1 | # Up'em
|
2 |
|
3 | _Ups your package.json dependencies to latest. Opinionated. Respectless._
|
4 |
|
5 | [![Build Status](https://travis-ci.org/sverweij/upem.svg?branch=master)](https://travis-ci.org/sverweij/upem)
|
6 | [![Maintainability](https://api.codeclimate.com/v1/badges/ecd08465c81bc85b83fe/maintainability)](https://codeclimate.com/github/sverweij/upem/maintainability)
|
7 | [![Test Coverage](https://api.codeclimate.com/v1/badges/ecd08465c81bc85b83fe/test_coverage)](https://codeclimate.com/github/sverweij/upem/test_coverage)
|
8 | [![npm stable version](https://img.shields.io/npm/v/upem.svg)](https://npmjs.com/package/upem)
|
9 | [![MIT licensed](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
|
10 |
|
11 | ## What
|
12 |
|
13 | You brush your teeth every day. You keep your dependencies up to date.
|
14 | Brushing your teeth is hard to automate. Keeping dependencies up to date
|
15 | is not.
|
16 |
|
17 | _up'em_ updates your dependencies to latest, so you don't have to manually.
|
18 |
|
19 | ### Respectless
|
20 |
|
21 | _up'em_ does not respect your current version preferences. `^`, `~`, `*` =>
|
22 | they all get updated to the _latest_ version. It will leave the `^` and `~`
|
23 | in place as per your `npm config` settings, though.
|
24 |
|
25 | If `npm outdated` says:
|
26 |
|
27 | ```
|
28 | Package Current Wanted Latest Location
|
29 | midash 1.8.2 ^1.8.0 2.0.1 your-golden-package
|
30 | ```
|
31 |
|
32 | With the default `npm config`, running `npm outdated --json | upem` will
|
33 | set midash' version to ^2.0.1
|
34 |
|
35 | ```json
|
36 | "dependencies"{
|
37 | ...
|
38 | "midash": "^2.0.1"
|
39 | ...
|
40 | }
|
41 | ```
|
42 |
|
43 | There's no warning system for major version upgrades. I've found the most
|
44 | reliable way to find out if nothing breaks is to run your automated QA
|
45 | after updates.
|
46 |
|
47 | ### Heeding `save-exact` and `save-prefix`, though
|
48 |
|
49 | From version 2.0.0 _up'em_ heeds the `save-exact` and `save-prefix` npm config
|
50 | settings, just like `npm --save` and `npm --save-dev` would do:
|
51 |
|
52 | - if `save-exact = true` it will pin the version. In the above example it will
|
53 | pin `midash` to `2.0.1`
|
54 | - if `save-exact = false` it will look at `save-prefix` in your npm config:
|
55 | - if `save-prefix = '^'` or save-prefix isn't specified, it'll caret-prefix
|
56 | the version: `^2.0.1`
|
57 | - if `save-prefix = '~'` it'll tilde-prefix the version: `~2.0.1`
|
58 |
|
59 | ### Advice: commit an `.npmrc` to the root of your repo
|
60 |
|
61 | Commit the relevant parts of the npm config in an `.npmrc` in the root of your
|
62 | repo. That way both _up'em_ and the `npm` (or `yarn`) install/ add commands
|
63 | will always heed it - and other collaborators will automatically follow your
|
64 | standards. E.g. most of my repos have this:
|
65 |
|
66 | ```ini
|
67 | save-exact = true
|
68 | ```
|
69 |
|
70 | If you want to be sure of npm's 'default' behaviour over all machines
|
71 | and collaborators, use this one:
|
72 |
|
73 | ```ini
|
74 | save-exact = false
|
75 | save-prefix = '^'
|
76 | ```
|
77 |
|
78 | ## Typical use
|
79 |
|
80 | - Run the output from `npm outdated --json` through _up'em_.
|
81 | - When it's done `npm install` and re-run your automated quality
|
82 | - Check the changes in.
|
83 |
|
84 | I have some npm scripts set up so I can just `npm run upem`
|
85 | and watch cat videos in the mean time:
|
86 |
|
87 | ```json
|
88 | "scripts": {
|
89 | "check": "npm-run-all --parallel depcruise lint test",
|
90 | "depcruise": "depcruise --validate -- bin src test",
|
91 | "lint": "eslint bin src test",
|
92 | "lint:fix": "eslint --fix bin src test",
|
93 | "test": "jest --collectCoverage --config ./jest.config.js",
|
94 | "upem": "npm-run-all upem:update upem:install lint:fix check",
|
95 | "upem:update": "npm outdated --json | upem",
|
96 | "upem:install": "npm install"
|
97 | }
|
98 | ```
|
99 |
|
100 | ... but a similar approach in a `Makefile` would do the trick as well.
|
101 |
|
102 | ## Options
|
103 |
|
104 | If you want to keep versions untouched by _up'em_, put an `upem` section
|
105 | in your `package.json` with a `donotup` key listing the stuff you don't
|
106 | want to upgrade e.g.
|
107 |
|
108 | ```json
|
109 | ...
|
110 | "upem": {
|
111 | "donotup": ["glowdash"]
|
112 | }
|
113 | ...
|
114 | ```
|
115 |
|
116 | You might want to document why you don't up a package. You can do that like this:
|
117 |
|
118 | ```json
|
119 | ...
|
120 | "upem": {
|
121 | "donotup": [{
|
122 | "package": "glowdash",
|
123 | "because": "version >2 of glowdash doesn't support node 6 anymmore, but we still have to"
|
124 | }]
|
125 | }
|
126 | ...
|
127 | ```
|
128 |
|
129 | ## Why
|
130 |
|
131 | I've been a happy user of [npm-check-updates](https://github.com/tjunnone/npm-check-updates)
|
132 | for a long time. It's getting out of date, though. It's using npm 3 (which has not caused
|
133 | troubles yet, but it might) and its dependencies have serious security issues.
|
134 | I have been looking into jumping into fixing it, but I soon found out it would take
|
135 | a serious commitment to do so.
|
136 |
|
137 | I realized I used only a subset of npm-check-updates' capabilities, and rolling
|
138 | my own would only take a sunday afternoon...
|
139 |
|
140 | ## Alternatives
|
141 |
|
142 | - [npm-check-updates](https://github.com/tjunnone/npm-check-updates) - use that if you
|
143 | need something more feature rich and less opinionated and don't mind the outdated
|
144 | (/ insecure) dependencies.
|
145 | - [npm-check](https://github.com/dylang/npm-check) - never used but has a lot of stars
|
146 | & downloads, so probably legit. Feature rich.
|
147 | - Cloud services (like [greenkeeper](https://greenkeeper.io) and
|
148 | [renovate](https://renovatebot.com)) will be happy to do this
|
149 | trivial task for you as well.
|