{"id":13548164,"url":"https://github.com/bahmutov/next-update","last_synced_at":"2025-08-30T23:32:27.196Z","repository":{"id":8344426,"uuid":"9903316","full_name":"bahmutov/next-update","owner":"bahmutov","description":"Tests if module's dependencies can be updated to latest version","archived":false,"fork":false,"pushed_at":"2018-04-07T15:19:33.000Z","size":489,"stargazers_count":560,"open_issues_count":59,"forks_count":17,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-12-17T15:48:23.765Z","etag":null,"topics":["nodejs","npm","semantic-versioning","semver","test","testing","update","versioning"],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/bahmutov.png","metadata":{"files":{"readme":"README.md","changelog":"History.md","contributing":null,"funding":null,"license":"LICENSE-MIT","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-05-07T03:44:00.000Z","updated_at":"2024-11-30T05:23:15.000Z","dependencies_parsed_at":"2022-08-07T03:00:34.645Z","dependency_job_id":null,"html_url":"https://github.com/bahmutov/next-update","commit_stats":null,"previous_names":[],"tags_count":90,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fnext-update","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fnext-update/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fnext-update/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/bahmutov%2Fnext-update/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/bahmutov","download_url":"https://codeload.github.com/bahmutov/next-update/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":231539712,"owners_count":18392334,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nodejs","npm","semantic-versioning","semver","test","testing","update","versioning"],"created_at":"2024-08-01T12:01:06.578Z","updated_at":"2024-12-27T20:49:11.548Z","avatar_url":"https://github.com/bahmutov.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# next-update\n\n\u003e Tests if module's dependencies can be updated to the newer version without breaking the tests\n\n[![NPM][next-update-icon] ][next-update-url]\n\n[![Build status][next-update-ci-image] ][next-update-ci-url]\n[![Circle CI][circle-ci-image] ][circle-ci-url]\n[![Coverage Status][next-update-coverage-image] ][next-update-coverage-url]\n[![semantic-release][semantic-image] ][semantic-url]\n[![Known Vulnerabilities](https://snyk.io/test/github/bahmutov/next-update/230d136b5c68dadb1fd5459619df8f7678d28429/badge.svg)](https://snyk.io/test/github/bahmutov/next-update/230d136b5c68dadb1fd5459619df8f7678d28429)\n[![renovate-app badge][renovate-badge]][renovate-app]\n\n[renovate-badge]: https://img.shields.io/badge/renovate-app-blue.svg\n[renovate-app]: https://renovateapp.com/\n\n[next-update-icon]: https://nodei.co/npm/next-update.svg?downloads=true\n[next-update-url]: https://npmjs.org/package/next-update\n[next-update-ci-image]: https://travis-ci.org/bahmutov/next-update.svg?branch=master\n[next-update-ci-url]: https://travis-ci.org/bahmutov/next-update\n[next-update-coverage-image]: https://coveralls.io/repos/bahmutov/next-update/badge.svg\n[next-update-coverage-url]: https://coveralls.io/r/bahmutov/next-update\n[circle-ci-image]: https://circleci.com/gh/bahmutov/next-update.svg?style=svg\n[circle-ci-url]: https://circleci.com/gh/bahmutov/next-update\n[semantic-image]: https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg\n[semantic-url]: https://github.com/semantic-release/semantic-release\n\n\n\n**Note** I no longer maintain Node 0.12/4 compatibility. Please switch to\nNode 6.\n\n[![asciicast](https://asciinema.org/a/21645.png)](https://asciinema.org/a/21645)\n\nAlso check out:\n\n* [next-updater](https://github.com/bahmutov/next-updater) can update all your repos\n* [dont-break](https://github.com/bahmutov/dont-break)\nthat checks if your code is going to break everyone who depends on it.\n* [changed-log](https://github.com/bahmutov/changed-log) returns commit messages for\nthe given NPM package or Github repo between two tags.\n\n### Example\n\nImagine your nodejs module *foo* has the following dependencies listed in *package.json*\n\n    \"dependencies\": {\n        \"lodash\": \"~1.2.0\",\n        \"async\": \"~0.2.5\"\n    }\n\nYou would like to update lodash and async to latest versions, to not sure if\nthis would break anything. With *next-update* it is easy: run command `next-update`\nin the folder with module *foo*. Here is the example output:\n\n    next updates:\n    lodash\n        1.2.1 PASS\n    async\n        0.2.6 PASS\n        0.2.7 PASS\n        0.2.8 PASS\n\n\nBoth *package.json* file and *node_modules* folder are left unchanged,\nand now you know that you can safely upgrade both libraries to later versions.