npm-check-updates - npm Package Compare versions

Comparing version 1.5.1 to 2.0.0-alpha1

lib/npm-check-updates.js

@@ -14,8 +14,3 @@ var program = require('commander');
         var newPackageData = vm.updatePackageData(packageData, currentDependencies, upgradedDependencies);
-        writePackageFile(packageFile, newPackageData, function (error) {
-            if (error) {
-                return callback(error);
-            }
-            callback(null);
-        });
+        writePackageFile(packageFile, newPackageData, callback);
     });
@@ -123,3 +118,3 @@ }
     .option('-d, --dev', 'check only devDependencies')
-    .option('-f, --filter <packages>', 'list or regex of package names to search (all others will be ignored)')
+    .option('-f, --filter <packages>', 'list or regex of package names to search (all others will be ignored). Note: single quotes may be required to avoid inadvertant bash parsing.')
     .option('-g, --global', 'check global packages instead of in the current project')
@@ -126,0 +121,0 @@ .option('-p, --prod', 'check only dependencies (not devDependencies)')

lib/versionmanager.js

@@ -89,5 +89,6 @@ var npm = require('npm');
             var unconstrainedCurrentVersion = currentVersion.substr(getVersionConstraints(currentVersion).length, currentVersion.length);
-            var isLatestVersion = semver.satisfies(latestVersion, unconstrainedCurrentVersion);
+            var isLatest = semver.satisfies(latestVersion, unconstrainedCurrentVersion)
+            var isNewer = !semver.lte(latestVersion, unconstrainedCurrentVersion);
 
-            if (!isLatestVersion) {
+            if (!isLatest && isNewer) {
                 var upgradedDependencyString = upgradeDependencyDeclaration(currentVersion, latestVersion);
@@ -94,0 +95,0 @@ upgradedDependencies[dependency] = upgradedDependencyString;

package.json

 {
   "name": "npm-check-updates",
-  "version": "1.5.1",
+  "version": "2.0.0-alpha1",
   "author": "Tomas Junnonen <tomas1@gmail.com>",
@@ -19,6 +19,6 @@ "description": "Find newer versions of dependencies than what your package.json allows",
   ],
-  "preferglobal": true,
+  "preferGlobal": true,
   "main": "./lib/npm-check-updates",
   "scripts": {
-    "test": "mocha"
+    "test": "mocha -t 10000"
   },
@@ -25,0 +25,0 @@ "bin": {

README.md

@@ -60,4 +60,11 @@ npm-check-updates
 ```sh
-$ npm-check-updates -f mocha,should         # string
-$ npm-check-updates -f /^((?!gulp-).)*$/    # regex
+# match mocha and should packages exactly
+$ npm-check-updates -f mocha,should         
+
+# match packages that start with "gulp-" using regex
+$ npm-check-updates -f /^gulp-/             
+
+# match packages that do not start with "gulp-". Note: single quotes are required 
+# here to avoid inadvertant bash parsing
+$ npm-check-updates -f '/^(?!gulp-).*$/'    
 ```
@@ -70,3 +77,4 @@
     -f, --filter <packages>  list or regex of package names to search (all others
-                             will be ignored)
+                             will be ignored). Note: single quotes may be required 
+                             to avoid inadvertant bash parsing.
     -g, --global             check global packages instead of in the current project
@@ -73,0 +81,0 @@ -p, --prod               check only dependencies (not devDependencies)

test/testversionmanager.js

@@ -68,2 +68,11 @@ var should = require("should");
 
+    describe('upgradeDependencies', function() {
+        it('return upgraded dependencies object', function() {
+            vm.upgradeDependencies({ mongodb: '^1.4.29' }, { mongodb: '1.4.30' }).should.eql({ mongodb: '^1.4.30' });
+        })
+        it('do not downgrade', function() {
+            vm.upgradeDependencies({ mongodb: '^2.0.7' }, { mongodb: '1.4.30' }).should.eql({ });
+        })
+    });
+
     describe('getLatestVersions', function () {
@@ -70,0 +79,0 @@ it('valid single package', function (done) {

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

29810

increased by2.74%

Lines of code

544

increased by0.74%

Number of lines in readme file

133

increased by6.4%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Number of low quality alerts

1

increased byInfinity%

No dependency changes