Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
ci-npm-update
Advanced tools
Keep NPM dependencies up-to-date with CI, providing version-to-version diff for each library
This command keeps npm dependencies up-to-date by making pull-requests from CI.
For example: https://github.com/gfx/ci-npm-update/pull/13
This is inspired by circleci-bundle-update-pr.
npm install --save-dev ci-npm-update
This command is designed to be executed by CI nightly builds.
Set GITHUB_ACCESS_TOKEN
environment to make a pull-request to github repositories,
and set SSH keys to push to the repos from CI.
If the CI environment has no git configuration, also set GIT_USER_NAME
and GIT_USER_EMAIL
to commit patches in CI.
export GITHUB_ACCESS_TOKEN=...
export GIT_USER_NAME=gfx
export GIT_USER_EMAIL=gfx@users.noreply.github.com
By default, ci-npm-update
runs in dry-run mode. Set --execute
to make pull-requests.
ci-npm-update --execute
If you only run it in dry-run mode, no configuration is required:
# run in dry-run mode:
ci-npm-update
If you want to make pull-requests in your local machine, use GITHUB_ACCESS_TOKEN
:
# envchain is recommended
envchain --set github GITHUB_ACCESS_TOKEN
# run:
envchain github ci-npm-update --execute
In addition, --list
is provided to list dependencies with short descriptions, intended for sanity check in development.
ci-npm-update --list
Setup:
npm run setup
Easy test command in dry-run mode:
npm run build && envchain github node bin/ci-npm-update
If you want to setup heroku schedulers, there's a template for it:
To test it, run the following command:
heroku run './build-circleci'
Copyright (c) 2016 Bit Journey, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
v2.0.0 - 2017/07/11
package-lock.json
npm-shrinkwrap.json
is no longer supported, but you can easily migrate it to package-lock.json
@types/*
FAQs
Keep NPM dependencies up-to-date with CI, providing version-to-version diff for each library
The npm package ci-npm-update receives a total of 5 weekly downloads. As such, ci-npm-update popularity was classified as not popular.
We found that ci-npm-update demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
Security News
A Stanford study reveals 9.5% of engineers contribute almost nothing, costing tech $90B annually, with remote work fueling the rise of "ghost engineers."
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.