Repository files navigation

Check for outdated, incorrect, and unused dependencies.

• Tells you what's out of date.
• Provides a link to the package's documentation so you can decide if you want the update.
• Kindly informs you if a dependency is not being used in your code.
• Works on your globally installed packages too, via-g.
• Interactive Update for less typing and fewer typos, via-u.
• Supports public and private@scoped/packages.
• Supports ES6-styleimport from syntax.
• Upgrades your modules using your installed version of npm, including the newnpm@3, so dependencies go where you expect them.
• Works with any public npm registry,private registries, and alternate registries likeSinopia.
• Does not query registries for packages withprivate: true in their package.json.
• Emoji in a command-line app, because command-line apps can be fun too.
• Works withnpm@2 andnpm@3, as well as newer alternative installers likeied andpnpm.

• Node >= 10.9.0

This is the easiest way to usenpm-check.

npm install -g npm-check

npm-check

The result should look like the screenshot, or something nice when your packages are all up-to-date and in use.

When updates are required it will return a non-zero response code that you can use in your CI tools.

Usage  $ npm-check <path> <options>Path  Where to check. Defaults to current directory. Use -g for checking global modules.Options  -u, --update          Interactive update.  -y, --update-all      Uninteractive update. Apply all updates without prompting.  -g, --global          Look at global modules.  -s, --skip-unused     Skip check for unused packages.  -p, --production      Skip devDependencies.  -d, --dev-only        Look at devDependencies only (skip dependencies).  -i, --ignore          Ignore dependencies based on succeeding glob.  -E, --save-exact      Save exact version (x.y.z) instead of caret (^x.y.z) in package.json.  --specials            List of depcheck specials to include in check for unused dependencies.  --no-color            Force or disable color output.  --no-emoji            Remove emoji support. No emoji in default in CI environments.  --debug               Show debug output. Throw in a gist when creating issues on github.Examples  $ npm-check           # See what can be updated, what isn't being used.  $ npm-check ../foo    # Check another path.  $ npm-check -gu       # Update globally installed modules by picking which ones to upgrade.

Show an interactive UI for choosing which modules to update.

Automatically updates versions referenced in thepackage.json.

Based on recommendations from thenpm team,npm-check only updates usingnpm install, notnpm update.To avoid using more than one version ofnpm in one directory,npm-check will automatically install updated modulesusing the version ofnpm installed globally.

Set environment variableNPM_CHECK_INSTALLER to the name of the installer you wish to use.

NPM_CHECK_INSTALLER=pnpm npm-check -u## pnpm install --save-dev foo@version --color=always

You can also use this for dry-run testing:

NPM_CHECK_INSTALLER=echo npm-check -u

Updates your dependencies like--update, just without any prompt. This is especially useful if you want to automate your dependency updates withnpm-check.

Check the versions of your globally installed packages.

If the value ofprocess.env.NODE_PATH is set, it will override the default path of global node_modules returned by packageglobal-modules.

Tip: Usenpm-check -u -g to do a safe interactive update of global modules, including npm itself.

By defaultnpm-check will let you know if any of your modules are not being used by looking atrequire statementsin your code.

This option will skip that check.

This is enabled by default when usingglobal orupdate.

By defaultnpm-check will look at packages listed asdependencies anddevDependencies.

This option will let it ignore outdated and unused checks for packages listed asdevDependencies.

Ignoredependencies and only checkdevDependencies.

This option will let it ignore outdated and unused checks for packages listed asdependencies.

Ignore dependencies that match specified glob.

$ npm-check -i babel-* will ignore all dependencies starting with 'babel-'.

Install packages using--save-exact, meaning exact versions will be saved in package.json.

Applies to bothdependencies anddevDependencies.

Check special (e.g. config) files when looking for unused dependencies.

$ npm-check --specials=bin,webpack will look in thescripts section of package.json and in webpack config.

Seehttps://github.com/depcheck/depcheck#special for more information.

Enable or disable color support.

By defaultnpm-check uses colors if they are available.

Enable or disable emoji support. Useful for terminals that don't support them. Automatically disabled in CI servers.

