[ { "path": ".editorconfig", "content": "# editorconfig.org\nroot = true\n\n[*]\nindent_style = space\nindent_size = 2\nend_of_line = lf\ncharset = utf-8\ntrim_trailing_whitespace = true\ninsert_final_newline = true\n\n[*.{md,jade}]\ntrim_trailing_whitespace = false\n" }, { "path": ".eslintrc.js", "content": "module.exports = {\n env: {\n es6: true,\n mocha: true,\n node: true,\n },\n extends: ['standard', 'eslint:recommended', 'plugin:import/typescript', 'raine', 'prettier'],\n overrides: [\n {\n files: ['**/*.ts'],\n parser: '@typescript-eslint/parser',\n parserOptions: {\n ecmaVersion: 2018,\n sourceType: 'module',\n project: './tsconfig.json',\n },\n extends: ['plugin:@typescript-eslint/eslint-recommended', 'plugin:@typescript-eslint/recommended'],\n globals: {\n Atomics: 'readonly',\n SharedArrayBuffer: 'readonly',\n },\n plugins: ['@typescript-eslint'],\n rules: {\n '@typescript-eslint/no-explicit-any': 'off',\n '@typescript-eslint/no-non-null-assertion': 'off',\n '@typescript-eslint/no-use-before-define': 'error',\n '@typescript-eslint/no-unused-vars': [\n 'error',\n {\n caughtErrors: 'none',\n // using destructuring to omit properties from objects\n destructuredArrayIgnorePattern: '^_',\n argsIgnorePattern: '^_',\n varsIgnorePattern: '^_',\n },\n ],\n '@typescript-eslint/array-type': [\n 'error',\n {\n default: 'array',\n },\n ],\n },\n },\n ],\n plugins: ['jsdoc'],\n rules: {\n 'jsdoc/require-jsdoc': [\n 'error',\n {\n contexts: ['VariableDeclarator > ArrowFunctionExpression'],\n require: {\n ClassDeclaration: true,\n ClassExpression: true,\n },\n },\n ],\n },\n}\n" }, { "path": ".gitattributes", "content": "# Enforce Unix newlines\n* text=auto eol=lf\n" }, { "path": ".github/CONTRIBUTING.md", "content": "## Filing an issue\n\nMake sure you read the list of [known issues](https://github.com/raineorshine/npm-check-updates#known-issues) and search for [similar issues](https://github.com/raineorshine/npm-check-updates/issues) before filing an issue.\n\n## Known Issues\n\n- If `ncu` prints output that does not seem related to this package, it may be conflicting with another executable such as `ncu-weather-cli` or Nvidia CUDA. Try using the long name instead: `npm-check-updates`.\n- Windows: If npm-check-updates hangs, try setting the package file explicitly: `ncu --packageFile package.json`. You can run `ncu --loglevel verbose` to confirm that it was incorrectly waiting for stdin. See [#136](https://github.com/raineorshine/npm-check-updates/issues/136#issuecomment-155721102).\n\nWhen filing an issue, please include:\n\n- node version\n- npm version\n- npm-check-updates version\n- the relevant package names and their specified versions from your package file\n- ...or the output from `npm -g ls --depth=0` if using global mode\n\n## Executable Stack Trace\n\nThe Vite Build uses SSR to bundle all dependencies for efficiency. There currently is no source map for `./build/cli.js`. To execute npm-check-updates with an accurate stack trace run the following\n\n```sh\ngit clone https://github.com/raineorshine/npm-check-updates /MY_PROJECTS\nnpx tsx /MY_PROJECTS/npm-check-updates/src/bin/cli.ts\n```\n\n## Design Guidelines\n\nThe _raison d'être_ of npm-check-updates is to upgrade package.json dependencies to the latest versions, ignoring specified versions. Suggested features that do not fit within this objective will be considered out of scope.\n\nnpm-check-updates maintains a balance between minimalism and customizability. The default execution with no options will always produce simple, clean output. If you would like to add additional information to ncu's output, you may propose a new value for the `--format` option.\n\n## Adding a new CLI or module option\n\nAll of ncu's options are generated from [/src/cli-options.ts](https://github.com/raineorshine/npm-check-updates/blob/main/src/cli-options.ts). You can add a new option to this file and then run `npm run build` to automatically generate README, CLI help text, and TypeScript definitions.\n" }, { "path": ".github/ISSUE_TEMPLATE/bug_report.md", "content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: ''\nassignees: ''\n---\n\n- [] I have searched for [similar issues](https://github.com/raineorshine/npm-check-updates/issues)\n\n---\n\n## Steps to Reproduce\n\n.ncurc:\n\n\n\n```js\n\n```\n\nDependencies:\n\n\n\n```json\n\n```\n\nSteps:\n\n\n\n## Current Behavior\n\n\n\n## Expected Behavior\n\n\n" }, { "path": ".github/workflows/codeql.yml", "content": "name: 'CodeQL'\n\non:\n push:\n branches:\n - main\n - '!dependabot/**'\n pull_request:\n # The branches below must be a subset of the branches above\n branches:\n - main\n schedule:\n - cron: '0 2 * * 5'\n\njobs:\n analyze:\n name: Analyze\n runs-on: ubuntu-latest\n permissions:\n actions: read\n contents: read\n security-events: write\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v3\n\n - name: Initialize CodeQL\n uses: github/codeql-action/init@v2\n with:\n languages: 'javascript'\n\n - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@v2\n" }, { "path": ".github/workflows/lint.yml", "content": "name: Lint\n\non:\n push:\n branches:\n - main\n - '!dependabot/**'\n pull_request:\n branches:\n - '**'\n\nenv:\n FORCE_COLOR: 2\n NODE: 24\n\npermissions:\n contents: read\n\njobs:\n lint:\n runs-on: ubuntu-latest\n\n steps:\n - name: Clone repository\n uses: actions/checkout@v3\n\n - name: Set up Node.js\n uses: actions/setup-node@v3\n with:\n node-version: ${{ env.NODE }}\n cache: npm\n\n - name: Install npm dependencies\n run: npm ci\n\n - name: Run lint\n run: npm run lint\n" }, { "path": ".github/workflows/release.yml", "content": "name: Release\n\non:\n push:\n tags:\n - 'v*'\n\njobs:\n release:\n name: Release\n runs-on: ubuntu-latest\n\n steps:\n - name: Checkout\n uses: actions/checkout@v5\n\n - name: Release\n uses: softprops/action-gh-release@v2\n with:\n generate_release_notes: true\n" }, { "path": ".github/workflows/test.yml", "content": "name: Tests\n\non:\n push:\n branches:\n - main\n - '!dependabot/**'\n pull_request:\n branches:\n - '**'\n\nenv:\n FORCE_COLOR: 2\n\npermissions:\n contents: read\n\njobs:\n run:\n permissions:\n contents: read # for actions/checkout to fetch code\n\n name: Node ${{ matrix.node }} on ${{ matrix.os }}\n runs-on: ${{ matrix.os }}\n\n strategy:\n fail-fast: false\n matrix:\n node: [20, 22]\n os: [ubuntu-latest, windows-latest]\n\n steps:\n - name: Clone repository\n uses: actions/checkout@v4\n\n - name: Set up Node.js\n uses: actions/setup-node@v4\n with:\n node-version: ${{ matrix.node }}\n cache: npm\n\n - name: Enable corepack\n run: corepack enable\n\n - name: Install npm dependencies\n run: npm ci\n\n - name: Build\n run: npm run build\n\n - name: Unit Tests\n run: npm run test:unit\n\n - name: Bun Tests\n run: npm run test:bun\n\n - name: E2E Tests\n run: npm run test:e2e\n if: startsWith(matrix.os, 'ubuntu') && matrix.node == 20\n" }, { "path": ".gitignore", "content": "lib-cov\n*.seed\n*.log\n*.csv\n*.dat\n*.out\n*.pid\n*.gz\n\npids\nlogs\nresults\n\nnpm-debug.log\nnode_modules\nbuild\n\n.idea\n*.iml\nyarn.lock\n.DS_store\n\n# test files\n/test/temp_package*.json\n/test/.ncurc.json\n\n# Agent files\n.claude\n" }, { "path": ".hooks/post-commit", "content": "#!