npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

npm-san-check

v0.2.6

Published

Simple npm check with fewer dependency and fewer functionalities.

Downloads

146

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

idlistidlist

Keywords

npmcheckdependencyupdater

Readme

npm-san-check

This tool is considered as a practice. Please use at your own risk.

Yet another package.json update checker.

Why another? Because I really liked npm-check-updates, but its shorter command ncu conflicts with NVIDIA's Nsight Compute CLI, and it has 334 dependencies in total.

Introduction

The CLI tool is a practice to mimic the core (i.e., a small subset of) functionalities of npm-check-updates with reasonably fewer dependencies. In short:

  • It should only work with Node.js and npm.
  • It should only work with Node.js v18 or above as vanilla fetch is used.
  • It doesn't support workspaces.
  • It can only check local dependencies (i.e., where a package.json is presented).
  • It only has CLI interface.

The good side is:

  • It has only 6 direct dependencies (or 12 packages in total) with an installation size of ~1.5MB (where undici takes 1MB and the rest being ~500KB).

Installation

npm i -g npm-san-check
npm-sc

Or, run with npx:

npx npm-san-check

How the update is determined

By default, the tool would check dependencies and devDependencies, as those dependencies are mostly safe to update.

Generally, updating peerDependencies and optionalDependencies should be done manually, as they require careful treatment and wrong dependency versions would cause the whole package unable to be installed or used. You can still check and update the version using this tool, though not recommended.

"Newer"

The tool would try to update the dependencies to the newer versions that fit the semantic:

  • Unary ranges having "larger than" semantics (^, ~, >, >=) are updated to the newest versions that satisfies them, with the range symbol kept.
  • Wildcards (*, x, X) are preserved.
  • Other ranges, as well as hyphen ranges (-) and compound ranges (||), are ignored.

This is the default strategy of the tool.

"Latest"

The tool would update the dependencies to the latest versions with the policies kept.

  • Unary ranges (^, ~, <, <=, >, >=, = or omitted) are updated to the latest versions with the range symbols kept.
  • For hyphen ranges (-), the right side is updated to the newest version.
  • Wildcards (*, x, X) are preserved.
  • Compound ranges (connected by ||) are ignored.

This is the strategy similar (but not equal) to the one npm-check-updates uses.

Usage

npm-sc [...filters]
       [-u | --update] [-l | --latest] [--pre | --prerelease]
       [-I | --no-deps] [-D | --no-dev-deps] [--peer] [--opt]
       [-p | --package] [-r | --registry] [--proxy]

Behaviors

filters: Packages to be updated.

  • Supports * for glob matching (e.g., *eslint* matches every packages that has eslint in it's name, like @eslint/js or @typescript-eslint/parser).
  • Words are combined by OR logic.

-u, --update: Overwrite package.json with the updated dependencies.

  • In case version control is not used, or this tool has malfunctioned, a back-up file (usually package.sc.json) is created before updating.

-l, --latest: Let the updater to use the "latest" updating strategy instead of "newer", which might more possibly include breaking changes.

--pre, --prerelease: Include prerelease versions.

  • By default, prerelease versions are excluded from update targets, unless the package version itself is already a prerelease version.

Scopes

-I, --no-deps: Ignore (direct) dependencies (dependencies).

-D, --no-dev-deps: Ignore development dependencies (devDependencies).

--peer: Check peer dependencies (peerDependencies).

--opt: Check optional dependencies (optionalDependencies).

Environmental Settings

-p, --package: Specify the location of the package file, relative to current working directory. Default to package.json.

-r, --registry: Specify the URL of the registry. Default to npm registry.

--proxy: Specify the proxy server when checking the update.

  • Environment variables HTTP_PROXY and HTTPS_PROXY are also considered, so it's not necessary to use this option if those variables have been set.

License

MIT (c) i'DLisT 2024