{"id":19006921,"url":"https://github.com/yowainwright/codependence","last_synced_at":"2025-10-26T22:33:03.161Z","repository":{"id":36967597,"uuid":"501135617","full_name":"yowainwright/codependence","owner":"yowainwright","description":"Stop wrestling with code dependencies. Use Codependence! 🤼‍♀️","archived":false,"fork":false,"pushed_at":"2025-08-20T08:32:01.000Z","size":3895,"stargazers_count":18,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-08-20T09:21:37.990Z","etag":null,"topics":["dependencies","dependency-manager","monorepo","nodejs","npm","publishing","release-management","releases","security-tools"],"latest_commit_sha":null,"homepage":"https://jeffry.in/codependence/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yowainwright.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-06-08T06:58:30.000Z","updated_at":"2025-08-20T08:32:03.000Z","dependencies_parsed_at":"2024-01-22T06:31:05.574Z","dependency_job_id":"4e5cf8c1-f60f-4753-962d-4e8758a84641","html_url":"https://github.com/yowainwright/codependence","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"purl":"pkg:github/yowainwright/codependence","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yowainwright%2Fcodependence","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yowainwright%2Fcodependence/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yowainwright%2Fcodependence/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yowainwright%2Fcodependence/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yowainwright","download_url":"https://codeload.github.com/yowainwright/codependence/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yowainwright%2Fcodependence/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279047276,"owners_count":26092736,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-15T02:00:07.814Z","response_time":56,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dependencies","dependency-manager","monorepo","nodejs","npm","publishing","release-management","releases","security-tools"],"created_at":"2024-11-08T18:35:06.629Z","updated_at":"2025-10-15T04:04:50.023Z","avatar_url":"https://github.com/yowainwright.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003ch1\u003e\u003ca href=\"https://www.npmjs.com/package/codependence\" target=\"_blank\"\u003eCodependence\u003c/a\u003e\u003c/h1\u003e\n\n![Typed with TypeScript](https://flat.badgen.net/badge/icon/Typed?icon=typescript\u0026label\u0026labelColor=blue\u0026color=555555)\n[![npm version](https://badge.fury.io/js/codependence.svg)](https://badge.fury.io/js/codependence)\n![ci](https://github.com/yowainwright/codependence/actions/workflows/ci.yml/badge.svg)\n![e2e](https://github.com/yowainwright/codependence/actions/workflows/e2e.yml/badge.svg)\n[![Github](https://badgen.net/badge/icon/github?icon=github\u0026label\u0026color=grey)](https://github.com/yowainwright/codependence)\n![Twitter](https://img.shields.io/twitter/url?url=https%3A%2F%2Fgithub.com%2Fyowainwright%2Fcodependence)\n\n#### Stop wrestling with your code dependencies. Use Codependence!\n\n**Codependence** is a JavaScript utility for checking dependencies to ensure they're up-to-date or match a specified version.\n\n---\n\n## _Main Usecase_\n\n#### Keep dependencies up-to-date\n\nCodependence updates `package.json`'s dependencies based on a \"codependencies\" array of dependency names.\nThe difference from `{npm,pnpm} update` or `yarn upgrade` is Codependence _allows you to pin what you want and update the rest_!\nFurthermore, Codependence works with monorepos and is package manager agnostic.\n\n#### \\*yes, dependencies can be pinned to `~` or `^` versions in `package.json` files!\n\nReadme more about [Codependence](#synopsis) why you might want to use it [below](#why-use-codependence)!\n\n---\n\n## Usage\n\n**Codependence** can be used as a standalone CLI, in npm scripts or, secondarily, as node utility!\n\n#### Install\n\n```sh\nnpm install codependence --save-dev\n```\n\n#### Quick setup\n\nPure CLI quick run\n\n```sh\ncodependence --condependencies 'fs-extra' 'lodash'\n```\n\nOr use it with a config in the root `package.json` file\n\n```ts\n{\n  \"codependence\": {\n    \"condependencies\": [\"fs-extra\", \"lodash\"]\n  },\n  \"scripts\": {\n    \"update-codependencies\": \"codependence --update\",\n    \"prepare\": \"npm run update-codependencies\"\n  }\n}\n```\n\n#### Initialize Codependence\n\nQuickly setup Codependence in your project with the interactive init command:\n\n```sh\n# Interactive setup with permissive mode by default - recommended!