This file documents all major version releases. For other releases, please read the commit history.
- Require node >= 18.18.0
- In workspaces mode,
--root
is now set by default (#1353)- To not check the root package.json, use
--no-root
.
- To not check the root package.json, use
- If you have a packageManager field in your package.json, it is now upgraded by default (#1390)
- Use
--dep prod,dev,optional
for the old behavior.
- Use
https://github.com/raineorshine/npm-check-updates/compare/v16.14.20...v17.0.0
- Automatic detection of package data on stdin has been removed. This feature was deprecated in
v14.0.0
. Add--stdin
for old behavior. - Wild card filters now apply to scoped packages. Previously,
ncu -f '*vite*'
would not include@vitejs/plugin-react
. Now, filters will match any part of the package name, including the scope. Use a more specific glob or regex expression for old behavior.
https://github.com/raineorshine/npm-check-updates/compare/v15.3.4...v16.0.0
- node >= 14.14 is now required (#1145)
- Needed to upgrade
update-notifier
with has a moderate severity vulnerability
- Needed to upgrade
- yarn autodetect has been improved (#1148)
- This is a patch, though technically it is breaking. In the obscure case where
--packageManager
is not given, there is nopackage-lock.json
in the current folder, and there is ayarn.lock
in an ancestor directory, npm-check-updates will now use yarn. - More practically, if you needed to specify
--packageManager yarn
explicitly before, you may not have to now
- This is a patch, though technically it is breaking. In the obscure case where
https://github.com/raineorshine/npm-check-updates/compare/v14.1.1...v15.0.0
Prerelease versions are now "upgraded" to versions with a different preid.
For example, if you have a dependency at 1.3.3-next.1
and the version fetched by ncu is 1.2.3-dev.2
, ncu will suggest an "upgrade" to 1.2.3-dev.2
. This is because prerelease versions with different preids are incomparable. Since they are incomparable, ncu now assumes the fetched version is desired.
Since this change affects only prereleases, there is no impact on default ncu
usage that fetches the latest
version. With --pre 1
or --target newest
or --target greatest
, this change could affect which version is suggested if versions with different preids are published. The change was made to support the new --target @[tag]
feature.
If you have a use case where this change is not what is desired, please report an issue. The intention is for zero disruption to current usage.
- You can now upgrade to a specific tag, e.g.
--target @next
. Thanks to IMalyugin.
https://github.com/raineorshine/npm-check-updates/compare/v13.1.5...v14.0.0
- node >= 14 is now required
- Several options which have long been deprecated have been removed:
--greatest
- Instead use--target greatest
--newest
- Instead use--target newest
--ownerChanged
- Instead use--format ownerChanged
--semverLevel
- Renamed to--target
https://github.com/raineorshine/npm-check-updates/compare/v12.5.12...v13.0.0
- node >= 12 is required. Time to upgrade that old-ass server you never touch.
peerDependencies
are now excluded by default. Peer dependencies should use the lowest possible version that works. The old behavior encouraged a bad practice of uprading peer dependencies. You can use--dep prod,dev,optional,peer
for the old behavior (#951).- Dependencies with
>
will be converted to>=
. The old behavior was causing upgrades to> [latest]
which was impossible (#957).
- Typescript! There is a new build process, so if you have any issues with the executable or types, please report. It should be a non-breaking change if I did it correctly (#888).
- WHen using
npm-check-updates
as a module,vm
(versionmanager) is no longer exported. It was previously exposed for testing purposes, but was never part of the official API.
https://github.com/raineorshine/npm-check-updates/compare/v11.8.5...v12.0.0
--packageFile
- Now interprets its argument as a glob pattern. It is possible that a previously supplied argument may be interepreted differently now (though I'm not aware of specific instances). Due to our conservative release policy we are releasing as a major version upgrade and allowing developers to assess for themselves.
--deep
- Run recursively in current working directory. Alias of--packageFile '**/package.json'
.
See: #785
https://github.com/raineorshine/npm-check-updates/compare/v10.3.1...v11.0.0
- Specifiying both the
--filter
option and argument filters will now throw an error. Use one or the other. Previously the arguments would override the--filter
option, which made for a confusing result when accidentally not quoting the option in the shell. This change is only breaking for those who are relying on the incorrect behavior of argument filters overriding--filter
.
