taze - npm Package Compare versions
Comparing version 0.5.0 to 0.6.0
@@ -19,3 +19,3 @@ import semver from 'semver'; | ||
| interface ResolvedDependencies extends RawDependency { | ||
| latestVersionAvaliable?: string; | ||
| latestVersionAvailable?: string; | ||
| targetVersion: string; | ||
@@ -22,0 +22,0 @@ targetVersionTime?: string; |
| { | ||
| "name": "taze", | ||
| "version": "0.5.0", | ||
| "version": "0.6.0", | ||
| "type": "module", | ||
| "packageManager": "pnpm@7.0.0", | ||
| "description": "A modern cli tool that keeps your deps fresh", | ||
@@ -11,4 +13,4 @@ "license": "MIT", | ||
| "funding": "https://github.com/sponsors/antfu", | ||
| "main": "dist/index.js", | ||
| "module": "dist/esm/index.js", | ||
| "main": "dist/index.mjs", | ||
| "module": "dist/index.mjs", | ||
| "types": "dist/index.d.ts", | ||
@@ -19,3 +21,3 @@ "files": [ | ||
| "bin": { | ||
| "taze": "bin/taze.js" | ||
| "taze": "bin/taze.mjs" | ||
| }, | ||
@@ -27,16 +29,42 @@ "bugs": { | ||
| "dependencies": { | ||
| "@antfu/ni": "^0.13.2", | ||
| "cli-progress": "^3.10.0", | ||
| "debug": "^4.3.3", | ||
| "@antfu/ni": "^0.16.2", | ||
| "libnpmconfig": "^1.2.1", | ||
| "pacote": "^13", | ||
| "semver": "^7.3.7", | ||
| "yargs": "^17.4.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@antfu/eslint-config": "^0.22.0", | ||
| "@types/cli-progress": "^3.9.2", | ||
| "@types/debug": "^4.1.7", | ||
| "@types/node": "^17.0.31", | ||
| "@types/pacote": "^11.1.3", | ||
| "@types/semver": "^7.3.9", | ||
| "@types/yargs": "^17.0.10", | ||
| "bumpp": "^7.1.1", | ||
| "cli-progress": "^3.11.0", | ||
| "cross-env": "^7.0.3", | ||
| "debug": "^4.3.4", | ||
| "deepmerge": "^4.2.2", | ||
| "execa": "^5.0.0", | ||
| "eslint": "^8.14.0", | ||
| "esmo": "^0.14.1", | ||
| "fast-glob": "^3.2.11", | ||
| "find-up": "^5.0.0", | ||
| "libnpmconfig": "^1.2.1", | ||
| "pacote": "^11", | ||
| "find-up": "^6.3.0", | ||
| "picocolors": "^1.0.0", | ||
| "semver": "^7.3.5", | ||
| "yargs": "^17.3.1" | ||
| "rimraf": "^3.0.2", | ||
| "typescript": "^4.6.4", | ||
| "unbuild": "^0.7.4", | ||
| "vitest": "^0.10.0" | ||
| }, | ||
| "readme": "<h1 align=\"center\">🥦 Taze <sup>𝚊𝚕𝚙𝚑𝚊</sup></h1>\n<p align=\"center\"><sup>(/ta:zei/, <em>fresh</em> in Turkish)</sup></p>\n<p align=\"center\">A modern cli tool that keeps your deps fresh</p>\n\n<pre align=\"center\">npx <b>taze</b></pre>\n\n<p align=\"center\">or recursively for <b>monorepos</b></p>\n\n<pre align=\"center\">npx taze <b>-r</b></pre>\n\n<p align='center'>\n<img src='./screenshots/r-major.png' width='600'/>\n</p>\n\n## Features\n\n- Built-in support for monorepos\n- No installation required - `npx taze`\n- Safe by default - updates in the version range your allowed\n\n## Usage\n\nBy default, `taze` will only bump versions in the ranges you specified in package.json *(which is safe and the default behavior of `npm install`)*\n\n<p align='center'>\n<img src='./screenshots/default.png' width='600'/>\n</p>\n\nTo ignore the ranges, if you explicitly set the maximum allowenace version changes. \n\nFor example `taze major` will check all changes and bump to the lastest stable changes including majors(breaking changes), or `taze minor` that bump to lastest minor changes within the same major version.