\n\n#### It even tells you the install command ;)\n\n    Use the following command to install working versions\n    npm install --save lodash@2.1.0\n\nThis might not appear like a big deal for a single module that is using\npopular 3rd party libraries with stable apis only. *next-update* is most useful\nin the larger development context, where multiple modules are being developed\nside by side, often by different teams. In such situations, checking if an upgrade\nis possible could be part of the continuous build pipeline.\n\nYou can see if your dependencies are out of date by using\n[david](https://david-dm.org),\nit even has badges you can add to your README files.\n\n*next-update* reports the probability of success for a given dependency update using\nanonymous global statistics from [next-update](http://next-update.herokuapp.com/) server\n\n```\navailable updates:\npackage               available  from version  average success %  successful updates  failed updates\n--------------------  ---------  ------------  -----------------  ------------------  --------------\ngrunt-contrib-jshint  0.8.0      0.7.2         100%               34                  0\ngrunt-bump            0.0.13     0.0.12        100%               4                   0\n```\n\n### Install\n\nYou can install this tool globally\n\n    npm install -g next-update  // installs module globally\n    next-update --help          // shows command line options\n\nThen run inside any package folder\n\n    /git/my-awesome-module\n    $ next-update\n\nOr you can use this module as a devDependency and a script command\n\n    npm install --save-dev next-update\n\n```json\n{\n    \"scripts\": {\n        \"next-update\": \"next-update -k true --tldr\"\n    }\n}\n```\n\nThis command will keep the successfuly version upgrades in the package.json file,\nbut will not be very verbose when run.\n\n### Anonymous usage collection\n\nAfter testing each module A upgrade from version X to Y, *next-update* sends\nanonymous result to [next-update.herokuapp.com/](http://next-update.herokuapp.com/).\nThe only information transmitted is:\n\n```json\n{\n    \"name\": \"lodash\",\n    \"from\": \"1.0.0\",\n    \"to\": \"2.0.0\",\n    \"success\": true\n}\n```\n\nThis information is used to answer the following questions later:\nwhat is the probability module A can be upgraded from X to Y?\nThus even if you do not have tests covering this particular module,\nyou can judge how compatible version X and Y really are over the entire\ninternet.\n\nYou can inspect data send in\n[stats.js](https://github.com/bahmutov/next-update/blob/master/src/stats.js).\n\nIf the dependency module has been upgraded by anyone else, its statistics\nwill be displayed with each test.\n\n```sh\nstats: deps-ok 0.0.7 -\u003e 0.0.8 success probability 44.44% 8 success(es) 10 failure(s)\n```\n\nA lot of NPM modules [do not have tests](http://npmt.abru.pt/), but\nat least you can judge if someone else has success going from verion X to version Y\nof a dependency.\n\n### Use\n\nMake sure the target module has unit / integration tests,\nand the tests can be run using `npm test` command.\n\nRun `next-update` from the command line in the same folder as\nthe target module. In general this tool does the following:\n\n1. Reads the module's dependencies (including dev) and their versions\n2. Queries npm registry to see if there are newer versions\n3. For each dependency that has newer versions available:\n    1. Installs each version\n    2. Runs command `npm test` to determine if the new version breaks the tests\n    3. Installs back the current version.\n4. Reports results\n\n### Checking specific modules\n\nYou can check one or more specific modules (whitelist) using CLI flag\n`--module` or `-m`\n\n```sh\nnext-update --module foo,bar,baz\n```\n\n### Ignoring or skipping some modules\n\n**note** [prerelease](https://github.com/npm/node-semver#functions)\nversions like `1.2.0-alpha` are skipped by default. I believe `next-update` is\nmeant to upgrade to *stable* versions.\n\nSome modules are hard to unit test, thus the automatic upgrades are not appropriate.\nFor example [benv](https://npmjs.org/package/benv) upgrade brings a new\n[jsdom](https://npmjs.org/package/jsdom) version, which does not work on Node 0.12\nSimilarly, upgrading [Q](https://npmjs.org/package/q) from 1.x.x to 2.x.x is usually\na breaking change.\n\nYou can skip a list of modules by name using `config` property in the `package.json`\n\n```json\n\"config\": {\n    \"next-update\": {\n        \"skip\": [\"benv\", \"q\"]\n    }\n}\n```\n\n### Custom test command per module\n\nSome modules are not really tested using the default `npm test` command or\nwhatever is passed via `--test \"...\"` from CLI. For example a linter module\nshould probably be tested using `npm run lint` command. You can set individual\ntest commands for each module to override the default test command. In the\n`package.json` config object set \"commands\" object\n\n```json\n\"config\": {\n  \"next-update\": {\n    \"commands\": {\n      \"git-issues\": \"npm run issues\",\n      \"standard\": \"npm run lint\"\n    }\n  }\n}\n```\n\nThen when `git-issues` module is checked by itself, it will run\n`npm run issues` command; when module `standard` is tested by itself, the\ntest will use `npm run lint` command.