Enable or disable the spinner. Useful for terminals that don't support them. Automatically disabled in CI servers.

The API is here in case you want to wrap this with your CI toolset.

constnpmCheck=require('npm-check');npmCheck(options).then(currentState=>console.log(currentState.get('packages')));

• Interactive update.
• default isfalse

• Check global modules.
• default isfalse
• cwd is automatically set with this option.

• Skip checking for unused packages.
• default isfalse

• IgnoredevDependencies.
• This is called--production on the command line to matchnpm.
• default isfalse

• Ignoredependencies and only checkdevDependencies.
• default isfalse

• Ignore dependencies that match specified glob.
• default is[]

• Update package.json with exact versionx.y.z instead of semver range^x.y.z.
• default isfalse

• Show debug output. Throw in a gist when creating issues on github.
• default isfalse

• Override wherenpm-check checks.
• default isprocess.cwd()

• List ofdepcheck special parsers to include.
• default is''

The result of the promise is acurrentState object, look instate.js to see how it works.

You will probably wantcurrentState.get('packages') to get an array of packages and the state of each of them.

Each item in the array will look like the following:

{moduleName:'lodash',// name of the module.homepage:'https://lodash.com/',// url to the home page.regError:undefined,// error communicating with the registrypkgError:undefined,// error reading the package.jsonlatest:'4.7.0',// latest according to the registry.installed:'4.6.1',// version installedisInstalled:true,// Is it installed?notInstalled:false,// Is it installed?packageWanted:'4.7.0',// Requested version from the package.json.packageJson:'^4.6.1',// Version or range requested in the parent package.json.devDependency:false,// Is this a devDependency?usedInScripts:undefined,// Array of `scripts` in package.json that use this module.mismatch:false,// Does the version installed not match the range in package.json?semverValid:'4.6.1',// Is the installed version valid semver?easyUpgrade:true,// Will running just `npm install` upgrade the module?bump:'minor',// What kind of bump is required to get the latest, such as patch, minor, major.unused:false// Is this module used in the code?},

You will also see this if you use--debug on the command line.

Additional options can be sent to the depcheck process. Seedepcheck API. Create a .npmcheckrc{.json,.yml,.js} file and set the depcheck options under depcheck property.

For example, to skip packages for unused check, but still want them in the outdated check (so can't use the --ignore option):

# .npmcheckrcdepcheck:  ignoreMatches: ["replace-in-file","snyk","sonarqube-scanner"]

• npm outdated - awkward output, requires --depth=0 to be grokable.
• david - does not work with private registries.
• update-notifier - for single modules, not everything in package.json.
• depcheck - only part of the puzzle. npm-check uses depcheck.

Hi! Thanks for checking out this project! My name isDylan Greene. When not overwhelmed with my two young kids I enjoy contributingto the open source community. I'm also a tech lead atOpower.

Here's some of my other Node projects:

Name	Description	npm Downloads
grunt‑notify	Automatic desktop notifications for Grunt errors and warnings. Supports OS X, Windows, Linux.
shortid	Amazingly short non-sequential url-friendly unique id generator.
space‑hogs	Discover surprisingly large directories from the command line.
rss	RSS feed generator. Add RSS feeds to any project. Supports enclosures and GeoRSS.
grunt‑prompt	Interactive prompt for your Grunt config using console checkboxes, text input with filtering, password fields.
xml	Fast and simple xml generator. Supports attributes, CDATA, etc. Includes tests and examples.
changelog	Command line tool (and Node module) that generates a changelog in color output, markdown, or json for modules in npmjs.org's registry as well as any public github.com repo.
grunt‑attention	Display attention-grabbing messages in the terminal
observatory	Beautiful UI for showing tasks running on the command line.
anthology	Module information and stats for any @npmjs user
grunt‑cat	Echo a file to the terminal. Works with text, figlets, ascii art, and full-color ansi.

This list was generated usinganthology.

Copyright (c) 2016 Dylan Greene, contributors.

Released under theMIT license.

Screenshots areCC BY-SA (Attribution-ShareAlike).