search

raineorshine / npm-check-updates

Find newer versions of package dependencies than what your package.json allows
Other
9.36k stars 324 forks source link

How to use ncu -ua but lock a few dependency version at the same time? #481

Closed kopax closed 5 years ago

kopax commented 5 years ago

Prior all I would like to thank you for making this OSS.

We have serious issues with all our small projects that need to have a fixed version for a certain dependency.

I am a module writer and we do not want to fix version for our users in our package.json, but we want to prevent upgrade voluntary on our side.

Most of the time, when we build something on top of, we want to stick to the dependency set by the core one.

We found ncu -ua to be an excellent command when we do not have a fixed version in our package, but we must proceed to a manual edition of package.json when we do have fixed version.

Is there a way using a file or whatever, to set a list of ignored dependency when using ncu -ua ?

That would save us a lot of time.

raineorshine commented 5 years ago

Yes! Add a .ncurc file with a reject option as described here:

https://github.com/tjunnone/npm-check-updates#configuration-files

kopax commented 5 years ago

Great exactly what we were looking for. Thanks a lot!

edit

We have created at the root of our project a .ncurc:

{
  "upgrade": true,
  "reject": [
    "whatwg-fetch",
    "ra-core",
    "ra-ui-materialui",
    "react-admin",
    "classnames",
    "date-fns",
    "inflection",
    "lodash",
    "node-polyglot",
    "prop-types",
    "query-string",
    "ra-language-english",
    "react-redux",
    "react-router",
    "react-router-dom",
    "react-router-redux",
    "recompose",
    "redux",
    "redux-form",
    "redux-saga",
    "reselect",
  ]
}

We expect when we type ncu (or ncu -u) to have our package.json upgraded.

Instead, we have : 

[..................] | :
 bootstrap-styled          ^2.4.7  →  ^2.4.12 
 react-children-utilities  ^1.0.7  →   ^1.0.9

Doing ncu -ua will upgrade all locked dependencies.

This was unclear but we found the only way to write the change before was just when you do ncu -ua

What is the appropriate command to achieve an upgrade of all dependencies but keeping the locked one?

version

kopax commented 5 years ago

ncu -a does work but then we do not get the reason of 

+ "upgrade": true,

@raineorshine could you please enlight us. Thanks

raineorshine commented 5 years ago

Let me just get some clarification so I can troubleshoot. When you say "locked dependencies", do you mean the ones that are specified with the reject option, or are you referring to something else?

Also you could try "upgradeAll: true", as that is the long option for -a.

kopax commented 5 years ago

Yes, in my sentence, locked is reject.

What is the difference between:

  1. ncu -u
  2. ncu -ua
  3. ncu -a

To me, I have found that -ua ignore reject, -a use them, -u alone doesn't write the package.json

raineorshine commented 5 years ago

Thank you for the clarification. I will investigate to ensure that this feature will work as intended in the upcoming v3 release. I suggest looking at #438 for the new behavior of -a. It has been very confusing that -a and -ua do the same thing, so this is being changed in v3. A patch will not likely be made to v2. I will report here when v3 is published!

kopax commented 5 years ago

Great thanks, I agree with #438.

I've made this base on your advice: https://rollup-umd.github.io/ncu/ , It target modules (not apps which need to use a lock file)

image

Basically, it will allow 1 depth of ncu reject options incoming from node_modules using keywords in the dependencies package.json.

This way, using @rollup-umd/ncu and npm-check-updates, we can reuse the reject configuration within our new modules projects that will consume it.

It works but for some unknown reasons, this createConfig is logging twice, while it is called only once within .ncurc.js

We use it as it is but In case you would have an explanation for this:

Auto configuration with @bootstrap-styled/ra-ui
Auto configuration with @yeutech-lab/test-polyfill
Rejected: ra-core, ra-ui-materialui, react-admin, classnames, date-fns, inflection, lodash, node-polyglot, query-string, ra-language-english, react-redux, react-router, react-router-dom, react-router-redux, recompose, redux, redux-form, redux-saga, reselect, @material-ui/core, @material-ui/icons, autosuggest-highlight, react-dropzone, react-headroom, react-autosuggest, material-ui-chip-input, papaparse, whatwg-fetch will be ignored by npm-check-updates.
Auto configuration with @bootstrap-styled/ra-ui
Auto configuration with @yeutech-lab/test-polyfill
Rejected: ra-core, ra-ui-materialui, react-admin, classnames, date-fns, inflection, lodash, node-polyglot, query-string, ra-language-english, react-redux, react-router, react-router-dom, react-router-redux, recompose, redux, redux-form, redux-saga, reselect, @material-ui/core, @material-ui/icons, autosuggest-highlight, react-dropzone, react-headroom, react-autosuggest, material-ui-chip-input, papaparse, whatwg-fetch will be ignored by npm-check-updates.
Using /home/dka/workspace/api/pm-products/package.json
raineorshine commented 5 years ago

v3 published: https://github.com/tjunnone/npm-check-updates/releases/tag/v3.0.0. Please create a new issue for any bugs you find! Thanks!

kopax commented 5 years ago

Thanks I will look at it soon.