See: #759
https://github.com/raineorshine/npm-check-updates/compare/v9.2.4...v10.0.0
- Versions marked as
deprecated
in npm are now ignored by default. If the latest version is deprecated, the next highest non-deprecated version will be suggested. Use--deprecated
to include deprecated versions (old behavior).
https://github.com/raineorshine/npm-check-updates/compare/v8.1.1...v9.0.0
--semverLevel major
is now--target minor
.--semverLevel minor
is now--target patch
. This change was made to provide more intuitive semantics for--semverLevel
(now--target
). Most people assumed it meant the inclusive upper bound, so now it reflects that. a2111f4c2- Programmatic usage:
run
now defaults tosilent: true
instead ofloglevel: 'silent
, unlessloglevel
is explicitly specified. If you overrodesilent
orloglevel
, this may affect the logging behavior. 423e024
Options that controlled the target version (upper bound) of upgrades have been consolidated under --target
. The old options are aliased with a deprecation warning and will be removed in the next major version. No functionality has been removed.
--greatest
: Renamed to--target greatest
--newest
: Renamed to--target newest
--semverLevel
: Renamed to--target
See: 7eca5bf3
Usage: ncu --doctor [-u] [options]
Iteratively installs upgrades and runs tests to identify breaking upgrades. Add -u
to execute (modifies your package file, lock file, and node_modules).
To be more precise:
- Runs
npm install
andnpm test
to ensure tests are currently passing. - Runs
ncu -u
to optimistically upgrade all dependencies. - If tests pass, hurray!
- If tests fail, restores package file and lock file.
- For each dependency, install upgrade and run tests.
- When the breaking upgrade is found, saves partially upgraded package.json (not including the breaking upgrade) and exits.
Example:
$ ncu --doctor -u
npm install
npm run test
ncu -u
npm install
npm run test
Failing tests found:
/projects/myproject/test.js:13
throw new Error('Test failed!')
^
Now let’s identify the culprit, shall we?
Restoring package.json
Restoring package-lock.json
npm install
npm install --no-save react@16.0.0
npm run test
✓ react 15.0.0 → 16.0.0
npm install --no-save react-redux@7.0.0
npm run test
✗ react-redux 6.0.0 → 7.0.0
Saving partially upgraded package.json
Added support for GitHub URLs.
See: f0aa792a4
Example:
{
"dependencies": {
"chalk": "https://github.com/chalk/chalk#v2.0.0"
}
}
Added support for npm aliases.
See: 0f6f35c
Example:
{
"dependencies": {
"request": "npm:postman-request@2.88.1-postman.16"
}
}
Usage: ncu --ownerChanged
Check if the npm user that published the package has changed between current and upgraded version.
Output values:
- Owner changed:
*owner changed*
- Owner has not changed: no output
- Owner information not available:
*unknown*
Example:
$ ncu --ownerChanged
Checking /tmp/package.json
[====================] 1/1 100%
mocha ^7.1.0 → ^8.1.3 *owner changed*
Run ncu -u to upgrade package.json
https://github.com/raineorshine/npm-check-updates/compare/v7.1.1...v8.0.0
- Removed bower support (4e4b47fd3bb567435b456906d0106ef442bf46fe)
- Fix use of "<" with single digit versions (f04d00e550ce606893bee77b78ef2a0b2a50246a)
- Change eslint configuration
- Update dependencies
- Replace cint methods with native methods
- Add CI via GitHub Actions workflow
https://github.com/raineorshine/npm-check-updates/compare/v6.0.2...v7.0.0
--semverLevel
now supports version ranges. This is a breaking change since version ranges are no longer ignored by--semverLevel
, which may result in some dependencies having new suggested updates.
If you are not using --semverLevel
, NO CHANGE! 😅
https://github.com/raineorshine/npm-check-updates/compare/v5.0.0...v6.0.0
node >= 8
node >= 10.17
Bump minimum node version to v10.17.0
due to move-file
#651
If ncu
was working for you on v4.x
, then v5.0.0
will still work. Just doing a major version bump since ncu's officially supported node version is changing. v4
should be patched to be compatible with node v8
, but I'll hold off unless someone requests it.
https://github.com/raineorshine/npm-check-updates/compare/v4.1.2...v5.0.0
ncu v3 excluded prerelease versions (-alpha
, -beta
, etc) from the remote by default, as publishing prerelease versions to latest
is unconventional and not recommended. Prereleases versions can be included by specifying --pre
(and is implied in options --greatest
and --newest
).
