Socket
Socket
Sign inDemoInstall

npm-check-updates

Package Overview
Dependencies
Maintainers
2
Versions
470
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

npm-check-updates - npm Package Compare versions

Comparing version 2.10.3 to 2.10.4

253

lib/npm-check-updates.js

@@ -80,10 +80,2 @@ var options = {};

function getVersionTarget(opt) {
var o = opt || options;
return o.semverLevel ? o.semverLevel :
o.newest ? 'newest' :
o.greatest ? 'greatest' :
'latest';
}
function createDependencyTable() {

@@ -112,2 +104,22 @@ return new Table({

/**
* @param args.from
* @param args.to
* @param options.greatest
*/
function toDependencyTable(args) {
options = options || {};
var table = createDependencyTable();
var rows = Object.keys(args.to).map(function (dep) {
var from = args.from[dep] || '';
var to = versionUtil.colorizeDiff(args.to[dep] || '', args.from[dep]);
return [dep, from, '→', to];
});
rows.forEach(function (row) {
table.push(row);
});
return table;
}
var readPackageFile = cint.partialAt(fs.readFileAsync, 1, 'utf8');

@@ -120,25 +132,9 @@ var writePackageFile = fs.writeFileAsync;

function upgradePackageDefinitions(currentDependencies) {
var versionTarget = getVersionTarget(options);
print('Fetching ' + versionTarget + ' versions...', 'verbose');
function analyzeGlobalPackages() {
return vm.getLatestVersions(currentDependencies, {
versionTarget: versionTarget,
registry: options.registry ? options.registry : null
}).then(function (latestVersions) {
if (options.global && options.upgrade) {
programError(chalk.blue('ncu') + ' cannot upgrade global packages. Run ' + chalk.blue('npm install -g [package]') +
' to update a global package');
}
var upgradedDependencies = vm.upgradeDependencies(currentDependencies, latestVersions, {
removeRange: options.removeRange
});
var filteredUpgradedDependencies = _.pickBy(upgradedDependencies, function (v, dep) {
return !options.jsonUpgraded || options.upgradeAll || !vm.isSatisfied(latestVersions[dep], currentDependencies[dep]);
});
return [filteredUpgradedDependencies, latestVersions];
});
}
function analyzeGlobalPackages() {
print('Getting installed packages...', 'verbose');

@@ -153,4 +149,5 @@

print('', 'silly');
print('Fetching ' + vm.getVersionTarget(options) + ' versions...', 'verbose');
return upgradePackageDefinitions(globalPackages)
return vm.upgradePackageDefinitions(globalPackages, options)
.spread(function (upgraded, latest) {

@@ -188,2 +185,3 @@

print('Getting installed packages...', 'verbose');
print('Fetching ' + vm.getVersionTarget(options) + ' versions...', 'verbose');

@@ -193,4 +191,6 @@ return Promise.all([

// only search for installed dependencies if a pkgFile is specified
pkgFile ? vm.getInstalledPackages({cwd: options.packageFileDir ? path.dirname(path.resolve(pkgFile)) : null}) : Promise.resolve(),
upgradePackageDefinitions(current)
pkgFile ? vm.getInstalledPackages({
cwd: options.packageFileDir ? path.dirname(path.resolve(pkgFile)) : null
}) : Promise.resolve(),
vm.upgradePackageDefinitions(current, options)
])

@@ -206,4 +206,4 @@ .spread(function (current, installed, upgradedAndLatest) {

if (options.json) {
newPkgData = vm.updatePackageData(pkgData, current, upgraded, latest, options);
// don't need try-catch here because pkgData has already been parsed as valid JSON, and vm.updatePackageData simply does a find-and-replace on that
newPkgData = vm.upgradePackageData(pkgData, current, upgraded, latest, options);
// don't need try-catch here because pkgData has already been parsed as valid JSON, and vm.upgradePackageData simply does a find-and-replace on that
output = options.jsonAll ? jph.parse(newPkgData) :

@@ -231,22 +231,2 @@ options.jsonDeps ?

