← Back to Releasing JavaScript

Keeping dependencies up to date

Checking for new versions

The npm-check-updates CLI tool is invaluable for upgrading your project's dependencies interactively:

# Install globally...
npm install -g npm-check-updates

# ...then use in your project folder
ncu -i

# After finishing the interactive process,
# install the new versions:
npm install

Inspecting the release notes

When your project has many dependencies, any shortcut to read each dependency's release notes is welcome. Let's see how the two command-line tools, npm and gh (the GitHub CLI) can help.

The npm view command works for any package name to extract pieces of information from its package.json.

npm view <package> homepage
npm view <package> repository.url

On the other hand, for a GitHub repository, the GitHub CLI provides these two commands to inspect the releases:

gh --repo <repo> release list
gh --repo <repo> release view <release-id>

For a given repo, we can even inspect each release in order, starting from the most recent, by gluing the two features together with cut and xargs, two command-line tools that come with most systems:

gh release list --repo <repo> | cut -f1 | xargs -I{} gh release view {} --repo <repo> 

Starting with gh@2.1.0 (*cough cough*), you can reliably use the repository.url value as the <repo>. Here it all is, put together in a single shell function:

# -------------------------------------------
# List the release notes of any npm package,
# as long as it publishes releases on GitHub.
#
# Usage: releasenotes d3
# -------------------------------------------
function releasenotes() {
	REPO=$(npm view $1 repository.url);
	gh release list --repo $REPO | cut -f1 | xargs -I{} gh release view {} --repo $REPO;
}

This only works for npm packages linked to GitHub repos that use the /releases tab as their changelog.

In all other cases, you can still save some time by launching a browser from the command line with the package homepage:

open $(npm view <package> homepage)