next-update

Tests if module's dependencies can be updated to the newer version without breaking the tests

Note I no longer maintain Node 0.12/4 compatibility. Please switch toNode 6.

Also check out:

• next-updater can update all your repos
• dont-breakthat checks if your code is going to break everyone who depends on it.
• changed-log returns commit messages forthe given NPM package or Github repo between two tags.

Example

Imagine your nodejs module foo has the following dependencies listed in package.json

"dependencies": {
    "lodash": "~1.2.0",
    "async": "~0.2.5"
}

You would like to update lodash and async to latest versions, to not sure ifthis would break anything. With next-update it is easy: run command next-updatein the folder with module foo. Here is the example output:

next updates:
lodash
    1.2.1 PASS
async
    0.2.6 PASS
    0.2.7 PASS
    0.2.8 PASS

Both package.json file and node_modules folder are left unchanged,and now you know that you can safely upgrade both libraries to later versions.

It even tells you the install command ;)

Use the following command to install working versions
npm install --save lodash@2.1.0

This might not appear like a big deal for a single module that is usingpopular 3rd party libraries with stable apis only. next-update is most usefulin the larger development context, where multiple modules are being developedside by side, often by different teams. In such situations, checking if an upgradeis possible could be part of the continuous build pipeline.

You can see if your dependencies are out of date by usingdavid,it even has badges you can add to your README files.

next-update reports the probability of success for a given dependency update usinganonymous global statistics from next-update server

available updates:
package               available  from version  average success %  successful updates  failed updates
--------------------  ---------  ------------  -----------------  ------------------  --------------
grunt-contrib-jshint  0.8.0      0.7.2         100%               34                  0
grunt-bump            0.0.13     0.0.12        100%               4                   0

Install

You can install this tool globally

npm install -g next-update  // installs module globally
next-update --help          // shows command line options

Then run inside any package folder

/git/my-awesome-module
$ next-update

Or you can use this module as a devDependency and a script command

npm install --save-dev next-update

{
    "scripts": {
        "next-update": "next-update -k true --tldr"
    }
}

This command will keep the successfuly version upgrades in the package.json file,but will not be very verbose when run.

Anonymous usage collection

After testing each module A upgrade from version X to Y, next-update sendsanonymous result to next-update.herokuapp.com/.The only information transmitted is:

{
    "name": "lodash",
    "from": "1.0.0",
    "to": "2.0.0",
    "success": true
}

This information is used to answer the following questions later:what is the probability module A can be upgraded from X to Y?Thus even if you do not have tests covering this particular module,you can judge how compatible version X and Y really are over the entireinternet.

You can inspect data send instats.js.

If the dependency module has been upgraded by anyone else, its statisticswill be displayed with each test.

stats: deps-ok 0.0.7 -> 0.0.8 success probability 44.44% 8 success(es) 10 failure(s)

A lot of NPM modules do not have tests, butat least you can judge if someone else has success going from verion X to version Yof a dependency.

Use

Make sure the target module has unit / integration tests,and the tests can be run using npm test command.

Run next-update from the command line in the same folder asthe target module. In general this tool does the following:

1. Reads the module's dependencies (including dev) and their versions
2. Queries npm registry to see if there are newer versions
3. For each dependency that has newer versions available:
   1. Installs each version
   2. Runs command npm test to determine if the new version breaks the tests
   3. Installs back the current version.
4. Reports results

Checking specific modules

You can check one or more specific modules (whitelist) using CLI flag--module or -m

next-update --module foo,bar,baz

Ignoring or skipping some modules

note prereleaseversions like 1.2.0-alpha are skipped by default. I believe next-update ismeant to upgrade to stable versions.

Some modules are hard to unit test, thus the automatic upgrades are not appropriate.For example benv upgrade brings a newjsdom version, which does not work on Node 0.12Similarly, upgrading Q from 1.x.x to 2.x.x is usuallya breaking change.

You can skip a list of modules by name using config property in the package.json

"config": {
    "next-update": {
        "skip": ["benv", "q"]
    }
}

Custom test command per module

Some modules are not really tested using the default npm test command orwhatever is passed via --test "..." from CLI. For example a linter moduleshould probably be tested using npm run lint command. You can set individualtest commands for each module to override the default test command. In thepackage.json config object set "commands" object

"config": {
  "next-update": {
    "commands": {
      "git-issues": "npm run issues",
      "standard": "npm run lint"
    }
  }
}

Then when git-issues module is checked by itself, it will runnpm run issues command; when module standard is tested by itself, thetest will use npm run lint command.

Misc

• To see what has changed in the latest version of any module,use my companion tool changedlike this changed foo (foo is package name)
• When comparing versions, keywords latest and *** are both assumed to equal to "0.0.0".
• A good workflow using next-update
  • see available new versions next-update --available
  • check latest version of each module using next-update --latest
  • install new versions of the desired modules using standard npm i dependency@version --save
• You can use custom test command, for example next-update -t "grunt test"
  • npm test is used by default.
• You can keep each working version in package.json by using --keep flag.

API

You can use next-update as a module. See filesrc/next-update-as-module for all options.

const nextUpdate = require('next-update')
nextUpdate({
  module: ['foo', 'bar']
}).then(results => {
  console.log(results)
})
/*
prints something like
[[
  {
    "name": "foo",
    "version": "0.2.0",
    "from": "0.2.1",
    "works": true
  },
  {
    "name": "foo",
    "version": "0.2.0",
    "from": "0.3.0",
    "works": false
  }
], [
  {
    "name": "bar",
    "version": "1.5.1",
    "from": "2.0.0",
    "works": true
  }
}}
*/

Development

Edit source, run unit tests, run end to end tests and releasenew version commands:

npm test
npm run e2e
grunt release
npm publish

Related

• Painless modular development
• Really painless modular development

3^rd party libraries

• lazy-ass andcheck-more-types are used todefend against runtime errors.
• lo-dash is used to deal with collections / iterators.
• check-types is used to verify arguments through out the code.
• optimist is used to process command line arguments.
• request is used to fetch NPM registry information.
• semver is used to compare module version numbers.
• q library is used to handle promises. While developing this tool,I quickly ran into problems managing the asynchronous nature of fetching information, installing multiple modules,testing, etc. At first I used async, but it was still too complex.Using promises allowed to cut the program's code and the complexity to very manageable level.
• cli-color prints colored text to the terminal.

Small print

Author: Gleb Bahmutov © 2014

• @bahmutov
• glebbahmutov.com
• blog

License: MIT - do anything with the code, but don't blame me if it does not work.

Spread the word: tweet, star on github, etc.

Support: if you find any problems with this module, email / tweet /open issue on Github

MIT License

Copyright (c) 2014 Gleb Bahmutov

Permission is hereby granted, free of charge, to any personobtaining a copy of this software and associated documentationfiles (the "Software"), to deal in the Software withoutrestriction, including without limitation the rights to use,copy, modify, merge, publish, distribute, sublicense, and/or sellcopies of the Software, and to permit persons to whom theSoftware is furnished to do so, subject to the followingconditions:

The above copyright notice and this permission notice shall beincluded in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIESOF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHTHOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISINGFROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OROTHER DEALINGS IN THE SOFTWARE.