/usr/bin/env bash\nSHORT_SHA=$(git rev-parse HEAD)\nLINT_LOG=\"$TMPDIR\"/lint.\"$SHORT_SHA\".log\n\n# strip color\nstrip() {\n sed -r \"s/\\x1B\\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]//g\"\n}\n\n# display a notification\nnotify() {\n # if osascript is not supported, do nothing\n if [ -f /usr/bin/osascript ]; then\n # read back in the lint errors\n ERRORS=$(sed 1,4d \"$LINT_LOG\")\n\n # Trigger apple- or OSA-script on supported platforms\n /usr/bin/osascript -e \"display notification \\\"$ERRORS\\\" with title \\\"$*\\\"\"\n fi\n\n # clean up\n rm \"$LINT_LOG\"\n}\n\n# ensure failed lint exit code passes through sed\nset -o pipefail\n\n# Do NOT run this when rebasing or we can't get the branch\nbranch=$(git branch --show-current)\nif [ -z \"$branch\" ]; then\n exit 0\nfi\n\n# Lint in the background, not blocking the terminal and piping all output to a file.\n# If the lint fails, trigger a notification (on supported platforms) with at least the first error shown.\n# We pipe output so that the terminal (tmux, vim, emacs etc.) isn't borked by stray output.\nnpm run lint:src | strip &>\"$LINT_LOG\" || notify \"Lint Error\" &\n" }, { "path": ".hooks/pre-push", "content": "#!/bin/sh\nfail=0\n\nnpm run lint || fail=1\nnpm run prettier -- --check || fail=1\n\nif [ \"$fail\" -ne 0 ]; then\n exit 1\nfi\n" }, { "path": ".markdownlint.js", "content": "module.exports = {\n // use code indentation rather than code fencing so that extended help can be used for both the CLI and README\n 'code-block-style': 0,\n 'first-line-heading': 0,\n 'line-length': 0,\n 'no-bare-urls': 0,\n 'no-duplicate-heading': {\n siblings_only: true,\n },\n // inline HTML used to create tables without headers\n 'no-inline-html': 0,\n 'commands-show-output': 0,\n}\n" }, { "path": ".ncurc.js", "content": "module.exports = {\n format: 'group',\n reject: [\n // breaking\n 'eslint',\n 'eslint-plugin-n',\n 'eslint-plugin-promise',\n // esm only modules\n '@types/chai',\n '@types/chai-as-promised',\n '@types/remote-git-tags',\n 'camelcase',\n 'chai-as-promised',\n 'find-up',\n 'chai',\n 'p-map',\n 'remote-git-tags',\n 'untildify',\n ],\n}\n" }, { "path": ".npmrc", "content": "script-shell = bash" }, { "path": ".prettierignore", "content": "build/" }, { "path": ".prettierrc.json", "content": "{\n \"arrowParens\": \"avoid\",\n \"importOrder\": [\"^\\\\.\\\\./\", \"^\\\\./\"],\n \"importOrderSortSpecifiers\": true,\n \"overrides\": [{ \"files\": \"*.ts\", \"options\": { \"parser\": \"typescript\" } }],\n \"plugins\": [\"@trivago/prettier-plugin-sort-imports\"],\n \"printWidth\": 120,\n \"semi\": false,\n \"singleQuote\": true,\n \"tabWidth\": 2,\n \"trailingComma\": \"all\",\n \"useTabs\": false\n}\n" }, { "path": ".vscode/settings.json", "content": "{\n \"editor.defaultFormatter\": \"esbenp.prettier-vscode\",\n \"editor.formatOnSave\": true\n}\n" }, { "path": "CHANGELOG.md", "content": "# Changelog\n\nThis file only documents **major version** releases. For smaller releases, you're stuck reading the [commit history](https://github.com/raineorshine/npm-check-updates/commits/main).\n\n## [18.0.0] - 2025-04-21\n\n### Breaking\n\nThe **only** breaking change in v18 is with the `-g/--global` flag.\n\n`npm-check-updates -g` will now auto-detect your package manager based on the execution path. Previously, it defaulted to `npm`.