{"id":21970704,"url":"https://github.com/appcelerator/check-kit","last_synced_at":"2026-05-09T15:33:42.470Z","repository":{"id":43804592,"uuid":"309811900","full_name":"appcelerator/check-kit","owner":"appcelerator","description":"Checks if a newer version is available for command line interfaces","archived":false,"fork":false,"pushed_at":"2025-06-24T17:14:54.000Z","size":788,"stargazers_count":1,"open_issues_count":0,"forks_count":1,"subscribers_count":8,"default_branch":"master","last_synced_at":"2025-10-19T11:01:49.226Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/appcelerator.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-03T21:30:55.000Z","updated_at":"2025-06-23T21:59:25.000Z","dependencies_parsed_at":"2022-09-26T16:22:34.560Z","dependency_job_id":null,"html_url":"https://github.com/appcelerator/check-kit","commit_stats":null,"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/appcelerator/check-kit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appcelerator%2Fcheck-kit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appcelerator%2Fcheck-kit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appcelerator%2Fcheck-kit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appcelerator%2Fcheck-kit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/appcelerator","download_url":"https://codeload.github.com/appcelerator/check-kit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/appcelerator%2Fcheck-kit/sbom","scorecard":{"id":203401,"data":{"date":"2025-08-11","repo":{"name":"github.com/appcelerator/check-kit","commit":"d6ed9dff3f6f5864ce39a24cb2f713ae9a809502"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.5,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/15 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":2,"reason":"3 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:74: update your workflow using https://app.stepsecurity.io/secureworkflow/appcelerator/check-kit/build.yml/master?enable=pin","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 15 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":9,"reason":"1 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T23:12:56.119Z","repository_id":43804592,"created_at":"2025-08-16T23:12:56.119Z","updated_at":"2025-08-16T23:12:56.119Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32824365,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-08T08:22:46.396Z","status":"online","status_checked_at":"2026-05-09T02:00:06.633Z","response_time":123,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-29T14:41:56.059Z","updated_at":"2026-05-09T15:33:42.427Z","avatar_url":"https://github.com/appcelerator.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# check-kit\n\n[![NPM Version][npm-image]][npm-url]\n[![NPM Downloads][downloads-image]][downloads-url]\n[![Deps][david-image]][david-url]\n[![Dev Deps][david-dev-image]][david-dev-url]\n\nChecks if a newer version is available for command line interfaces.\n\nIt is designed to be extremely easy to use and for CLI's that want to be in control.\n\n**What `check-kit` does:**\n\n * Checks if there is a new version available\n * Checks version for a specific dist tag\n * Fetches latest version from npm based on time interval\n * Persists the update metadata\n * Supports HTTP proxies\n\n**What `check-kit` does _not_ do:**\n\n * Display a message when a new version is available, that's up to you how you want it formatted\n\n## Installation\n\n    npm install check-kit --save\n\n## Example\n\nBasic usage:\n\n```js\nimport check from 'check-kit';\n\n(async () =\u003e {\n    const { current, distTag, name, latest, updateAvailable } = await check();\n\n    console.log(`Current version of package ${name} is ${current}`);\n\n    if (updateAvailable) {\n        console.log(`There is a new version available! ${current} -\u003e ${latest}`);\n    } else {\n        console.log(`Version ${current} is the latest`);\n    }\n})();\n```\n\nIf you know where the `package.json` is, you can pass it in:\n\n```js\nconst result = await check({\n    pkg: require('./package.json')\n});\n```\n\nBy default, `check-kit` will store update metadata in `/tmp/check-kit` directory. You can override\nthe directory, but not the metadata filename, by passing in the metadata directory:\n\n```js\nconst result = await check({\n    metaDir: `${os.homedir()}/myapp/update`\n});\n```\n\n## API\n\n### `async check(opts)`\n\nChecks if the specified package has a newer version available.\n\n`opts` and all options are optional.\n\n| Option               | Type                 | Default    | Description                                             |\n| -------------------- | -------------------- | ---------- | ------------------------------------------------------- |\n| `opts.applyOwner`    | `Boolean`            | `true`     | When `true`, determines the owner of the closest existing parent directory and apply the owner to the file and any newly created directories. |\n| `opts.caFile`        | `String`             |            | A path to a PEM-formatted certificate authority bundle. |\n| `opts.certFile`      | `String`             |            | A path to a client cert file used for authentication.   |\n| `opts.checkInterval` | `Number`             | `3600000`  | The amount of time in milliseconds before checking for an update. Defaults to 1 hour. |\n| `opts.cwd`           | `String`             | `\".\"`      | The current working directory used to locate the `package.json` if `opts.pkg` is not specified. |\n| `opts.distTag`       | `String`             | `\"latest\"` | The tag to check for the latest version.                |\n| `opts.force`         | `Boolean`            | `false`    | Forces an update check. |\n| `opts.keyFile`       | `String`             |            | A path to a private key file used for authentication.   |\n| `opts.metaDir `      | `String`             | `\"/tmp/check-kit/\"` | The directory to store package update information. The filename is derived by the package name and the dist tag. |\n| `opts.pkg`           | `Object` \\| `String` |            | The parsed `package.json`, path to the `package.json` file, or falsey and it will scan parent directories looking for a `package.json`. |\n| `opts.proxy`         | `String`             |            | A proxy server URL. Can be `http` or `https`.           |\n| `opts.registryUrl`   | `String`             |            | The npm registry URL. By default, it will autodetect the URL based on the package name/scope. |\n| `opts.strictSSL`     | `Boolean`            | `true`     | When falsey, disables TLS/SSL certificate validation for both `https` requests and `https` proxy servers. |\n| `opts.timeout`       | `Number`             | `1000`     | The number of milliseconds to wait to query npm before timing out. |\n\nReturns a `Promise` that resolves the following:\n\n| Property          | Type               | Description                                    |\n| ----------------- | ------------------ | ---------------------------------------------- |\n| `current`         | `String`           | The current version from the `package.json`.   |\n| `distTag`         | `String`           | The dist tag used to check the version.        |\n| `lastCheck`       | `Number`           | The timestamp the last check occurred.         |\n| `latest`          | `String` \\| `null` | The latest version returned from the registry or `null` if the package is not found. |\n| `name`            | `String`           | The package name.                              |\n| `updateAvailable` | `Boolean`          | Value is `true` if a new version is available. |\n\n### Metadata file\n\nThe metadata file contains information about the package and whether an update is available based\non the last check.\n\nYou can override the directory where the metadata file is stored, but you cannot override the\nmetadata filename. The filename is derived from the package name and the distribution tag. For\nexample, the package `@foo/bar` would resolve the filename `@foo-bar-latest.json`.\n\n## Comparison\n\n|                                    | `check-kit`        | [`update-notifier`][2] | [`update-check`][3] |\n| ---------------------------------- | :----------------: | :--------------------: | :-----------------: |\n| Version                            | 1.7.1              | 5.1.0                  | 1.5.4               |\n| Default check interval             | 1 hour             | 24 hours               | 1 hour              |\n| Update check method                | Async/await        | Subprocess             | Async/await         |\n| Notify of updates immediately      | :white_check_mark: | :x:                    | :white_check_mark:  |\n| Persist update available           | :white_check_mark: | :white_check_mark:     | :white_check_mark:  |\n| User-defined persistance directory | :white_check_mark: | :x:                    | :x:                 |\n| Specify dist tag                   | :white_check_mark: | :white_check_mark:     | :white_check_mark:  |\n| Specify `package.json` as object   | :white_check_mark: | :white_check_mark:     | :white_check_mark:  |\n| Specify `package.json` as path     | :white_check_mark: | :x:                    | :x:                 |\n| Automatically find `package.json`  | :white_check_mark: | :x:                    | :x:                 |\n| HTTP proxy support                 | :white_check_mark: | :x:                    | :x:                 |\n| Force check for updates            | :white_check_mark: | :x:                    | :x:                 |\n| Automatic registry URL discovery   | :white_check_mark: | :white_check_mark:     | :white_check_mark:  |\n| Custom registry URL                | :white_check_mark: | :x:                    | :x:                 |\n| Registry auth token support        | :white_check_mark: | :white_check_mark:     | :white_check_mark:  |\n| Continuous integration check skip  | :white_check_mark: | :white_check_mark:     | :x:                 |\n| `NODE_ENV=test` check skip         | :white_check_mark: | :white_check_mark:     | :x:                 |\n| `NO_UPDATE_NOTIFIER=1` check skip  | :white_check_mark: | :white_check_mark:     | :x:                 |\n| Graceful offline support           | :white_check_mark: | :white_check_mark:     | :x:                 |\n| Apply correct owner when sudo      | :white_check_mark: | :x:                    | :x:                 |\n| Type of semver update label        | :x:                | :white_check_mark:     | :x:                 |\n| Renders update available message   | :x:                | :white_check_mark:     | :x:                 |\n| Persisted opt-out setting          | :x:                | :white_check_mark:     | :x:                 |\n| License                            | Apache 2           | BSD 2-clause           | MIT                 |\n\n## Legal\n\nThis project is open source under the [Apache Public License v2][1] and is developed by\n[Axway, Inc](http://www.axway.com/) and the community. Please read the [`LICENSE`][1] file included\nin this distribution for more information.\n\n[1]: https://github.com/appcelerator/check-kit/blob/master/LICENSE\n[2]: https://www.npmjs.com/package/update-notifier\n[3]: https://www.npmjs.com/package/update-check\n[npm-image]: https://img.shields.io/npm/v/check-kit.svg\n[npm-url]: https://npmjs.org/package/check-kit\n[downloads-image]: https://img.shields.io/npm/dm/check-kit.svg\n[downloads-url]: https://npmjs.org/package/check-kit\n[david-image]: https://img.shields.io/david/appcelerator/check-kit.svg\n[david-url]: https://david-dm.org/appcelerator/check-kit\n[david-dev-image]: https://img.shields.io/david/dev/appcelerator/check-kit.svg\n[david-dev-url]: https://david-dm.org/appcelerator/check-kit#info=devDependencies\n[hook-emitter]: https://www.npmjs.com/package/hook-emitter\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappcelerator%2Fcheck-kit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fappcelerator%2Fcheck-kit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fappcelerator%2Fcheck-kit/lists"}