\n\n<br>\n<p align='center'>\nCheck for <b>major</b> updates\n<br>\n<img src='./screenshots/major.png' width='600'/>\n</p>\n\n\n<p align='center'>\nCheck up to <b>minor</b> updates\n<br>\n<img src='./screenshots/minor.png' width='600'/>\n</p>\n\n<p align='center'>\nCheck up to <b>patch</b> updates\n<br>\n<img src='./screenshots/patch.png' width='600'/>\n</p>\n\n\n### Monorepo\n\n`taze` has the built-in first-class monorepo support. Simply adding `-r`, it will scan the subdirectories that contains `package.json` and update them together. It will handles in local private packages automatically.\n\n<p align='center'>\n<img src='./screenshots/r-default.png' width='600'/>\n</p>\n\n## Configures\n\nSee `taze --help` for more details\n\n### Filters\n\nYou can filter out packages you want to check for upgrades by `--include` or `--exclude`, they accept string and regex, separate by command(,).\n\n```bash\ntaze --include lodash,webpack\ntaze --include /react/ --exclude react-dom # regex is also supported\n```\n\n## Programmatic APIs\n\n> TODO:\n\n## Alternatives\n\n`taze` is inspired from the following tools.\n\n- [npm-check-updates](https://github.com/raineorshine/npm-check-updates)\n- [npm-check](https://github.com/dylang/npm-check)\n\nThey work well but have different focuses and feature sets, try them out as well :)\n\n## Thanks\n\nGreat thanks to [@sinoon](https://github.com/sinoon) who helped a lot on having idea brainstroming and feedback discussion. \n\n## License\n\nMIT License © 2020 [Anthony Fu](https://github.com/antfu)\n" | ||
| "eslintConfig": { | ||
| "extends": "@antfu/eslint-config" | ||
| }, | ||
| "scripts": { | ||
| "preinstall": "npx only-allow pnpm", | ||
| "lint": "eslint .", | ||
| "dev": "cross-env DEBUG=taze:* esmo ./src/cli.ts", | ||
| "build": "unbuild", | ||
| "release": "bumpp --commit --tag --push && pnpm publish --no-git-checks", | ||
| "test": "vitest" | ||
| } | ||
| } |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
New alerts
Install scripts
Supply chain riskInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Fixed alerts
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by234.77%
298115
- Dependency count
- decreased by-58.33%
5
- Lines of code
- increased by269.62%
8893
- Is type module
Yes
Worsened metrics
- Dev dependency count
- increased byInfinity%
21
- Number of package files
- decreased by-18.18%
9
- Number of high supply chain risk alerts
- increased byInfinity%
1
- Number of low supply chain risk alerts
- increased by27.27%
14
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Added@antfu/ni@0.16.3(transitive)
+ Added@npmcli/fs@2.1.2(transitive)
+ Added@npmcli/git@3.0.2(transitive)
+ Added@npmcli/move-file@2.0.1(transitive)
+ Added@npmcli/node-gyp@2.0.0(transitive)
+ Added@npmcli/promise-spawn@3.0.0(transitive)
+ Added@npmcli/run-script@4.2.1(transitive)
+ Added@tootallnate/once@2.0.0(transitive)
+ Addedaproba@2.0.0(transitive)
+ Addedare-we-there-yet@3.0.1(transitive)
+ Addedbrace-expansion@2.0.1(transitive)
+ Addedbuiltins@5.1.0(transitive)
+ Addedcacache@16.1.3(transitive)
+ Addedcolor-support@1.1.3(transitive)
+ Addedexponential-backoff@3.1.2(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedgauge@4.0.4(transitive)
+ Addedglob@8.1.0(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedhosted-git-info@5.2.1(transitive)
+ Addedhttp-proxy-agent@5.0.0(transitive)
+ Addedignore-walk@5.0.1(transitive)