\ncodependence init\n\n# Create .codependencerc with all dependencies pinned (legacy mode)\ncodependence init rc\n\n# Add configuration to package.json with all dependencies pinned (legacy mode)\ncodependence init package\n```\n\nThe init command will:\n\n- **Default to permissive mode** (update all dependencies to latest, except those you want to pin)\n- Scan your `package.json` for dependencies\n- Let you choose your dependency management strategy:\n  - 🚀 **Permissive mode** (default/recommended): Update all to latest, pin specific ones\n  - 🔒 **Pin all mode**: Keep all dependencies at current versions\n- Create either a `.codependencerc` file or add config to `package.json`\n- Provide clear next steps for running Codependence\n- Handle edge cases like missing files or invalid JSON gracefully\n\n#### Testing\n\nRun e2e tests with Docker: `./e2e/test.sh test`\n\n---\n\n## Codependence as a CLI\n\n**Codependence** is built as a CLI-first, set-it-and-forget-it tool.\n\nIt is recommendeded to install and setup **Codependence** as a `devDependency` within your root `package.json` and use a `codependence.codependencies` array to define dependencies you need to keep updated or pinned to a specific version.\n\nFurthermore, you can add a `codependence.codependencies` array to child packages' `package.json` in your monorepo to ensure specific dependencies are pinned to a specific versions within your monorepo packages.\n\n```sh\nUsage: program [options]\n\nCodependency, for code dependency. Checks `codependencies` in package.json files to ensure dependencies are up-to-date\n\nOptions:\n  -f, --files [files...]                      file glob pattern\n  -u, --update                                update dependencies based on check\n  -r, --rootDir \u003crootDir\u003e                     root directory to start search\n  -i, --ignore [ignore...]                    ignore glob pattern\n  --debug                                     enable debugging\n  --silent                                    enable mainly silent logging\n  -cds, --codependencies [codependencies...]  a path to a file with a codependenies object\n  -c, --config \u003cconfig\u003e                       accepts a path to a config file\n  -s, --searchPath \u003csearchPath\u003e               a search path string for locationing config files\n  -h, --help                                  display help for command\n```\n\n## Codependence in Node\n\nAlthough, **Codependence** is built to primarily be a CLI utility, it can be used as a node utility.\n\n```ts\nimport codependence from \"codependence\";\n\nconst checkForUpdate = async () =\u003e {\n  const isLatest = await codependence({\n    codependencies: [\"fs-extra\", \"lodash\"],\n  });\n  if (!isLatest) {\n    console.log(\"This repo is update-to-date\");\n  } else {\n    console.error(\"This repo is not update-to-date\");\n  }\n};\n\nconst updateAllExceptSpecific = async () =\u003e {\n  await codependence({\n    codependencies: [\"react\", \"lodash\"],\n    permissive: true,\n    update: true,\n  });\n};\n\ncheckForUpdate();\n```\n\n## Configuration Options\n\nCodependence **options** can be used via CLI options, a config file read from the CLI, or with node by passing them into exported Codependence functions. Read more below!\n\n---\n\n### `codependencies`: `Array\u003cstring | Record\u003cstring, string\u003e`\n\nA **required** option or \\*config array! **Codependencies** are required via being passed in an array as a cli option \\*\\*or as within a `codependence.codependencies` array.\n\n- The default value is `undefined`\n- An array is required!\n\n---\n\n### \\*Config Array Detail\n\nThe Codependence `codependencies` array supports `latest` out-of-the-box.\n\n\u003e So having this `[\"fs-extra\", \"lodash\"]` will return the `latest` versions of the packages within the array. It will also match a specified version, like so `[{ \"foo\": \"1.0.0\" }]` and `[{ \"foo\": \"^1.0.0\" }]` or `[{ \"foo\": \"~1.0.0\" }]`. You can also include a `*` **at the end** of a name you would like to match. For example, `@foo/*` will match all packages with `@foo/` in the name and return their latest versions. This will also work with `foo-*`, etc.\n\n**Codependence** is built in to give you more capability to control your dependencies!\n\n---\n\n### Using the `codependence.codependencies` array in Monorepo child packages\n\nYou can add a `codependence.codependencies` array to child packages in your monorepo to ensure specific dependencies are pinned to a specific different versions within your monorepo packages.