npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@stanimirovv/dependency-tracker

v1.2.3

Published

A tiny, light weight script that counts how many versions behind the project is from its dependencies.

Downloads

4

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

stanimirovvstanimirovv

Keywords

Readme

Dependency tracker

A light weight, configurable script that generates a score depending on how many versions behind the project is from its dependencies.

This is not a replacement for npm outdated

The script has 2 primary use cases:

  • Exploration purposes to understand how many versions behind the project is from its dependencies.
  • Use it as a guard in CI/CD pipelines to fail if the project is not up to date with its dependencies.

Features

Print a JSON report with a dacay score and the packages and their versions behind.

Use standard bash exit code: If the exit code is 0, the project is up to date with its dependencies. If the exit code is 1, the project is not up to date with its dependencies.

Configuration

Use the envvar VERSIONS_BEHIND_THRESHOLD=<max versions behind int> to enable the non 0 exit statuses. Set VERSIONS_BEHIND_THRESHOLD=0 to fail on any version behind. You can also skip major/minor/patch versions by setting the envvars SKIP_MAJOR_VERSIONS=1 and SKIP_MINOR_VERSIONS=1 and SKIP_PATCH_VERSIONS=1. Skips dev/alpha/beta/rc versions.

Decay score

The script generates an overall decay score for the project. The dependency score is the sum of all dependency versions behind. 1000 for major versions behind, 100 for minor and 1 for patch. Patch is considered less important as they are released significantly more often than major/minor versions.

If for readability or scripting purposes you want the script to return only the decay score, you can use the envvar ONLY_DECAY=1.

You can also use DECAY_THRESHOLD=<max decay score int> to set a threshold for the decay score and have the script return a non 0 exit status if the decay score is above the threshold.

By default only the prd dependencies are checked. You can also check dev dependencies by setting the envvar CHECK_DEV_DEPENDENCIES=1.

You can use PACKAGES_TO_SKIP='["package1", "package2"]' to skip specific packages. The alternative is to use PACKAGES_TO_TRACK='["package1", "package2"]' to only track specific packages.

Installation

npm i @stanimirovv/dependency-tracker

Usage

Simple report:

npx @stanimirovv/dependency-tracker /path/to/package-lock.json

Note: default path is ./package-lock.json

Set status code to 1 if versions behind is more than 0:

VERSIONS_BEHIND_THRESHOLD=0 npx @stanimirovv/dependency-tracker /path/to/package-lock.json

Skip patch versions:

SKIP_PATCH_VERSIONS=1 npx @stanimirovv/dependency-tracker /path/to/package-lock.json

Skip versions behind on typescript

PACKAGES_TO_SKIP='["typescript"]' npx @stanimirovv/dependency-tracker /path/to/package-lock.json

Have a max decay score of 10000 and skip minor versions:

DECAY_THRESHOLD=10000 SKIP_MINOR_VERSIONS=1 npx @stanimirovv/dependency-tracker /path/to/package-lock.json

Example report

{"decayScore":1,"packageReports":[{"packageName":"reflect-metadata","versionsBehind":1,"minorVersionsBehind":0,"patchVersionsBehind":1,"majorVersionsBehind":0,"currentVersion":"0.1.12","latestVersion":"0.1.13"},{"packageName":"@types/bcrypt","versionsBehind":0,"minorVersionsBehind":0,"patchVersionsBehind":0,"majorVersionsBehind":0,"currentVersion":"^5.0.0","latestVersion":"5.0.0"}]}

Work Log

2022/01/29 - generatePackageReport must be refactored and simplified. We need more tests for it.