+ Addedis-core-module@2.16.1(transitive)
+ Addedlru-cache@7.18.3(transitive)
+ Addedmake-fetch-happen@10.2.1(transitive)
+ Addedminimatch@5.1.6(transitive)
+ Addedminipass-fetch@2.1.2(transitive)
+ Addednode-gyp@9.4.1(transitive)
+ Addednopt@6.0.0(transitive)
+ Addednormalize-package-data@4.0.1(transitive)
+ Addednpm-bundled@2.0.1(transitive)
+ Addednpm-install-checks@5.0.0(transitive)
+ Addednpm-normalize-package-bin@2.0.0(transitive)
+ Addednpm-package-arg@9.1.2(transitive)
+ Addednpm-packlist@5.1.3(transitive)
+ Addednpm-pick-manifest@7.0.2(transitive)
+ Addednpm-registry-fetch@13.3.1(transitive)
+ Addednpmlog@6.0.2(transitive)
+ Addedpacote@13.6.2(transitive)
+ Addedproc-log@2.0.1(transitive)
+ Addedread-package-json@5.0.2(transitive)
+ Addedreadable-stream@3.6.2(transitive)
+ Addedsafe-buffer@5.2.1(transitive)
+ Addedsocks-proxy-agent@7.0.0(transitive)
+ Addedspdx-correct@3.2.0(transitive)
+ Addedspdx-exceptions@2.5.0(transitive)
+ Addedspdx-expression-parse@3.0.1(transitive)
+ Addedspdx-license-ids@3.0.21(transitive)
+ Addedssri@9.0.1(transitive)
+ Addedstring_decoder@1.3.0(transitive)
+ Addedunique-filename@2.0.1(transitive)
+ Addedunique-slug@3.0.0(transitive)
+ Addedvalidate-npm-package-license@3.0.4(transitive)
+ Addedvalidate-npm-package-name@4.0.0(transitive)
- Removedcli-progress@^3.10.0
- Removeddebug@^4.3.3
- Removeddeepmerge@^4.2.2
- Removedexeca@^5.0.0
- Removedfast-glob@^3.2.11
- Removedfind-up@^5.0.0
- Removedpicocolors@^1.0.0
- Removed@antfu/ni@0.13.2(transitive)
- Removed@nodelib/fs.scandir@2.1.5(transitive)
- Removed@nodelib/fs.stat@2.0.5(transitive)
- Removed@nodelib/fs.walk@1.2.8(transitive)
- Removed@npmcli/fs@1.1.1(transitive)
- Removed@npmcli/git@2.1.0(transitive)
- Removed@npmcli/move-file@1.1.2(transitive)
- Removed@npmcli/node-gyp@1.0.3(transitive)
- Removed@npmcli/promise-spawn@1.3.2(transitive)
- Removed@npmcli/run-script@1.8.6(transitive)
- Removed@tootallnate/once@1.1.2(transitive)
- Removedajv@6.12.6(transitive)
- Removedansi-regex@2.1.1(transitive)
- Removedaproba@1.2.0(transitive)
- Removedare-we-there-yet@1.1.7(transitive)
- Removedasn1@0.2.6(transitive)
- Removedassert-plus@1.0.0(transitive)
- Removedasynckit@0.4.0(transitive)
- Removedaws-sign2@0.7.0(transitive)
- Removedaws4@1.13.2(transitive)
- Removedbcrypt-pbkdf@1.0.2(transitive)
- Removedbraces@3.0.3(transitive)
- Removedbuiltins@1.0.3(transitive)
- Removedcacache@15.3.0(transitive)
- Removedcaseless@0.12.0(transitive)
- Removedcli-progress@3.12.0(transitive)
- Removedcode-point-at@1.1.0(transitive)
- Removedcombined-stream@1.0.8(transitive)
- Removedcore-util-is@1.0.21.0.3(transitive)
- Removedcross-spawn@7.0.6(transitive)
- Removeddashdash@1.14.1(transitive)
- Removeddeepmerge@4.3.1(transitive)
- Removeddelayed-stream@1.0.0(transitive)
- Removedecc-jsbn@0.1.2(transitive)
- Removedexeca@5.1.1(transitive)
- Removedextend@3.0.2(transitive)
- Removedextsprintf@1.3.0(transitive)
- Removedfast-deep-equal@3.1.3(transitive)
- Removedfast-glob@3.3.3(transitive)
- Removedfast-json-stable-stringify@2.1.0(transitive)
- Removedfastq@1.19.1(transitive)
- Removedfill-range@7.1.1(transitive)
- Removedfind-up@5.0.0(transitive)
- Removedforever-agent@0.6.1(transitive)
- Removedform-data@2.3.3(transitive)
- Removedgauge@2.7.4(transitive)
- Removedget-stream@6.0.1(transitive)
