{"id":9741150,"url":"https://github.com/xeol-io/bumpgen","last_synced_at":"2025-04-13T15:34:37.197Z","repository":{"id":236773495,"uuid":"784460496","full_name":"xeol-io/bumpgen","owner":"xeol-io","description":"bumpgen is an AI agent that upgrades npm packages ","archived":false,"fork":false,"pushed_at":"2024-08-05T00:43:06.000Z","size":283,"stargazers_count":117,"open_issues_count":9,"forks_count":8,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-27T06:22:52.251Z","etag":null,"topics":["ai","ai-agent","appsec","bump-version","react","tsx","typescript"],"latest_commit_sha":null,"homepage":"https://www.xeol.io/beta","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xeol-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-09T22:33:54.000Z","updated_at":"2025-03-24T04:15:22.000Z","dependencies_parsed_at":"2024-06-19T03:00:26.386Z","dependency_job_id":"3708dd4c-4c6b-4585-b1c2-4043b3baae30","html_url":"https://github.com/xeol-io/bumpgen","commit_stats":null,"previous_names":["xeol-io/bumpgen"],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fbumpgen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fbumpgen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fbumpgen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xeol-io%2Fbumpgen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xeol-io","download_url":"https://codeload.github.com/xeol-io/bumpgen/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248735983,"owners_count":21153513,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agent","appsec","bump-version","react","tsx","typescript"],"created_at":"2024-05-16T10:30:18.884Z","updated_at":"2025-04-13T15:34:37.154Z","avatar_url":"https://github.com/xeol-io.png","language":"TypeScript","funding_links":[],"categories":["[bumpgen](https://github.com/xeol-io/bumpgen)","TypeScript","Agent Categories"],"sub_categories":["Links","\u003ca name=\"Unclassified\"\u003e\u003c/a\u003eUnclassified"],"readme":"\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://github.com/xeol-io/bumpgen/assets/4740147/8abf2d07-6161-42e6-ad4e-2cc9181ad21a\" alt=\"logo\"/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n    \u003ca href=\"https://www.xeol.io/beta\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/Github App Sign Up-FCAE00?logo=googlechrome\u0026logoColor=black\u0026style=for-the-badge\"/\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/xeol-io/bumpgen?tab=MIT-1-ov-file\"\u003e\n        \u003cimg src=\"https://img.shields.io/badge/License-MIT-FCAE00.svg?style=for-the-badge\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://github.com/xeol-io/bumpgen/stargazers\"\u003e\n        \u003cimg src=\"https://img.shields.io/github/stars/xeol-io/bumpgen?color=FCAE00\u0026style=for-the-badge\"\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://discord.gg/J7E9BqVHkG\"\u003e\n        \u003cimg src=\"https://img.shields.io/discord/1233126412785815613?logo=discord\u0026label=discord\u0026color=5865F2\u0026style=for-the-badge\"/\u003e\n    \u003c/a\u003e\n\u003c/p\u003e\n\n## 📝 Summary\n\n`bumpgen` bumps your **TypeScript / TSX** dependencies and makes code changes for you if anything breaks.\n\n![demo](\u003chttps://assets-global.website-files.com/65af8f02f12662528cdc93d6/662e6061d42954630a191417_tanstack-ezgif.com-speed%20(1).gif\u003e)\n\nHere's a common scenario:\n\n\u003e you: \"I should upgrade to the latest version of x, it has banging new features and impressive performance improvements\"\n\u003e\n\u003e you (5 minutes later): _nevermind, that broke a bunch of stuff_\n\nThen use `bumpgen`!\n\n**How does it work?**\n\n- `bumpgen` builds your project to understand what broke when a dependency was bumped\n- Then `bumpgen` uses [ts-morph](https://github.com/dsherret/ts-morph) to create an _abstract syntax tree_ from your code, to understand the relationships between statements\n- It also uses the AST to get type definitions for external methods to understand how to use new package versions\n- `bumpgen` then creates a _plan graph_ DAG to execute things in the correct order to handle propagating changes (ref: [arxiv 2309.12499](https://huggingface.co/papers/2309.12499))\n\n\u003e [!NOTE]\n\u003e `bumpgen` only supports typescript and tsx at the moment, but we're working on adding support for other strongly typed languages. Hit the emoji button on our open issues for [Java](https://github.com/xeol-io/bumpgen/issues/60), [golang](https://github.com/xeol-io/bumpgen/issues/59), [C#](https://github.com/xeol-io/bumpgen/issues/62) and [Python](https://github.com/xeol-io/bumpgen/issues/61) to request support.