/**
* @param args.from
* @param args.to
* @param options.greatest
*/
function toDependencyTable(args) {
options = options || {};
var table = createDependencyTable();
var rows = Object.keys(args.to).map(function (dep) {
var from = args.from[dep] || '';
var to = versionUtil.colorizeDiff(args.to[dep] || '', args.from[dep]);
return [dep, from, '→', to];
});
rows.forEach(function (row) {
table.push(row);
});
return table;
}
// TODO: printUpgrades and analyzeProjectDependencies need to be refactored. They are tightly coupled and monolithic.

@@ -286,3 +266,3 @@ /**

} else {
print('All dependencies match the ' + getVersionTarget(options) + ' package versions ' +
print('All dependencies match the ' + vm.getVersionTarget(options) + ' package versions ' +
smiley);

@@ -323,3 +303,3 @@ }

} else if (args.isUpgrade) {
var newPkgData = vm.updatePackageData(args.pkgData, args.current, args.upgraded, args.latest, options);
var newPkgData = vm.upgradePackageData(args.pkgData, args.current, args.upgraded, args.latest, options);
writePackageFile(args.pkgFile, newPkgData)

@@ -342,37 +322,29 @@ .then(function () {

function programInit() {
/** Initializes and consolidates options from the cli. */
function initOptions(options) {
// 'upgradeAll' is a type of an upgrade so if it's set, we set 'upgrade' as well
options.upgrade = options.upgrade || options.upgradeAll;
if (options.global && options.upgrade) {
programError(chalk.blue('ncu') + ' cannot upgrade global packages. Run ' + chalk.blue('npm install -g [package]') +
' to update a global package');
}
// add shortcut for any keys that start with 'json'
options.json = _(options)
.keys()
.filter(_.partial(_.startsWith, _, 'json', 0))
.some(_.propertyOf(options));
// convert silent option to loglevel silent
if (options.silent) {
options.loglevel = 'silent';
}
return Object.assign({}, options, {
// 'upgradeAll' is a type of an upgrade so if it's set, we set 'upgrade' as well
upgrade: options.upgrade || options.upgradeAll,
// convert silent option to loglevel silent
loglevel: options.silent ? 'silent' : options.loglevel,
// add shortcut for any keys that start with 'json'
json: _(options)
.keys()
.filter(_.partial(_.startsWith, _, 'json', 0))
.some(_.propertyOf(options))
});
}
function programRun() {
programInit();
return options.global ? programRunGlobal() : programRunLocal();
}
/** Finds the package file and data.
@returns Promise [pkgFile, pkgData]
function programRunGlobal() {
Searches as follows:
--packageData flag
--packageFile flag
--stdin
--findUp
*/
function findPackage() {
print('Running in global mode...', 'verbose');
return analyzeGlobalPackages();
}
function programRunLocal() {
var pkgData;

@@ -387,2 +359,41 @@ var pkgFile;

/*
// if pkgFile was set, make sure it exists and read it into pkgData
if (pkgFile) {
// print a message if we are using a descendant package file
var relPathToPackage = path.resolve(pkgFile);
if (relPathToPackage !== pkgFileName) {
print('Using ' + relPathToPackage);
}
if (!fs.existsSync(pkgFile)) {
programError(chalk.red(relPathToPackage + ' not found'));
}
pkgData = readPackageFile(pkgFile, null, false);
}
// no package data!
if (!pkgData) {
}
return pkgData.then(_.partial(analyzeProjectDependencies, _, pkgFile));
*/
function getPackageDataFromFile(pkgFile, pkgFileName) {
// exit if no pkgFile to read from fs
if (pkgFile !== null) {
// print a message if we are using a descendant package file
var relPathToPackage = path.resolve(pkgFile);
if (relPathToPackage !== pkgFileName) {
print('Using ' + relPathToPackage);
}
} else {
programError(chalk.red('No ' + pkgFileName) + '\n\nPlease add a ' + pkgFileName + ' to the current directory, specify the ' + chalk.blue('--packageFile') + ' or ' + chalk.blue('--packageData') + ' options, or pipe a ' + pkgFileName + ' to stdin.');
}
return readPackageFile(pkgFile);
}
// get the package data from the various input possibilities

