v14.1.0

Features

Group

You can now group upgrades by risk level using --format group:

Interactive Mode

Interactive mode was completely rewritten for a better user experience.

Inspired by npm-check.

Combine with --format group for a truly luxe experience:

Static Registry

A new option --packageManager staticRegistry allows upgrades to be recommended from a static JSON file. This can be used to power custom versioning infrastructure that is completely independent from the npm registry.

Thanks to agrouse who did a fine job on the PR.

Example:

$ ncu --packageManager staticRegistry --registry ./my-registry.json

my-registry.json:

{
  "prettier": "2.7.0",
  "typescript": "4.7.0"
}

The latest versions of prettier and typescript are set in the registry file. When ncu is run, it will recommend upgrades from the static registry file without touching the npm registry:

$ ncu --packageManager staticRegistry --registry ./my-registry.json
Checking /Users/raine/projects/ncu-issues/14.1.0/package.json
[====================] 2/2 100%

 prettier    ^2.0.1  →  ^2.7.0
 typescript  ^3.4.0  →  ^4.7.0

Run ncu -u to upgrade package.json

v14.0.0

Breaking

Prerelease versions are now "upgraded" to versions with a different preid.

For example, if you have a dependency at 1.3.3-next.1 and the version fetched by ncu is 1.2.3-dev.2, ncu will suggest an "upgrade" to 1.2.3-dev.2. This is because prerelease versions with different preids are incomparable. Since they are incomparable, ncu now assumes the fetched version is desired.

Since this change affects only prereleases, there is no impact on default ncu usage that fetches the latest version. With --pre or --target newest or --target greatest, this change could affect which version is suggested if versions with different preids are published. The change was made to support the new --target @[tag] feature.

If you have a use case where this change is not what is desired, please report an issue. The intention is for zero disruption to current usage.

Features

• You can now upgrade to a specific tag, e.g. --target @next. Thanks to IMalyugin.

Deprecated

• Default stdin handling is deprecated. Please explicitly add the --stdin option when reading package data from stdin.

v13.0.0

Breaking

• node >= 14 is now required
• Several options which have long been deprecated have been removed:
  • --greatest - Instead use --target greatest
  • --newest - Instead use --target newest
  • --ownerChanged - Instead use --format ownerChanged
  • --semverLevel - Renamed to --target

v12.2.0

• Added --retry <n> option to automatically retried failed requests for package information. Defaults to 3 retries.

Hopefully this relieves the frustrating situation of having npm-check-updates fail at the end of a long upgrade! You can control the number of retries with --retry <n>, including setting it to 0 for no retries (the previous behavior).

v12.0.0

Breaking

• node >= 12 is required. Time to upgrade that old-ass server you never touch.
• peerDependencies are now excluded by default. Peer dependencies should use the lowest possible version that works. The old behavior encouraged a bad practice of uprading peer dependencies. You can use --dep prod,dev,bundle,optional,peer for the old behavior (#951).
• Dependencies with > will be converted to >=. The old behavior was causing upgrades to > [latest] which was impossible (#957).

Other

• Typescript! There is a new build process, so if you have any issues with the executable or types, please report. It should be a non-breaking change if I did it correctly (#888).
• When using npm-check-updates as a module, vm (versionmanager) is no longer exported. It was previously exposed for testing purposes, but was never part of the official API.

v12.0.0-0

Coming soon...

• Typescript
• Remove unofficial exports
• Bump node >= 12

Early testers are greatly appreciated! In particular, let me know if you use any of the unofficial exports and can provide a case for their retention. Removing them will free up the internal API to do some architectural refactoring down the road.

Full details will be provided in the v12.0.0 release.

v11.5.0

Minor

npm-check-updates will now auto-detect yarn and apply --packageManager yarn when yarn.lock is present and package-lock.json is not present. You can override this by explicitly setting --packageManager npm. It will print "Using yarn" when the auto-detection is triggered.

v11.4.0

Minor

• Use --peer to check peer dependencies of installed packages and filter updates to compatible versions.
  • 791aa22 Respect peer dependencies (#869)
• Bump mem (minor)

Patch

• 696168b --deep: Fix Windows path
• Bump dependencies (patch)

v11.2.0

Wildcards and globs can now be used in filters without having to use regex:

ncu react-*      # upgrade packages that start with "react-"
ncu \!commander  # upgrade everything except "commander"

Since special characters are not allowed in package names, this change shouldn't break anything, but please let me know if a filter that was working before v11.2.0 is not now!

Commits

ee27448 Add filter support for wildcards and glob expressions. Fixes #219.

v11.0.0

Breaking

• --packageFile - Now interprets its argument as a glob pattern. It is possible that a previously supplied argument may be interepreted differently now (though I'm not aware of specific instances). Due to our conservative release policy we are releasing as a major version upgrade and allowing developers to assess for themselves.

Features

• --deep - Run recursively in current working directory. Alias of --packageFile '**/package.json'.

See: #785

v10.3.1...v11.0.0