + 'All dependencies match the desired package versions...' + cr | ||
@@ -91,0 +99,0 @@ return cr + pckgInfo + errorInfo + updateInfo |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Git dependency
Supply chain riskContains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
Unidentified License
License(Experimental) Something that seems like a license was found, but its contents could not be matched with a known license.
Found 1 instance in 1 package
0
100
109
0
30845
16
912
+ Added@npmcli/agent@2.2.2(transitive)
+ Added@npmcli/git@5.0.8(transitive)
+ Added@npmcli/package-json@5.2.1(transitive)
+ Added@npmcli/promise-spawn@7.0.2(transitive)
+ Added@npmcli/redact@1.1.0(transitive)
+ Added@npmcli/run-script@7.0.4(transitive)
+ Added@sigstore/bundle@2.3.2(transitive)
+ Added@sigstore/core@1.1.0(transitive)
+ Added@sigstore/protobuf-specs@0.3.2(transitive)
+ Added@sigstore/sign@2.3.2(transitive)
+ Added@sigstore/tuf@2.3.4(transitive)
+ Added@sigstore/verify@1.2.1(transitive)
+ Added@tufjs/canonical-json@2.0.0(transitive)
+ Added@tufjs/models@2.0.1(transitive)
+ Addedabbrev@2.0.0(transitive)
+ Addedagent-base@7.1.1(transitive)
+ Addedcacache@18.0.4(transitive)
+ Addedhosted-git-info@7.0.2(transitive)
+ Addedhttp-proxy-agent@7.0.2(transitive)
+ Addedhttps-proxy-agent@7.0.5(transitive)
+ Addedini@4.1.3(transitive)
+ Addedisexe@3.1.1(transitive)
+ Addedmake-fetch-happen@13.0.1(transitive)
+ Addedminipass-collect@2.0.1(transitive)
+ Addednode-gyp@10.2.0(transitive)
+ Addednopt@7.2.1(transitive)
+ Addednormalize-package-data@6.0.2(transitive)
+ Addednpm-package-arg@11.0.3(transitive)
+ Addednpm-packlist@8.0.2(transitive)
+ Addednpm-pick-manifest@9.1.0(transitive)
+ Addednpm-registry-fetch@16.2.1(transitive)
+ Addedpacote@17.0.7(transitive)
+ Addedproc-log@4.2.0(transitive)
+ Addedread-package-json@7.0.1(transitive)
+ Addedsigstore@2.3.1(transitive)
+ Addedsocks-proxy-agent@8.0.4(transitive)
+ Addedtuf-js@2.2.1(transitive)
+ Addedwhich@4.0.0(transitive)
- Removed@gar/promisify@1.1.3(transitive)
- Removed@npmcli/fs@2.1.2(transitive)
- Removed@npmcli/git@4.1.0(transitive)
- Removed@npmcli/move-file@2.0.1(transitive)
- Removed@npmcli/promise-spawn@6.0.2(transitive)
- Removed@npmcli/run-script@6.0.2(transitive)
- Removed@sigstore/bundle@1.1.0(transitive)
- Removed@sigstore/protobuf-specs@0.2.1(transitive)
- Removed@sigstore/sign@1.0.0(transitive)
- Removed@sigstore/tuf@1.0.3(transitive)
- Removed@tootallnate/once@2.0.0(transitive)
- Removed@tufjs/canonical-json@1.0.0(transitive)
- Removed@tufjs/models@1.0.4(transitive)
- Removedabbrev@1.1.1(transitive)
- Removedagent-base@6.0.2(transitive)
- Removedagentkeepalive@4.5.0(transitive)
- Removedaproba@2.0.0(transitive)
- Removedare-we-there-yet@3.0.1(transitive)
- Removedbrace-expansion@1.1.11(transitive)
- Removedcacache@16.1.317.1.4(transitive)
- Removedcolor-support@1.1.3(transitive)
- Removedconcat-map@0.0.1(transitive)
- Removedconsole-control-strings@1.1.0(transitive)
- Removeddelegates@1.0.0(transitive)
- Removedfs.realpath@1.0.0(transitive)
- Removedfunction-bind@1.1.2(transitive)
- Removedgauge@4.0.4(transitive)
- Removedglob@7.2.38.1.0(transitive)
- Removedhas-unicode@2.0.1(transitive)
- Removedhasown@2.0.2(transitive)
- Removedhosted-git-info@6.1.1(transitive)
- Removedhttp-proxy-agent@5.0.0(transitive)
- Removedhttps-proxy-agent@5.0.1(transitive)
- Removedhumanize-ms@1.2.1(transitive)
- Removedinfer-owner@1.0.4(transitive)
- Removedinflight@1.0.6(transitive)
- Removedinherits@2.0.4(transitive)
- Removedis-core-module@2.15.1(transitive)
- Removedlru-cache@7.18.3(transitive)
- Removedmake-fetch-happen@10.2.111.1.1(transitive)
- Removedminimatch@3.1.25.1.6(transitive)
- Removedminipass-collect@1.0.2(transitive)
- Removedminipass-fetch@2.1.2(transitive)
- Removednode-gyp@9.4.1(transitive)
- Removednopt@6.0.0(transitive)
- Removednormalize-package-data@5.0.0(transitive)
- Removednpm-package-arg@10.1.0(transitive)
- Removednpm-packlist@7.0.4(transitive)
- Removednpm-pick-manifest@8.0.2(transitive)
- Removednpm-registry-fetch@14.0.5(transitive)
- Removednpmlog@6.0.2(transitive)
- Removedonce@1.4.0(transitive)
- Removedpacote@15.2.0(transitive)
- Removedpath-is-absolute@1.0.1(transitive)
- Removedproc-log@3.0.0(transitive)
- Removedread-package-json@6.0.4(transitive)
- Removedreadable-stream@3.6.2(transitive)
- Removedrimraf@3.0.2(transitive)
- Removedsafe-buffer@5.2.1(transitive)
- Removedset-blocking@2.0.0(transitive)
- Removedsignal-exit@3.0.7(transitive)
- Removedsigstore@1.9.0(transitive)
- Removedsocks-proxy-agent@7.0.0(transitive)
- Removedssri@9.0.1(transitive)
- Removedstring_decoder@1.3.0(transitive)
- Removedtuf-js@1.1.7(transitive)
- Removedunique-filename@2.0.1(transitive)
- Removedunique-slug@3.0.0(transitive)
- Removedutil-deprecate@1.0.2(transitive)
- Removedwhich@3.0.1(transitive)
- Removedwide-align@1.1.5(transitive)
- Removedwrappy@1.0.2(transitive)
Updatedhosted-git-info@^7.0.0
Updatedlru-cache@^10.0.1
Updatedpacote@^17.0.2
Updatedsemver@^7.5.4