@@ -422,48 +433,44 @@ if (options.packageData) {

return pkgData.then(function (_pkgData) {
return analyzeProjectDependencies(_pkgData, pkgFile);
});
return Promise.all([pkgData, pkgFile]);
}
function getPackageDataFromFile(pkgFile, pkgFileName) {
// print a message if we are using a descendant package file
var relPathToPackage = path.resolve(pkgFile);
if (relPathToPackage !== pkgFileName) {
print('Using ' + relPathToPackage);
/** main entry point */
function run(opts) {
options = opts || {};
// if not executed on the command-line (i.e. executed as a node module), set some defaults
if (!options.cli) {
_.defaults(options, {
// if they want to modify the package file, we must disable jsonUpgraded
// otherwise the write operation will not happen
jsonUpgraded: !options.upgrade,
// should not suggest upgrades to versions within the specified version range if upgradeAll is explicitly set to false. Will become the default in the next major version.
upgradeAll: options.upgradeAll === undefined ? true : options.upgradeAll,
loglevel: 'silent',
args: []
});
}
if (!fs.existsSync(pkgFile)) {
programError(chalk.red(relPathToPackage + ' not found'));
}
return readPackageFile(pkgFile);
}
// get filter from arguments
options.filter = options.args.join(' ') || options.filter;
module.exports = _.merge({
run: function (opts) {
options = opts || {};
print('Initializing...', 'verbose');
// if not executed on the command-line (i.e. executed as a node module), set some defaults
if (!options.cli) {
_.defaults(options, {
// if they want to modify the package file, we must disable jsonUpgraded
// otherwise the write operation will not happen
jsonUpgraded: !options.upgrade,
// should not suggest upgrades to versions within the specified version range if upgradeAll is explicitly set to false. Will become the default in the next major version.
upgradeAll: options.upgradeAll === undefined ? true : options.upgradeAll,
loglevel: 'silent',
args: []
});
}
return vm.initialize({
global: options.global,
packageManager: options.packageManager,
registry: options.registry
})
.then(function () {
// get filter from arguments
options.filter = options.args.join(' ') || options.filter;
options = initOptions(options);
print('Initializing...', 'verbose');
return options.global ?
analyzeGlobalPackages() :
findPackage().spread(analyzeProjectDependencies);
});
}
return vm.initialize({
global: options.global,
packageManager: options.packageManager,
registry: options.registry
}).then(programRun);
}
module.exports = Object.assign({
run: run
}, vm);

59

lib/versionmanager.js

@@ -215,2 +215,22 @@ var semver = require('semver');

function upgradePackageDefinitions(currentDependencies, options) {
var versionTarget = getVersionTarget(options);
return queryVersions(currentDependencies, {
versionTarget: versionTarget,
registry: options.registry ? options.registry : null
}).then(function (latestVersions) {
var upgradedDependencies = upgradeDependencies(currentDependencies, latestVersions, {
removeRange: options.removeRange
});
var filteredUpgradedDependencies = _.pickBy(upgradedDependencies, function (v, dep) {
return !options.jsonUpgraded || options.upgradeAll || !isSatisfied(latestVersions[dep], currentDependencies[dep]);
});
return [filteredUpgradedDependencies, latestVersions];
});
}
/**

@@ -224,3 +244,3 @@ * Upgrade the dependency declarations in the package data

*/
function updatePackageData(pkgData, oldDependencies, newDependencies, newVersions, options) {
function upgradePackageData(pkgData, oldDependencies, newDependencies, newVersions, options) {