\n\n### Misc\n\n* To see what has changed in the latest version of any module,\nuse my companion tool [changed](https://npmjs.org/package/changed)\nlike this `changed foo` (*foo* is package name)\n* When comparing versions, keywords *latest* and *** are both assumed to equal to \"0.0.0\".\n* A good workflow using *next-update*\n    * see available new versions `next-update --available`\n    * check latest version of each module using `next-update --latest`\n    * install new versions of the desired modules using standard `npm i dependency@version --save`\n* You can use custom test command, for example `next-update -t \"grunt test\"`\n    * `npm test` is used by default.\n* You can keep each working version in package.json by using `--keep` flag.\n\n\n\n## API\n\nYou can use `next-update` as a module. See file\n[src/next-update-as-module](./src/next-update-as-module) for all options.\n\n```js\nconst nextUpdate = require('next-update')\nnextUpdate({\n  module: ['foo', 'bar']\n}).then(results =\u003e {\n  console.log(results)\n})\n/*\nprints something like\n[[\n  {\n    \"name\": \"foo\",\n    \"version\": \"0.2.0\",\n    \"from\": \"0.2.1\",\n    \"works\": true\n  },\n  {\n    \"name\": \"foo\",\n    \"version\": \"0.2.0\",\n    \"from\": \"0.3.0\",\n    \"works\": false\n  }\n], [\n  {\n    \"name\": \"bar\",\n    \"version\": \"1.5.1\",\n    \"from\": \"2.0.0\",\n    \"works\": true\n  }\n}}\n*/\n```\n\n\n\n## Development\n\nEdit source, run unit tests, run end to end tests and release\nnew version commands:\n\n```sh\nnpm test\nnpm run e2e\ngrunt release\nnpm publish\n```\n\n\n### Related\n\n* [Painless modular development](http://glebbahmutov.com/blog/modular-development-using-nodejs/)\n* [Really painless modular development](http://glebbahmutov.com/blog/really-painless-modular-development/)\n\n\n\n### 3\u003csup\u003erd\u003c/sup\u003e party libraries\n\n* [lazy-ass](https://github.com/bahmutov/lazy-ass) and\n[check-more-types](https://github.com/kensho/check-more-types) are used to\n[defend against runtime errors](http://glebbahmutov.com/blog/lazy-and-async-assertions/).\n* [lo-dash](https://github.com/bestiejs/lodash) is used to deal with collections / iterators.\n* [check-types](https://github.com/philbooth/check-types.js) is used to verify arguments through out the code.\n* [optimist](https://github.com/substack/node-optimist) is used to process command line arguments.\n* [request](https://npmjs.org/package/request) is used to fetch NPM registry information.\n* [semver](https://npmjs.org/package/semver) is used to compare module version numbers.\n* [q](https://npmjs.org/package/q) library is used to handle promises. While developing this tool,\nI quickly ran into problems managing the asynchronous nature of fetching information, installing multiple modules,\ntesting, etc. At first I used [async](https://npmjs.org/package/async), but it was still too complex.\nUsing promises allowed to cut the program's code and the complexity to very manageable level.\n* [cli-color](https://npmjs.org/package/cli-color) prints colored text to the terminal.\n\n\n\n### Small print\n\nAuthor: Gleb Bahmutov \u0026copy; 2014\n\n* [@bahmutov](https://twitter.com/bahmutov)\n* [glebbahmutov.com](https://glebbahmutov.com)\n* [blog](https://glebbahmutov.com/blog)\n\nLicense: MIT - do anything with the code, but don't blame me if it does not work.\n\nSpread the word: tweet, star on github, etc.\n\nSupport: if you find any problems with this module, email / tweet /\n[open issue](https://github.com/bahmutov/next-update/issues?state=open) on Github\n\n\n\n## MIT License\n\nCopyright (c) 2014 Gleb Bahmutov\n\nPermission is hereby granted, free of charge, to any person\nobtaining a copy of this software and associated documentation\nfiles (the \"Software\"), to deal in the Software without\nrestriction, including without limitation the rights to use,\ncopy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the\nSoftware is furnished to do so, subject to the following\nconditions:\n\nThe above copyright notice and this permission notice shall be\nincluded in all copies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND,\nEXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES\nOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND\nNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT\nHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,\nWHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\nFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR\nOTHER DEALINGS IN THE SOFTWARE.\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbahmutov%2Fnext-update","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbahmutov%2Fnext-update","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbahmutov%2Fnext-update/lists"}