update-notifier
Advanced tools
The update-notifier npm package is used to inform users when a newer version of a particular npm package is available. It is particularly useful for CLI tools to notify users to update to the latest version.
Basic Usage
This feature allows you to set up a basic notifier that checks for updates to the package specified in the package.json file. If an update is available, it will notify the user.
const updateNotifier = require('update-notifier');
const pkg = require('./package.json');
const notifier = updateNotifier({ pkg });
if (notifier.update) {
notifier.notify();
}Custom Message
This feature allows you to customize the message that is displayed to the user when an update is available.
const updateNotifier = require('update-notifier');
const pkg = require('./package.json');
const notifier = updateNotifier({ pkg });
if (notifier.update) {
notifier.notify({
message: 'Update available: ' + notifier.update.latest + '. Run `npm install -g ' + pkg.name + '` to update.'
});
}Check Interval
This feature allows you to set the interval at which the update check is performed. In this example, the check is performed once every 24 hours.
const updateNotifier = require('update-notifier');
const pkg = require('./package.json');
const notifier = updateNotifier({ pkg, updateCheckInterval: 1000 * 60 * 60 * 24 }); // 1 day
if (notifier.update) {
notifier.notify();
}npm-check is a tool that checks for outdated, incorrect, and unused dependencies. It provides a more comprehensive check compared to update-notifier, as it can also identify unused packages and incorrect versions.
npm-outdated is a built-in npm command that checks for outdated packages. It provides a list of all outdated packages in a project, making it more suitable for project-wide updates rather than individual package notifications.
Inform your package users of updates in a non-intrusive way. Mainly targets global CLI apps.
Whenever you initiate the update notifier and it's not within the interval threshold, it will asynchronously check with NPM in the background for available updates, then persist the result. The next time the notifier is initiated the result will be loaded into the .update property. This prevents any impact on your package startup performance.
The check process is done with fork. This means that if you call process.exit, the check will still be performed in its own process.
The idea for this module came from the desire to apply the browser update strategy to CLI tools, where everyone is always on the latest version. We first tried automatic updating, which we discovered wasn't popular. This is the second iteration of that idea, but limited to just update notifications.
There are a few projects using it:
Yeoman - modern workflows for modern webapps
Bower - a package manager for the web
Roots - a toolkit for advanced front-end development
Automaton - task automation tool
Node GH - GitHub command line tool
Hoodie CLI - Hoodie command line tool
pullr - GitHub pull requests from the command line
var updateNotifier = require('update-notifier');
// Checks for available update and returns an instance
var notifier = updateNotifier();
if (notifier.update) {
// Notify using the built-in convenience method
notifier.notify();
}
// `notifier.update` contains some useful info about the update
console.log(notifier.update);
/*
{
latest: '0.9.5',
current: '0.9.3',
type: 'patch', // possible values: latest, major, minor, patch
date: '2012-11-05T14:32:37.603Z',
name: 'yeoman'
}
*/
var notifier = updateNotifier({
updateCheckInterval: 1000 * 60 * 60 * 24 * 7 // 1 week
});
if (notifier.update) {
notifier.notify('Update available: ' + notifier.update.latest);
}
Checks if there is an available update. Accepts settings defined below. Returns an object with update info if there is an available update, otherwise undefined.
A convenience method that will inform the user about an available update (see screenshot). By default it will display the message right away. However, if you supply a custom message or true it will be displayed right before the process exits.
Type: function
Default: null
If provided, a callback function will be called,
passed (error[, update])
update is equal to notifier.update
Type: string
Default: 'package.json'
Relative path to your module package.json.
Type: string
Default: Inferred from packageFile
Used instead of inferring it from packageFile.
Requires you to also specify packageVersion.
Type: string
Default: Inferred from packageFile
Used instead of inferring it from packageFile.
Requires you to also specify packageName.
Type: number
Default: 1000 * 60 * 60 * 24 (1 day)
How often it should check for updates.
Type: number
Default: 20000 (20 secs)
How long the update can take.
If it takes longer than the timeout, it will be aborted.
Type: string
Default: 'http://registry.npmjs.org/%s'
Alternative registry mirrors:
http://85.10.209.91/%shttp://165.225.128.50:8000/%sIf you are behind a proxy server the process.env property is used to take the proxy server value from HTTP_PROXY or HTTPS_PROXY in order to make the call to the server. This means that you need to set those properties as environment variables.
Users of your module have the ability to opt-out of the update notifier by changing the optOut property to true in ~/.config/configstore/update-notifier-[your-module-name].yml. The path is available in notifier.config.path.
You could also let the user opt-out on a per run basis:
if (process.argv.indexOf('--no-update-notifier') === -1) {
// run updateNotifier()
}
BSD license and copyright Google
FAQs
Update notifications for your CLI app
We found that update-notifier demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.