@@ -242,3 +262,3 @@ options = options || {};

* Get the current dependencies from the package file
* @param pkg Object with dependencies, devDependencies, and/or optionalDependencies properties
* @param pkgData Object with dependencies, devDependencies, and/or optionalDependencies properties
* @param options.dev

@@ -250,5 +270,5 @@ * @param options.filter

*/
function getCurrentDependencies(pkg, options) {
function getCurrentDependencies(pkgData, options) {
pkg = pkg || {};
pkgData = pkgData || {};
options = options || {};

@@ -261,5 +281,5 @@

var allDependencies = cint.filterObject(_.merge({},
options.prod && pkg.dependencies,
options.dev && pkg.devDependencies,
options.optional && pkg.optionalDependencies
options.prod && pkgData.dependencies,
options.dev && pkgData.devDependencies,
options.optional && pkgData.optionalDependencies
), filterAndReject(options.filter, options.reject));

@@ -298,3 +318,3 @@

/**
* Get the latest or greatest versions from the NPM repository
* Get the latest or greatest versions from the NPM repository based on the version target
* @param packageMap an object whose keys are package name and values are current versions

@@ -304,3 +324,3 @@ * @param options Options. Default: { versionTarget: 'latest' }. You may also specify { versionTarge: 'greatest' }

*/
function getLatestVersions(packageMap, options) {
function queryVersions(packageMap, options) {

@@ -401,2 +421,9 @@ var getPackageVersion;

function getVersionTarget(options) {
return options.semverLevel ? options.semverLevel :
options.newest ? 'newest' :
options.greatest ? 'greatest' :
'latest';
}
/**

@@ -439,17 +466,19 @@ * Initialize the version manager with the given package manager.

upgradeDependencyDeclaration: upgradeDependencyDeclaration,
updatePackageData: updatePackageData,
upgradePackageData: upgradePackageData,
upgradePackageDefinitions: upgradePackageDefinitions,
getCurrentDependencies: getCurrentDependencies,
upgradeDependencies: upgradeDependencies,
getInstalledPackages: getInstalledPackages,
getLatestVersions: getLatestVersions,
queryVersions: queryVersions,
isUpgradeable: isUpgradeable,
isSatisfied: isSatisfied,
getPreferredWildcard: getPreferredWildcard,
getVersionTarget: getVersionTarget,
// deprecate in next major version
getLatestPackageVersion: function (pkg) {
return selectedPackageManager.latest(pkg);
getLatestPackageVersion: function (pkgData) {
return selectedPackageManager.latest(pkgData);
},
getGreatestPackageVersion: function (pkg) {
return selectedPackageManager.greatest(pkg);
getGreatestPackageVersion: function (pkgData) {
return selectedPackageManager.greatest(pkgData);
}
};

10

package.json
{
"name": "npm-check-updates",
"version": "2.10.3",
"version": "2.10.4",
"author": "Tomas Junnonen <tomas1@gmail.com>",

@@ -31,5 +31,5 @@ "license": "Apache-2.0",

"scripts": {
"lint": "eslint bin lib",
"lint": "eslint bin lib test",
"watch": "chokidar \"lib/**/*.js\" -c \"npm run test\"",
"test": "npm run lint && mocha && mocha test/individual"
"test": "npm run lint ; mocha && mocha test/individual"
},

@@ -65,2 +65,3 @@ "bin": {

"semver-utils": "^1.1.1",
"snyk": "^1.25.1",
"spawn-please": "^0.2.0",

@@ -76,3 +77,4 @@ "update-notifier": "^1.0.2"

"mocha": "^3.0.2",
"should": "^11.1.0"
"should": "^11.1.0",
"tmp": "0.0.31"
},

@@ -79,0 +81,0 @@ "files": [

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc