Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
update-notifier
Advanced tools
The update-notifier npm package is used to inform users when a newer version of a particular npm package is available. It is particularly useful for CLI tools to notify users to update to the latest version.
Basic Usage
This feature allows you to set up a basic notifier that checks for updates to the package specified in the package.json file. If an update is available, it will notify the user.
const updateNotifier = require('update-notifier');
const pkg = require('./package.json');
const notifier = updateNotifier({ pkg });
if (notifier.update) {
notifier.notify();
}
Custom Message
This feature allows you to customize the message that is displayed to the user when an update is available.
const updateNotifier = require('update-notifier');
const pkg = require('./package.json');
const notifier = updateNotifier({ pkg });
if (notifier.update) {
notifier.notify({
message: 'Update available: ' + notifier.update.latest + '. Run `npm install -g ' + pkg.name + '` to update.'
});
}
Check Interval
This feature allows you to set the interval at which the update check is performed. In this example, the check is performed once every 24 hours.
const updateNotifier = require('update-notifier');
const pkg = require('./package.json');
const notifier = updateNotifier({ pkg, updateCheckInterval: 1000 * 60 * 60 * 24 }); // 1 day
if (notifier.update) {
notifier.notify();
}
npm-check is a tool that checks for outdated, incorrect, and unused dependencies. It provides a more comprehensive check compared to update-notifier, as it can also identify unused packages and incorrect versions.
npm-outdated is a built-in npm command that checks for outdated packages. It provides a list of all outdated packages in a project, making it more suitable for project-wide updates rather than individual package notifications.
Inform users of your package about updates in a non-intrusive way. Mainly targets global CLI apps.
Whenever you initiate the update notifier and it's not inside the interval threshold it will asynchronously check with NPM if there's an available update and then persist the result. The next time the notifier is initiated the result will be loaded into the .update
property. It shouldn't have any impact on your package startup performance.
var updateNotifier = require('update-notifier');
// Checks for available update and returns an instance
var notifier = updateNotifier();
if (notifier.update) {
// Notify using the built-in convenience method
notifier.notify();
}
// `notifier.update` contains some useful info about the update
console.log(notifier.update);
/*
{
latest: '0.9.5',
current: '0.9.3',
type: 'patch', // possible values: latest, major, minor, patch
date: '2012-11-05T14:32:37.603Z',
name: 'yeoman',
error: null // contains any encountered error
}
*/
var notifier = updateNotifier({
updateCheckInterval: 1000 * 60 * 60 * 24 * 7 // 1 week
});
if (notifier.update) {
notifier.notify('Update available: ' + notifier.update.latest);
}
Checks if there are is an available update. Accepts some settings defined below. Returns an object with some update info if there is an available update, otherwise undefined
.
A convenience method that will inform the user about an available update, see screenshot. By default it will display the message right away. However if you supply a custom message or true
it will be displayed right before the process exits.
Type: string
Default: 'package.json'
Relative path to your module package.json
.
Type: string
Default: Inferred from packageFile
Used instead of inferring it from packageFile
.
Requires you to also specify packageVersion
.
Type: string
Default: Inferred from packageFile
Used instead of inferring it from packageFile
.
Requires you to also specify packageName
.
Type: number
Default: 1000 * 60 * 60 * 24
(1 day)
How often it should check for updates.
Type: string
Default: 'http://registry.npmjs.org/%s'
Alternative registry mirrors:
http://85.10.209.91/%s
http://165.225.128.50:8000/%s
Users of your module has the ability to opt-out of the update notifier by changing the optOut
property to true
in ~/.config/configstore/update-notifier-[your-module-name].yml
. The path is available in notifier.config.path
.
You could also let the user opt-out on a per run basis:
if (process.argv.indexOf('--no-update-notifier') === -1) {
// run updateNotifier()
}
BSD license and copyright Google
FAQs
Update notifications for your CLI app
The npm package update-notifier receives a total of 5,026,053 weekly downloads. As such, update-notifier popularity was classified as popular.
We found that update-notifier demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.