david v12.0.0

Node.js module that tells you when your package npm dependencies are out of date.

Install

Install Node.js.

Install david:

cd /your/project/directory
npm install david

Usage

import * as david from 'david'
import fs from 'fs'

async function main () {
  const pkg = JSON.parse(fs.readFileSync('package.json'))

  const infos = await david.dependenciesInfo(pkg.dependencies)
  console.log(`\n# Dependencies information for "${pkg.name}":`)
  Object.entries(infos).forEach(printInfo)

  console.log('\n# Newer versions:')
  Object.entries(infos).filter(([_, i]) => david.isUpdated(i)).forEach(printInfo)

  console.log('\n# Newer STABLE versions:')
  Object.entries(infos).filter(([_, i]) => david.isUpdated(i, { stable: true })).forEach(printInfo)
}

function printInfo ([name, info]) {
  const { required, stable, latest } = info
  console.log(`${name} (Required: ${required} Stable: ${stable || 'None'} Latest: ${latest})`)
}

main()

CLI

If you install David globally with npm install -g david, you can run david in your project directory to see which dependencies are out of date.

You can also run david --global to see your outdated global dependencies.

Update to latest

To update all your project dependencies to the latest stable versions, and save to your package.json, run:

david update

To update a particular project dependency to the latest stable version, and save to your package.json, run:

david update package-name

You can also update global dependencies to latest versions:

david update --global

To update all your project dependencies to the latest versions (including unstable versions), pass the --unstable flag:

david update --unstable

Alternate registry

david update --registry http://registry.nodejitsu.com/

Non-npm and SCM (Git) dependencies

If you have dependencies that are not published to npm, david will print a warning message by default. To throw an error and exit, pass the error404 option:

david --error404

If using david programmatically, pass error: {E404: true} in the options object.

If you have dependencies whose versions are SCM URLs, david will print a warning message by default. To throw an error and exit, pass the errorSCM option:

david --errorSCM

If using david programmatically, pass error: {ESCM: true} in the options object.

Specify package.json path

Use -p, --package to specify the path to your package.json.

Ignore dependencies

To tell david to ignore dependencies, add a david.ignore property to your package.json which lists the dependencies david should ignore. If using david programmatically you can also pass this as an option. Globs are also supported. e.g.

package.json

{
  "david": {
    "ignore": ["async", "underscore", "@types/*"]
  }
}

API

dependenciesInfo(deps: Dependencies): Promise<Infos>

dependenciesInfo returns a promise of a object result, whose keys are package names. The values are objects which contain the following properties:

• required - The version required according to the manifest.
• stable - The latest stable version available.
• latest - The latest version available (including build and patch versions).
• versions - All versions of the module.