\n\n#### For example\n\nYou can have a `package.json` file in a `@foo/bar` package with following:\n\n```typescript\n{\n  \"name\": \"@foo/bar\",\n  \"dependencies\": {\n    \"fs-extra\": \"^9.0.0\",\n  },\n  \"codependence\": {\n    \"codependencies\": [{ \"fs-extra\": \"^9.0.0\" }]\n  }\n}\n\n```\n\nAnd another `package.json` file in a `@foo/baz` package with following:\n\n```typescript\n{\n  \"name\": \"@foo/baz\",\n  \"dependencies\": {\n    \"fs-extra\": \"^11.1.0\",\n  },\n  \"codependence\": {\n    \"codependencies\": [{ \"fs-extra\": \"^11.1.0\" }]\n  }\n}\n\n```\n\nCodependencies will install the right dependency version for each package in your monorepo!\n\n\u003e _**Note:** Codependencies can and will still install the expected version defined at the monorepo's root for packages that don't specify differences in their `package.json` files!_\n\n---\n\n### `files`: `Array\u003cstring\u003e`\n\nAn **optional** array of strings to check for `package.json` files to update.\n\n- The default value is `['package.json']`\n- This array accepts glob patterns as well, example `[\"package.json\", \"**/package.json\"`\n\n---\n\n### `update`: `boolean`\n\nAn **optional** boolean which defines whether **Codependence** should update dependencies in `package.json`'s or not.\n\n- The default value is `false`\n\n---\n\n### `rootDir`: `string`\n\nAn **optional** string which can used to specify the root directory to run checks from;\n\n- The default value is `\"./\"`\n\n---\n\n### `ignore`: `Array\u003cstring\u003e`\n\nAn **optional** array of strings used to specify directories to ignore\n\n- The default value is `[\"node_modules/**/*\", \"**/node_modules/**/*\"]`\n- glob patterns are accepted\n\n---\n\n### `debug`: `boolean`\n\nAn **optional** boolean value used to enable debugging output\n\n- The default value is `false`\n\n---\n\n### `silent`: `boolean`\n\nAn **optional** boolean value used to enable a more silent developer experience\n\n- The default value is `false`\n\n---\n\n### `config`: `string`\n\nAn **optional** string containing a package to file which contains `codependence` config.\n\n- The default is `undefined`\n\n---\n\n### `searchPath`: `string`\n\nAn **optional** string containing a search path for location config files.\n\n- The default value is `undefined`\n\n### `yarnConfig`: `boolean`\n\nAn **optional** boolean value used to enable \\***yarn config** checking\n\n- The default value is `false`\n\n---\n\n### `permissive`: `boolean`\n\nAn **optional** boolean value used to update all dependencies to their latest versions except those specified in the `codependencies` array.\n\n- The default value is `false`\n- When set to `true`, all dependencies not listed in `codependencies` will be updated to their latest versions\n\n---\n\n## Recipes\n\nListed below are some common patterns (recipes) for using **Codependence**.\n\n### Don't want a config? No problem!\n\nStarting out, you may not want a config object. Have no fear, **Codependence** can be used as a CLI utility ONLY!\n\n```sh\ncodependence --codependencies 'lodash' '{ \\\"fs-extra\\\": \\\"10.0.1\\\" }'\n```\n\n### Want to grab all dependencies which match a `\u003cname\u003e*` (name star) pattern to return the latest version of them? Sure!\n\n```sh\ncodependence --codependencies '@foo/*' --update\n```\n\n### Want to update all dependencies to latest except specific ones? Use permissive mode!\n\n```sh\ncodependence --codependencies 'react' 'lodash' --permissive --update\n```\n\n---\n\n## Synopsis\n\nCodependence is a JavaScript utility CLI and node tool that compares a `codependencies` array against `package.json` `dependencies`, `devDependencies`, and `peerDependencies` for \\***codependencies**.\n\nFor each dependency included in the `codependencies` array, Codependence will either **a)** check that versions are at `latest` or **b)** Check that a specified version is matched within `package.json` files. Codependence can either **a)** return a pass/fail result _or_ **b)** update dependencies, devDependencies, and peerDependencies, in package.json file(s).\n\n---\n\nCodependence is useful for ensuring specified dependencies are up-to-date—or at a specified version within a project's `package.json` files(s)!\n\nThis utility is built to work alongside dependency management tools like [dependabot](https://dependabot.com/). It _could_ work instead of dependency management tool but is built for managing specific dependency versions vs _all_ dependencies.\n\n---\n\n#### \\*Codependencies: are project dependencies which **must be** up-to-date or set to a specific version!