0.9.1 • Published 4 years ago

bump-deps v0.9.1

Weekly downloads
1
License
ISC
Repository
-
Last release
4 years ago

bump-deps

Manage dependencies by scope

Typical usage (CI setting)

Your project and some of its dependencies live in a custom npm scope:

// package.json
{
  "name": "@your-corp/your-app",
  "version": "1.0.0",
  // ...
  "dependencies": {
    "@your-corp/your-library": "^1.0.0",
    "@your-corp/another-library": "^1.0.0",
    // other dependencies
    "is-number": "^7.0.0"
    // ...
  },
  "devDependencies": {
    "@your-corp/your-tool": "^1.0.0",
    "bump-deps": "*"
    // ...
  },
  "scripts": {
    // run after you bump your package, but before a git tag and commit
    "version": "bump-deps"
    // ...
  },

Now you release a new version of your project by running npm version minor. Maybe there are new versions of some of your company-wide dependencies and you want to use the latest versions while keeping versions of external dependencies locked.

This is what bump-deps run as an npm version lifecycle script does.

Options

While the above is a typical usecase, the options allow for some customization and fine-tuning.

Pass-through options

bump-deps calls npm install internally on the matching packages. Just pass any install-options, they will be passed through:

npx bump-deps --package-lock-only --no-audit

Note: The proper bump-dep options start with bump- to minimize the risk of name clashes with current or future npm options.

Different scopes

You can pass arbitrary number of scopes to update (besides your package's own scope) by specifying them as options:

npx bump-deps @some-scope @another-scope // --... other options

If you do not want the package's own scope to be updated:

npx bump-deps @some-scope --no-bump-own-scope

Development and production

If you want only the production dependencies or only the devDependencies to be bumped, use the --only option (the syntax is equivalent to the npm option of the same name).

Simultaneous versioning (--bump-exact)

If all of your scoped dependencies are versioned simultaneously, the standard script as above still works fine as long as the semver ranges of your dependencies include the new version.

If they don't (for example you are bumping to a new prerelease version), you can still update all your scoped packages to that version by running bump-deps --bump-exact.

As --bump-exact only really makes sense when doing simultaneous versioning, it will bump all matching dependencies to the project's version.

What about peer dependencies?

Updating peer dependencies is different than updating regular dependencies. Actually it always implies a breaking change in your library (see this discussion for example).

Therefore automatic updating of peer dependencies is purposely not supported.

versioningscope
cross-spawnread-package-json
@everything-registry/sub-chunk-1274
0.9.1

4 years ago