- Removedgetpass@0.1.7(transitive)
- Removedglob-parent@5.1.2(transitive)
- Removedhar-schema@2.0.0(transitive)
- Removedhar-validator@5.1.5(transitive)
- Removedhosted-git-info@4.1.0(transitive)
- Removedhttp-proxy-agent@4.0.1(transitive)
- Removedhttp-signature@1.2.0(transitive)
- Removedhuman-signals@2.1.0(transitive)
- Removedignore-walk@3.0.4(transitive)
- Removedis-extglob@2.1.1(transitive)
- Removedis-fullwidth-code-point@1.0.0(transitive)
- Removedis-glob@4.0.3(transitive)
- Removedis-number@7.0.0(transitive)
- Removedis-stream@2.0.1(transitive)
- Removedis-typedarray@1.0.0(transitive)
- Removedisarray@1.0.0(transitive)
- Removedisstream@0.1.2(transitive)
- Removedjsbn@0.1.1(transitive)
- Removedjson-schema@0.4.0(transitive)
- Removedjson-schema-traverse@0.4.1(transitive)
- Removedjson-stringify-safe@5.0.1(transitive)
- Removedjsprim@1.4.2(transitive)
- Removedlocate-path@6.0.0(transitive)
- Removedlru-cache@6.0.0(transitive)
- Removedmake-fetch-happen@9.1.0(transitive)
- Removedmerge-stream@2.0.0(transitive)
- Removedmerge2@1.4.1(transitive)
- Removedmicromatch@4.0.8(transitive)
- Removedmime-db@1.52.0(transitive)
- Removedmime-types@2.1.35(transitive)
- Removedmimic-fn@2.1.0(transitive)
- Removedminipass-fetch@1.4.1(transitive)
- Removednode-gyp@7.1.2(transitive)
- Removednopt@5.0.0(transitive)
- Removednpm-install-checks@4.0.0(transitive)
- Removednpm-package-arg@8.1.5(transitive)
- Removednpm-packlist@2.2.2(transitive)
- Removednpm-pick-manifest@6.1.1(transitive)
- Removednpm-registry-fetch@11.0.0(transitive)
- Removednpm-run-path@4.0.1(transitive)
- Removednpmlog@4.1.2(transitive)
- Removednumber-is-nan@1.0.1(transitive)
- Removedoauth-sign@0.9.0(transitive)
- Removedobject-assign@4.1.1(transitive)
- Removedonetime@5.1.2(transitive)
- Removedp-limit@3.1.0(transitive)
- Removedp-locate@5.0.0(transitive)
- Removedpacote@11.3.5(transitive)
- Removedpath-exists@4.0.0(transitive)
- Removedpath-key@3.1.1(transitive)
- Removedperformance-now@2.1.0(transitive)
- Removedpicocolors@1.1.1(transitive)
- Removedpicomatch@2.3.1(transitive)
- Removedprocess-nextick-args@2.0.1(transitive)
- Removedpsl@1.15.0(transitive)
- Removedpunycode@2.3.1(transitive)
- Removedqs@6.5.3(transitive)
- Removedqueue-microtask@1.2.3(transitive)
- Removedreadable-stream@2.3.8(transitive)
- Removedrequest@2.88.2(transitive)
- Removedreusify@1.1.0(transitive)
- Removedrun-parallel@1.2.0(transitive)
- Removedsafe-buffer@5.1.2(transitive)
- Removedshebang-command@2.0.0(transitive)
- Removedshebang-regex@3.0.0(transitive)
- Removedsocks-proxy-agent@6.2.1(transitive)
- Removedsshpk@1.18.0(transitive)
- Removedssri@8.0.1(transitive)
- Removedstring-width@1.0.2(transitive)
- Removedstring_decoder@1.1.1(transitive)
- Removedstrip-ansi@3.0.1(transitive)
- Removedstrip-final-newline@2.0.0(transitive)
- Removedto-regex-range@5.0.1(transitive)
- Removedtough-cookie@2.5.0(transitive)
- Removedtunnel-agent@0.6.0(transitive)
- Removedtweetnacl@0.14.5(transitive)
- Removedunique-filename@1.1.1(transitive)
- Removedunique-slug@2.0.2(transitive)
- Removeduri-js@4.4.1(transitive)
- Removeduuid@3.4.0(transitive)
- Removedvalidate-npm-package-name@3.0.0(transitive)
- Removedverror@1.10.0(transitive)
- Removedyocto-queue@0.1.0(transitive)
Updated@antfu/ni@^0.16.2
Updatedpacote@^13
Updatedsemver@^7.3.7
Updatedyargs@^17.4.1