\n\n- `yarn dlx ncu -g --packageManager yarn` → `yarn dlx ncu -g`\n- `pnpm dlx ncu --global --packageManager pnpm` → `pnpm dlx ncu -g`\n- `bunx ncu -g--packageManager pnpm` → `bunx ncu -g`\n\nIf for some reason you were running `ncu -g` with an alternative package manager and relying on it checking the global `npm` packages, you will need to now explicitly specify npm:\n\n- `ncu -g` → `ncu -g--packageManager npm`\n\nThanks to @LuisFerLCC for the improvement (#1514).\n\n\n\n## [17.0.0] - 2024-07-31\n\n### Breaking\n\n- Require node >= 18.18.0\n- Deprecated versions are no longer excluded by default, as it requires fetching package info for every published version, significantly slowing down upgrades.\n - You can opt in with `--no-deprecated` in the CLI or `deprecated: false` in your `ncurc` config.\n- In workspaces mode, `--root` is now set by default (#1353)\n - To **not** check the root package.json, use `--no-root`.\n- If you have a [packageManager](https://nodejs.org/api/packages.html#packagemanager) field in your package.json, it is now upgraded by default (#1390)\n - Use `--dep prod,dev,optional` for the old behavior.\n\n\n\n## [16.0.0] - 2022-07-23\n\n### Breaking\n\n- Automatic detection of package data on stdin has been removed. This feature was deprecated in `v14.0.0`. Add `--stdin` for old behavior.\n- Wild card filters now apply to scoped packages. Previously, `ncu -f '*vite*'` would not include `@vitejs/plugin-react`. Now, filters will match any part of the package name, including the scope. Use a more specific glob or regex expression for old behavior.\n\n\n\n## [15.0.0] - 2022-06-30\n\n### Breaking\n\n- node >= 14.14 is now required (#1145)\n - Needed to upgrade `update-notifier` with has a moderate severity vulnerability\n- yarn autodetect has been improved (#1148)\n - This is a patch, though _technically_ it is breaking. In the obscure case where `--packageManager` is not given, there is no `package-lock.json` in the current folder, and there is a `yarn.lock` in an ancestor directory, npm-check-updates will now use yarn.\n - More practically, if you needed to specify `--packageManager yarn` explicitly before, you may not have to now\n\n\n\n## [14.0.0] - 2022-06-16\n\n### Breaking\n\nPrerelease versions are now \"upgraded\" to versions with a different [preid](https://docs.npmjs.com/cli/v8/commands/npm-version#preid).\n\nFor example, if you have a dependency at `1.3.3-next.1` and the version fetched by ncu is `1.2.3-dev.2`, ncu **will** suggest an \"upgrade\" to `1.2.3-dev.2`. This is because prerelease versions with different preids are incomparable. Since they are incomparable, ncu now assumes the fetched version is desired.\n\nSince this change affects only prereleases, there is no impact on default `ncu` usage that fetches the `latest` version. With `--pre 1` or `--target newest` or `--target greatest`, this change could affect which version is suggested if versions with different preids are published. The change was made to support the new `--target @[tag]` feature.\n\nIf you have a use case where this change is not what is desired, please [report an issue](https://github.com/raineorshine/npm-check-updates/issues/new). The intention is for zero disruption to current usage.\n\n### Features\n\n- You can now upgrade to a specific tag, e.g. `--target @next`. Thanks to [IMalyugin](https://github.com/IMalyugin).\n\n\n\n## [13.0.0] - 2022-05-15\n\n### Breaking\n\n- node >= 14 is now required\n- Several options which have long been deprecated have been removed:\n - `--greatest` - Instead use `--target greatest`\n - `--newest` - Instead use `--target newest`\n - `--ownerChanged` - Instead use `--format ownerChanged`\n - `--semverLevel` - Renamed to `--target`\n\n\n\n## [12.0.0] - 2021-11-01\n\n### Breaking\n\n- node >= 12 is required. Time to upgrade that old-ass server you never touch.