\n\nIn example, if your repository requires the latest version and `latest` can't be specified as the dependency version within your `package.json`, Codependence will ensure your `package.json` has the **actual latest semver version** set in your `package.json`. It can/will do the same if an exact version is specified!\n\n---\n\n## Why use Codependence?\n\n**Codependence** is a utility tool focused on a single task—managing specified dependency versions!\n\n- It is built to work along side tools (like Dependabot) but it [can also manage dependencies fully](https://github.com/yowainwright/codependence-cron)!\n- It handles monorepos child package dependencies _with ease_ and **without** package manager bias!\n- It is as immediate as you want it to be, via [npm install scripts](https://docs.npmjs.com/cli/v8/using-npm/scripts#npm-install) and build pipeline tools, such as [Husky](https://typicode.github.io/husky/)\n- It can be run along with npm scripts or in github actions\n\n---\n\n## Why _not_ use Codependence?\n\n**Codependence** isn't for everybody or every repository. Here are some reasons why it _might not_ be for you!\n\n- You don't need intricate dependency version management\n- You prefer specifying necessary dependencies with `latest`, or manually `pinning`, or using a tool like [Dependabot's ignore spec](https://github.blog/changelog/2021-05-21-dependabot-version-updates-can-now-ignore-major-minor-patch-releases/) within a `dependabot.yml`.\n\n---\n\n## Demos\n\nCheck out Codependence in Action!\n\n- **[Codependence Cron](https://github.com/yowainwright/codependence-cron):** Codependence running off a Github Action cron job.\n- **[Codependence Monorepo](https://github.com/yowainwright/codependence-monorepo):** Codependence monorepo example.\n\n---\n\n## Codependence Debugging\n\n### `private packages`\n\nIf there is a `.npmrc` file, there is no issue with **Codependence** monitoring private packages. However, if a yarn config is used, Codependence must be instructed to run `version` checks differently.\n\n---\n\n### Fixes\n\n- With the CLI, add the `--yarnConfig` option.\n- With node, add `yarnConfig: true` to your options or your config.\n- For other private package issues, submit an [issue](https://github.com/yowainwright/codependence/issues) or [pull request](https://github.com/yowainwright/codependence/pulls).\n\n---\n\n## Development Environment\n\nThis project uses:\n\n- Node.js 18.0.0+\n- Bun 1.2.9+\n\nWe use [mise](https://mise.jdx.dev/) to manage tool versions. If you have mise installed, it will automatically use the correct versions of Node.js and bun.\n\n### Setup with mise\n\n```sh\n# Install mise if you don't have it\ncurl https://mise.run | sh\n\n# Clone the repository\ngit clone https://github.com/yowainwright/codependence.git\ncd codependence\n\n# mise will automatically use the correct versions from .mise.toml\nmise install\n\n# Install dependencies\nbun install\n```\n\n### Setup without mise\n\n```sh\n# Install Node.js 18.0.0+\nnvm install 18\n\n# Install bun\ncurl -fsSL https://bun.sh/install | bash\n\n# Install dependencies\nbun install\n```\n\n## Contributing\n\n[Contributing](.github/CONTRIBUTING.md) is straightforward.\n\n### Issues\n\n- Sprinkle some context\n- Can you submit a pull request if needed?\n\n### Pull Requests\n\n- Add a test (or a description of the test) that should be added\n- Update the readme (if needed)\n- Sprinkle some context in the [pull request](.github/PULL_REQUEST_TEMPLATE.md).\n- Hope it's fun!\n\nThank you!\n\n---\n\n## Roadmap\n\n- **Code:**\n  - add better spying/mocking (in progress)\n  - add utils functions to be executed with the cli cmd (monorepo, cadence, all deps)\n- **Demo Repos**\n  - **monorepo:** present how **codependence** can work to support monorepo updates (in progress)\n  - **cadence:** present how cadence can be implemented with **codependence**\n- **Documentation**\n  - write recipes section after the demo repos are complete (in progress)\n\n---\n\n## Shoutouts\n\nThanks to [Dev Wells](https://github.com/devdumpling) and [Steve Cox](https://github.com/stevejcox) for the aligned code leading to this project. Thanks [Navid](https://github.com/NavidK0) for some great insights to improve the api!\n\n---\n\nMade by [@yowainwright](https://github.com/yowainwright), MIT 2022\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyowainwright%2Fcodependence","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyowainwright%2Fcodependence","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyowainwright%2Fcodependence/lists"}