npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

rotten-deps

v2.1.1

Published

The command `npm outdated` only has two endpoints which are pass or fail. This dichotomy isn't very useful for CI flows which have pass, fail, or warn. This CLI utility combines `npm outdated` and `npm view` in order to establish a compliance period for d

Downloads

25

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ominestreominestre

Keywords

Readme

Rotten Deps

Node.js CI

What is Rotten Deps?

Rotten Deps builds upon tools like yarn outdated and npm outdated to provide more than just a pass or fail state to outdated dependencies. You can configure a global or per dependency compliance period which will trigger a warn instead of a fail. This provides more breathing room for updating without blocking your builds.

Why and when should I use this?

Ignoring dependencies

Sometimes cases arise where due to some tech debt or other concern you're unable to update a specific dependency. If you have npm outdated or yarn outdated in your CI flow this job will constantly fail either blocking your builds or getting the team into the habit of ignoring the output.

Dependency specific compliance periods

Assuming you've decided that 14 days is an acceptable compliance periods for updates but you have one critical dependency that you like to keep patched. The inverse scenario also applies where maybe you're not that worried about a specific dev dependency falling out of date.

Global compliance period

This is good for setting organization base rules if you are working in an organization that has patching compliance windows.

How is days outdated determined?

We use your current version of a dependency as it is installed in your node_modules. Then based off a list of versions we determine the next semver version which is not a pre-release and use that as our comparison point. Days outdated is then calculated as the delta between the UTC seconds now versus the UTC seconds of next version's publish date. The delta is then converted and rounded to days and used in the report.

There is a special case where if you forget to install your project first using yarn install or npm install you won't have a node_modules/ so the wanted version is used instead which is determined based on how you pinned a version in your package.json.

How do I use this?

Prerequisites

  1. NodeJS
    • Must be v14.x or newer
    • Test strategy currently covers v14, v16, and v18 LTS versions

Installation

npm i -g rotten-deps or yarn global add rotten-deps to install this utility globally

  • OR -

npm i --save-dev rotten-deps or yarn add --dev rotten-deps to install it locally in your project.

Usage

You can find more in-depth documentation hosted on our GitHub pages.

CLI

To see details on command usage and options use rotten-deps --help, or if you installed it locally node ./node_modules/.bin/rotten-deps --help.

API

At this time the API isn't officially supported but you can probably figure it out based on the reference docs hosted on our GitHub Pages

Exit codes and meanings

  • 0 indicates that no dependencies are stale or outdated
  • 1 indicates that you have outdated dependencies
  • 2 indicates that you have stale dependencies but no outdated

Contributing

For instructions on contributing to this project please see CONTRIBUTING.md.