Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Update dependency npm-check-updates to v18 #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
renovate wants to merge 1 commit into master
base: master
Choose a base branch
Loading
from renovate/npm-check-updates-18.x

Conversation

Copy link
Contributor

@renovate renovate bot commented Apr 21, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
npm-check-updates ^16.9.0 -> ^18.0.0 age confidence

Release Notes

raineorshine/npm-check-updates (npm-check-updates)

v18.3.0

Compare Source

v18.2.1

Compare Source

v18.2.0

Compare Source

Thanks to community members for raising awareness and to @​SebastianSedzik for the implementation.

See: #​1547

Feature: --cooldown

Usage:

ncu --cooldown [n]
ncu -c [n]

The cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.

Note that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.

Example:

Let's examine how cooldown works with a package that has these versions available:

1.0.0 Released 7 days ago (initial version)
1.1.0 Released 6 days ago (minor update)
1.1.1 Released 5 days ago (patch update)
1.2.0 Released 5 days ago (minor update)
2.0.0-beta.1 Released 5 days ago (beta release)
1.2.1 Released 4 days ago (patch update)
1.3.0 Released 4 days ago (minor update) [latest]
2.0.0-beta.2 Released 3 days ago (beta release)
2.0.0-beta.3 Released 2 days ago (beta release) [beta]

With default target (latest):

$ ncu --cooldown 5

No update will be suggested because:

  • Latest version (1.3.0) is only 4 days old.
  • Cooldown requires versions to be at least 5 days old
  • Use --cooldown 4 or lower to allow this update

With @beta/@tag target:

$ ncu --cooldown 3 --target @​beta

No update will be suggested because:

  • Current beta (2.0.0-beta.3) is only 2 days old
  • Cooldown requires versions to be at least 3 days old
  • Use --cooldown 2 or lower to allow this update

With other targets:

$ ncu --cooldown 5 --target greatest|newest|minor|patch|semver

Each target will select the best version that is at least 5 days old:

greatest → 1.2.0 (highest version number outside cooldown)
newest → 2.0.0-beta.1 (most recently published version outside cooldown)
minor → 1.2.0 (highest minor version outside cooldown)
patch → 1.1.1 (highest patch version outside cooldown)

Note for latest/tag targets:

⚠️ For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default --target latest or --target @​tag may prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.

v18.1.1

Compare Source

v18.1.0

Compare Source

v18.0.3

Compare Source

v18.0.2

Compare Source

v18.0.1

Compare Source

v18.0.0

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

  • yarn dlx ncu -g --packageManager yarnyarn dlx ncu -g
  • pnpm dlx ncu --global --packageManager pnpmpnpm dlx ncu -g
  • bunx ncu -g--packageManager pnpmbunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

  • ncu -gncu -g--packageManager npm

Thanks to @​LuisFerLCC for the improvement (#​1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

v17.1.18

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

  • yarn dlx ncu -g --packageManager yarnyarn dlx ncu -g
  • pnpm dlx ncu --global --packageManager pnpmpnpm dlx ncu -g
  • bunx ncu -g--packageManager pnpmbunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

  • ncu -gncu -g--packageManager npm

Thanks to @​LuisFerLCC for the improvement (#​1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

v17.1.17

Compare Source

v17.1.16

Compare Source

v17.1.15

Compare Source

v17.1.14

Compare Source

v17.1.13

Compare Source

v17.1.12

Compare Source

v17.1.11

Compare Source

v17.1.10

Compare Source

v17.1.9

Compare Source

v17.1.8

Compare Source

v17.1.7

Compare Source

v17.1.6

Compare Source

v17.1.5

Compare Source

v17.1.4

Compare Source

v17.1.3

Compare Source

v17.1.2

Compare Source

v17.1.1

Compare Source

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

  • yarn dlx ncu -g --packageManager yarnyarn dlx ncu -g
  • pnpm dlx ncu --global --packageManager pnpmpnpm dlx ncu -g
  • bunx ncu -g--packageManager pnpmbunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

  • ncu -gncu -g--packageManager npm

Thanks to @​LuisFerLCC for the improvement (#​1514).

