Closed kopax closed 5 years ago
Yes! Add a .ncurc
file with a reject
option as described here:
https://github.com/tjunnone/npm-check-updates#configuration-files
Great exactly what we were looking for. Thanks a lot!
edit
We have created at the root of our project a .ncurc
:
{
"upgrade": true,
"reject": [
"whatwg-fetch",
"ra-core",
"ra-ui-materialui",
"react-admin",
"classnames",
"date-fns",
"inflection",
"lodash",
"node-polyglot",
"prop-types",
"query-string",
"ra-language-english",
"react-redux",
"react-router",
"react-router-dom",
"react-router-redux",
"recompose",
"redux",
"redux-form",
"redux-saga",
"reselect",
]
}
We expect when we type ncu
(or ncu -u
) to have our package.json
upgraded.
Instead, we have :
[..................] | :
bootstrap-styled ^2.4.7 → ^2.4.12
react-children-utilities ^1.0.7 → ^1.0.9
Doing ncu -ua
will upgrade all locked dependencies.
This was unclear but we found the only way to write the change before was just when you do ncu -ua
What is the appropriate command to achieve an upgrade of all dependencies but keeping the locked one?
version
ncu -a
does work but then we do not get the reason of
+ "upgrade": true,
@raineorshine could you please enlight us. Thanks
Let me just get some clarification so I can troubleshoot. When you say "locked dependencies", do you mean the ones that are specified with the reject
option, or are you referring to something else?
Also you could try "upgradeAll: true"
, as that is the long option for -a
.
Yes, in my sentence, locked
is reject
.
What is the difference between:
ncu -u
ncu -ua
ncu -a
To me, I have found that -ua
ignore reject
, -a
use them, -u
alone doesn't write the package.json
Thank you for the clarification. I will investigate to ensure that this feature will work as intended in the upcoming v3 release. I suggest looking at #438 for the new behavior of -a. It has been very confusing that -a and -ua do the same thing, so this is being changed in v3. A patch will not likely be made to v2. I will report here when v3 is published!
Great thanks, I agree with #438.
I've made this base on your advice: https://rollup-umd.github.io/ncu/ , It target modules (not apps which need to use a lock file)
Basically, it will allow 1 depth of ncu reject
options incoming from node_modules
using keywords
in the dependencies package.json
.
This way, using @rollup-umd/ncu
and npm-check-updates
, we can reuse the reject
configuration within our new modules projects that will consume it.
It works but for some unknown reasons, this createConfig
is logging twice, while it is called only once within .ncurc.js
We use it as it is but In case you would have an explanation for this:
Auto configuration with @bootstrap-styled/ra-ui
Auto configuration with @yeutech-lab/test-polyfill
Rejected: ra-core, ra-ui-materialui, react-admin, classnames, date-fns, inflection, lodash, node-polyglot, query-string, ra-language-english, react-redux, react-router, react-router-dom, react-router-redux, recompose, redux, redux-form, redux-saga, reselect, @material-ui/core, @material-ui/icons, autosuggest-highlight, react-dropzone, react-headroom, react-autosuggest, material-ui-chip-input, papaparse, whatwg-fetch will be ignored by npm-check-updates.
Auto configuration with @bootstrap-styled/ra-ui
Auto configuration with @yeutech-lab/test-polyfill
Rejected: ra-core, ra-ui-materialui, react-admin, classnames, date-fns, inflection, lodash, node-polyglot, query-string, ra-language-english, react-redux, react-router, react-router-dom, react-router-redux, recompose, redux, redux-form, redux-saga, reselect, @material-ui/core, @material-ui/icons, autosuggest-highlight, react-dropzone, react-headroom, react-autosuggest, material-ui-chip-input, papaparse, whatwg-fetch will be ignored by npm-check-updates.
Using /home/dka/workspace/api/pm-products/package.json
v3 published: https://github.com/tjunnone/npm-check-updates/releases/tag/v3.0.0. Please create a new issue for any bugs you find! Thanks!
Thanks I will look at it soon.
Prior all I would like to thank you for making this OSS.
We have serious issues with all our small projects that need to have a fixed version for a certain dependency.
I am a module writer and we do not want to fix version for our users in our
package.json
, but we want to prevent upgrade voluntary on our side.Most of the time, when we build something on top of, we want to stick to the dependency set by the core one.
We found
ncu -ua
to be an excellent command when we do not have a fixed version in our package, but we must proceed to a manual edition ofpackage.json
when we do have fixed version.Is there a way using a file or whatever, to set a list of ignored dependency when using
ncu -ua
?That would save us a lot of time.