However, when you are already specifying a prerelease version in your package.json dependencies, then clearly you want ncu to find newer prerelease versions. This is now default in v4, albeit with the conservative approach of sticking to the latest
tag.
No effect for most users.
If a prerelease version is published on the latest
tag, and you specify a prerelease version in your package.json, ncu will now suggest upgrades for it.
If a prerelease version is published on a different tag, there is no change from ncu v3; you will still need --pre
, --greatest
, or --newest
to get prerelease upgrades.
https://github.com/raineorshine/npm-check-updates/compare/v3.2.2...v4.0.0
The required node version has been updated to allow the use of newer Javascript features and reduce maintenance efforts for old versions.
In ncu v2, an internally packaged npm was used for version lookups. When this became out-of-date and differed considerably from the system npm problems would occur. In ncu v3, the system-installed npm will be used for all lookups. This comes with the maintenance cost of needing to upgrade ncu whenever the output format of npm changes.
In ncu v2, out-of-date dependencies in package.json that were installed up-to-date (e.g. ^1.0.0
specified and 1.0.1
installed) were ignored by ncu. Installed modules are now completely ignored and ncu only consider your package.json. This change was made to better match users’ expectations.
In ncu v2, if you had ^1.0.0
in your package.json, a newly released 1.0.1
would be ignored by ncu. The logic was that ^1.0.0
is a range that includes 1.0.1
, so you don’t really need to change the version specified in your package.json, you just need to run npm update
. While logical, that turned out to be quite confusing to users. In ncu v3, the package.json will always be upgraded if there is a newer version (same as -a
in v2). The old default behavior is available via the --minimal
option.
In ncu v2, any version published to the latest
tag was assumed to be a stable release version. In practice, occasional package authors would accidentally or unconventionally publish -alpha
, -beta
, and -rc
versions to the latest
tag. While I still consider this a bad practice, ncu v3 now ignores these prerelease versions by default to better match users’ expectations. The old behavior is available via the --pre 1
option. (When --newest
or --greatest
are set, --pre 1
is set by default, and can be disabled with --pre 0
).
In order to only target one or more dependency sections, ncu now uses the --dep
option instead of separate options for each section.
--prod
is now --dep prod
--dev
is now --dep dev
--dev --peer
is now --dep dev,peer
etc
The --packageManager
alias has changed from -m
to -p
to make room for --minimal
as -m
.
https://github.com/raineorshine/npm-check-updates/compare/v2.15.0...v3.0.0
v2 has a few important differences from v1:
- Newer published versions that satisfy the specified range are not upgraded by default (e.g.
1.0.0
to1.1.0
). This change was made becausenpm update
handles upgrades within the satisfied range just fine, and npm-check-updates is primarily intended to provide functionality not otherwise provided by npm itself. These satisfied dependencies will still be shown when you run npm-check-updates, albeit with a short explanation. For the old behavior, add the -ua/--upgradeAll option. - The command-line argument now specifies a package name filter (e.g.
ncu /^gulp-/
). For the old behavior (specifying an alternative package.json), pipe the package.json through stdin. - Use the easier-to-type
ncu
instead ofnpm-check-updates
.npm-check-updates
is preserved for backwards-compatibility. - Allow packageData to be specified as an option
- Colored table output
- Add -a/--upgradeAll
- Add -e/--error-level option
- Add -j/--json and --jsonFlat flags for json output
- Add -r/--registry option for specifying third-party npm registry
- Add -t/--greatest option to search for the highest versions instead of the default latest stable versions.
- Remove -f/--filter option and move to command-line argument
- Replace < and <= with ^
- Automatically look for the closest descendant package.json if not found in current directory
- Add ncu alias
- Export functionality to allow for programmatic use
- Bug fixes and refactoring
- Full unit test coverage!
https://github.com/raineorshine/npm-check-updates/compare/v1.5.1...v2.0.0