Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
update-check
Advanced tools
The update-check npm package is used to check for updates of a particular package. It is typically used in command-line applications to inform users when a new version of the application is available. The package provides a simple API to check a registry (like npm) for published updates.
Check for updates
This feature allows you to check if there is an update available for a given package. You provide the current package name and version, and it returns an object with the latest version if an update is available.
const updateCheck = require('update-check');
(async () => {
let update = await updateCheck({name: 'your-package-name', version: 'current-version'});
if (update) {
console.log(`Update available: ${update.latest}`);
}
})();
Custom registry
This feature allows you to specify a custom registry URL to check for updates, which can be useful if you are using a private registry or a registry other than npm.
const updateCheck = require('update-check');
(async () => {
let update = await updateCheck({name: 'your-package-name', version: 'current-version'}, {registryUrl: 'https://custom-registry.com'});
if (update) {
console.log(`Update available from custom registry: ${update.latest}`);
}
})();
Dist-tag
This feature allows you to check for updates under a specific distribution tag. This is useful when you want to check for updates that are not necessarily the 'latest' according to semver, but are tagged differently, like 'beta' or 'next'.
const updateCheck = require('update-check');
(async () => {
let update = await updateCheck({name: 'your-package-name', version: 'current-version', distTag: 'next'});
if (update) {
console.log(`Update available on dist-tag 'next': ${update.latest}`);
}
})();
Similar to update-check, check-update allows you to check for package updates. It provides a simple API and can be used in a similar way to update-check. The main difference may lie in the API design and additional options provided.
npm-check is a utility that checks for outdated, incorrect, and unused dependencies. It is more comprehensive than update-check as it not only checks for updates but also analyzes the status of dependencies used in a project.
npm-check-updates upgrades your package.json dependencies to the latest versions, ignoring specified versions. It goes beyond the functionality of update-check by not only checking for updates but also upgrading the dependencies in your package.json file.
This is a very minimal approach to update checking for globally installed packages.
Because it's so simple, the error surface is very tiny and your user's are guaranteed to receive the update message if there's a new version.
You can read more about the reasoning behind this project here.
Firstly, install the package with yarn...
yarn add update-check
...or npm:
npm install update-check
Next, initialize it.
If there's a new update available, the package will return the content of latest version's package.json
file:
const pkg = require('./package')
const checkForUpdate = require('update-check')
const update = await checkForUpdate(pkg)
if (update) {
console.log(`The latest version is ${update.latest}. Please update!`)
}
That's it! You're done.
If you want, you can also pass options to customize the package's behavior:
const pkg = require('./package')
const checkForUpdate = require('update-check')
const update = await checkForUpdate(pkg, {
interval: 3600000, // For how long the latest version should be cached (default: 1 day)
distTag: 'canary' // A npm distribution tag to compare the version to (default: 'latest')
})
if (update) {
console.log(`The latest version is ${update.latest}. Please update!`)
}
npm link
npm link update-check
. Instead of the default one from npm, node will now use your clone.Leo Lamprecht (@notquiteleo) - ZEIT
FAQs
Minimalistic update notifications for command line interfaces
The npm package update-check receives a total of 1,343,452 weekly downloads. As such, update-check popularity was classified as popular.
We found that update-check demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.