\n\n## 🚀 Get Started\n\nTo get started, you'll need an OpenAI API key. `gpt-4-turbo-preview` from OpenAI is the only supported model at this time, though we plan on supporting more soon.\n\nThen, run `bumpgen`:\n\n```\n\u003e export LLM_API_KEY=\"\u003copenai-api-key\u003e\"\n\u003e cd ~/my-repository\n\u003e npm install -g bumpgen\n\u003e bumpgen @tanstack/react-query 5.28.14\n```\n\nwhere `@tanstack/react-query` is the package you want to bump and `5.28.14` is the version you want to bump to.\n\nYou can also run `bumpgen` without arguments and select which package to upgrade from the menu. Use `bumpgen --help` for a complete list of options.\n\n### Github Action\n\nWe've created a GitHub action that can be used to run bumpgen. The intended usage is to be triggered on dependabot or renovatebot PRs - if breaking changes are detected, bumpgen will commit to the PR branch.\n\n\u003e [!NOTE]\n\u003e The action commits changes to the branch it was triggered from. If you would like those commits to trigger other CI workflows, you will need to use a GitHub [Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens).\n\n#### Example Workflow\n\n```yml\nname: \"Bumpgen\"\n\non:\n  pull_request:\n    types:\n      - opened\n\npermissions:\n  pull-requests: read\n  contents: write\n\njobs:\n  main:\n    name: Run Bumpgen\n    runs-on: ubuntu-latest\n    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]'}} # Use renovate[bot] for renovate PRs\n    steps:\n      - uses: actions/checkout@v4\n      - name: Setup # Checkout and setup your project before running the bumpgen action\n        uses: ./tooling/github/setup\n      - name: Bumpgen\n        uses: xeol-io/bumpgen@v0.0.1\n        with:\n          path: \"./packages/bumpgen-core/\" # The location of your project's package.json file\n          llm_key: ${{ secrets.LLM_API_KEY }}\n          github_token: ${{ secrets.GITHUB_TOKEN }}\n```\n\n\u003e [!NOTE]\n\u003e If you'd like to be first in line to try the `bumpgen` GitHub App to replace your usage of dependabot + renovatebot, sign up [here](https://www.xeol.io/beta).\n\n## Limitations\n\nThere are some limitations you should know about.\n\n- `bumpgen` relies on build errors to determine what needs to be fixed. If an issue is caused by a behavioral change, `bumpgen` won't detect it.\n- `bumpgen` can't handle multiple packages at the same time. It will fail to upgrade packages that require peer dependencies to be updated the same time to work such as `@octokit/core` and `@octokit/plugin-retry`.\n- `bumpgen` is not good with very large frameworks like `vue`. These kind of upgrades (and vue 2 -\u003e 3 specifically) can be arduous even for a human.\n\n## 🏙️ Architecture\n\n```\n \u003e bumpgen @tanstack/react-query 5.28.14\n       │\n┌┬─────▼──────────────────────────────────────────────────────────────────────┐\n││ CLI                                                                        │\n└┴─────┬──▲───────────────────────────────────────────────────────────────────┘\n       │  │\n┌┬─────▼──┴───────────────────────────────────────────────────────────────────┐\n││ Core (Codeplan)                                                            │\n││                                                                            │\n││ ┌───────────────────────────────────┐ ┌──────────────────────────────────┐ │\n││ │ Plan Graph                        │ │ Abstract Syntax Tree             │ │\n││ │                                   │ │                                  │ │\n││ │                                   │ │                                  │ │\n││ │               ┌─┐                 │ │                  ┌─┐             │ │\n││ │            ┌──┴─┘                 │ │               ┌──┴─┴──┐          │ │\n││ │            │                      │ │               │       │          │ │\n││ │           ┌▼┐                  ┌──┼─┼──┐           ┌▼┐     ┌▼┐         │ │\n││ │           └─┴──┐               │  │ │  │        ┌──┴─┴──┐  └─┘         │ │\n││ │                │                  │ │  ▼        │       │              │ │\n││ │               ┌▼┐              ▲  │ │          ┌▼┐     ┌▼┐             │ │\n││ │               └─┴──┐           │  │ │  │       └─┘  ┌──┴─┴──┐          │ │\n││ │                    │           └──┼─┼──┘            │       │          │ │\n││ │                   ┌▼┐             │ │              ┌▼┐     ┌▼┐         │ │\n││ │                   └─┘             │ │              └─┘     └─┘         │ │\n││ │                                   │ │                                  │ │\n││ │                                   │ │                                  │ │\n││ │                                   │ │                                  │ │\n││ │                                   │ │                                  │ │\n││ └───────────────────────────────────┘ └──────────────────────────────────┘ │\n││                                                                            │\n└┴─────┬──▲───────────────────────────────────────────────────────────────────┘\n       │  │\n┌┬─────▼──┴───────────────────────────┐  ┌┬───────────────────────────────────┐\n││ Prompt Context                     │  ││ LLM                               │\n││                                    │  ││                                   │\n││ - plan graph                       │  ││ GPT4-Turbo, Claude 3, BYOM        │\n││ - errors                           ├──►│                                   │\n││ - code                             │  ││                                   │\n││                                    ◄──┼│                                   │\n││                                    │  ││                                   │\n││                                    │  ││                                   │\n││                                    │  ││                                   │\n└┴────────────────────────────────────┘  └┴───────────────────────────────────┘\n```\n\n#### Abstract Syntax Tree\n\nThe AST is generated from **[ts-morph](https://github.com/dsherret/ts-morph)**. This AST allows `bumpgen` to understand the relationship between nodes in a codebase.\n\n#### Plan Graph\n\nThe plan graph is a concept detailed in **[codeplan](https://huggingface.co/papers/2309.12499)** by Microsoft. The plan graph allows `bumpgen` to not only fix an issue at a point but also fix the 2nd order breaking changes from the fix itself. In short, it allows `bumpgen` to propagate a fix to the rest of the codebase.\n\n#### Prompt Context\n\nWe pass the plan graph, the error, and the actual file with the breaking change as context to the LLM to maximize its ability to fix the issue.\n\n#### LLM\n\nWe only support `gpt-4-turbo-preview` at this time.\n\n\u003cp align=\"center\"\u003e\n    \u003cimg src=\"https://s3.amazonaws.com/static.xeol.io/memes/terminator-meme.png\" alt=\"meme\"/\u003e\n\u003c/p\u003e\n\n## ⏱️ Benchmark\n\n```\nbumpgen + GPT-4 Turbo         ██████████░░░░░░░░░░░   45% (67 tasks)\n```\n\nWe benchmarked `bumpgen` with GPT-4 Turbo against a [suite](https://github.com/xeol-io/swe-bump-bench) of version bumps with breaking changes. You can check out the evals [here](https://github.com/xeol-io/swe-bump-bench/tree/main/evals/bumpgen/v_8df9f7de936707815eb12e226517a1b0023383eb).\n\n## 🎁 Contributing\n\nContributions are welcome! To get set up for development, see [Development](./.github/development.md).\n\n#### Roadmap\n\n- [x] codeplan\n- [x] Typescript/TSX support\n- [ ] `bumpgen` GitHub app\n- [ ] Embeddings for different package versions\n- [ ] Use test runners as an oracle\n- [ ] C# support\n- [ ] Java support\n- [ ] Go support\n\n[Join](https://discord.gg/J7E9BqVHkG) our Discord community to contribute, learn more, and ask questions!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxeol-io%2Fbumpgen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxeol-io%2Fbumpgen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxeol-io%2Fbumpgen/lists"}