raineorshine/npm-check-updates@v17.1.18...v18.0.0

v17.1.0

Compare Source

v17.0.6

Compare Source

v17.0.5

Compare Source

v17.0.4

Compare Source

v17.0.3

Compare Source

v17.0.2

Compare Source

v17.0.1

Compare Source

v17.0.0

Compare Source

Breaking
  • Require node >= 18.18.0
  • Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.
    • You can opt in with --no-deprecated in the CLI or deprecated: false in your ncurc config.
  • In workspaces mode, --root is now set by default (#​1353)
    • To not check the root package.json, use --no-root.
  • If you have a packageManager field in your package.json, it is now upgraded by default (#​1390)
    • Use --dep prod,dev,optional for the old behavior.

raineorshine/npm-check-updates@v16.14.20...v17.0.0

v16.14.20

Compare Source

Breaking
  • Require node >= 18.18.0
  • Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.
    • You can opt in with --no-deprecated in the CLI or deprecated: false in your ncurc config.
  • In workspaces mode, --root is now set by default (#​1353)
    • To not check the root package.json, use --no-root.
  • If you have a packageManager field in your package.json, it is now upgraded by default (#​1390)
    • Use --dep prod,dev,optional for the old behavior.

raineorshine/npm-check-updates@v16.14.20...v17.0.0

v16.14.19

Compare Source

v16.14.18

Compare Source

v16.14.17

Compare Source

v16.14.16

Compare Source

v16.14.15

Compare Source

v16.14.14

Compare Source

v16.14.13

Compare Source

v16.14.12

Compare Source

v16.14.11

Compare Source

v16.14.10

Compare Source

v16.14.9

Compare Source

v16.14.8

Compare Source

v16.14.7

Compare Source

v16.14.6

Compare Source

v16.14.5

Compare Source

v16.14.4

Compare Source

v16.14.3

Compare Source

v16.14.2

Compare Source

Breaking
  • Require node >= 18.18.0
  • Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.
    • You can opt in with --no-deprecated in the CLI or deprecated: false in your ncurc config.
  • In workspaces mode, --root is now set by default (#​1353)
    • To not check the root package.json, use --no-root.
  • If you have a packageManager field in your package.json, it is now upgraded by default (#​1390)
    • Use --dep prod,dev,optional for the old behavior.

raineorshine/npm-check-updates@v16.14.20...v17.0.0

v16.14.1

Compare Source

v16.14.0

Compare Source

bun

Feature

  • Added experimental support for bun package manager.
  • Automatically used if bun.lockb is detected.
  • Assistance needed to test it out on different platforms.
$ ncu --packageManager bun
$ ncu -p bun

Thanks to @​ImBIOS for the PR!

v16.13.4

Compare Source

v16.13.3

Compare Source

v16.13.2

Compare Source

v16.13.1

Compare Source

v16.13.0

Compare Source

Feature

  • Added --install option to control auto-install behavior.

Usage:

ncu --install [value]

Default: prompt

Control the auto-install behavior.

always Runs your package manager's install command automatically after upgrading.
never Does not install and does not prompt.
prompt Shows a message after upgrading that recommends an install, but does not install. In interactive mode, prompts for install. (default)

v16.12.3

Compare Source

v16.12.2

Compare Source

v16.12.1

Compare Source

v16.12.0

Compare Source

v16.11.2

Compare Source

v16.11.1

Compare Source

v16.11.0

Compare Source

v16.10.19

Compare Source

v16.10.18

Compare Source

v16.10.17

Compare Source

v16.10.16

Compare Source

v16.10.15

Compare Source

v16.10.14

Compare Source

v16.10.13

Compare Source


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-check-updates-18.x branch from 95181d1 to 846a55c Compare July 23, 2025 03:42
@renovate renovate bot force-pushed the renovate/npm-check-updates-18.x branch from 846a55c to c679aea Compare August 26, 2025 21:37
@renovate renovate bot force-pushed the renovate/npm-check-updates-18.x branch 2 times, most recently from 1a79f0c to 0d2ddbb Compare September 13, 2025 05:12
@renovate renovate bot force-pushed the renovate/npm-check-updates-18.x branch from 0d2ddbb to 62d1386 Compare September 18, 2025 22:32
@renovate renovate bot force-pushed the renovate/npm-check-updates-18.x branch from 62d1386 to 13f7ee6 Compare September 20, 2025 01:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

0 participants

AltStyle によって変換されたページ (->オリジナル) /