\n- `peerDependencies` are now excluded by default. Peer dependencies should use the **lowest** possible version that works. The old behavior encouraged a bad practice of upgrading peer dependencies. You can use `--dep prod,dev,optional,peer` for the old behavior ([#951](https://github.com/raineorshine/npm-check-updates/issues/951)).\n- Dependencies with `>` will be converted to `>=`. The old behavior was causing upgrades to `> [latest]` which was impossible ([#957](https://github.com/raineorshine/npm-check-updates/issues/957)).\n\n## Other\n\n- TypeScript! There is a new build process, so if you have any issues with the executable or types, please report. It should be a non-breaking change if I did it correctly ([#888](https://github.com/raineorshine/npm-check-updates/issues/888)).\n- WHen using `npm-check-updates` as a module, `vm` (versionmanager) is no longer exported. It was previously exposed for testing purposes, but was never part of the official API.\n\n\n\n## [11.0.0] - 2021-01-20\n\n### Breaking\n\n- `--packageFile` - Now interprets its argument as a glob pattern. It is possible that a previously supplied argument may be interpreted differently now (though I'm not aware of specific instances). Due to our conservative release policy we are releasing as a major version upgrade and allowing developers to assess for themselves.\n\n### Features\n\n- `--deep` - Run recursively in current working directory. Alias of `--packageFile '**/package.json'`.\n\nSee: [#785](https://github.com/raineorshine/npm-check-updates/issues/785)\n\n\n\n## [10.0.0] - 2020-11-08\n\n### Breaking\n\n- Specifying both the `--filter` option and argument filters will now throw an error. Use one or the other. Previously the arguments would override the `--filter` option, which made for a confusing result when accidentally not quoting the option in the shell. This change is only breaking for those who are relying on the incorrect behavior of argument filters overriding `--filter`.\n\nSee: [#759](https://github.com/raineorshine/npm-check-updates/issues/759#issuecomment-723587297)\n\n\n\n## [9.0.0] - 2020-09-10\n\n### Breaking\n\n- Versions marked as `deprecated` in npm are now ignored by default. If the latest version is deprecated, the next highest non-deprecated version will be suggested. Use `--deprecated` to include deprecated versions (old behavior).\n\n\n\n## [8.0.0] - 2020-08-29\n\n### Breaking\n\n- `--semverLevel major` is now `--target minor`. `--semverLevel minor` is now `--target patch`. This change was made to provide more intuitive semantics for `--semverLevel` (now `--target`). Most people assumed it meant the inclusive upper bound, so now it reflects that. [a2111f4c2](https://github.com/raineorshine/npm-check-updates/commits/a2111f4c2)\n- Programmatic usage: `run` now defaults to `silent: true` instead of `loglevel: 'silent`, unless `loglevel` is explicitly specified. If you overrode `silent` or `loglevel`, this may affect the logging behavior. [423e024](https://github.com/raineorshine/npm-check-updates/commits/423e024)\n\n### Deprecated\n\nOptions that controlled the target version (upper bound) of upgrades have been consolidated under `--target`. The old options are aliased with a deprecation warning and will be removed in the next major version. No functionality has been removed.\n\n- `--greatest`: Renamed to `--target greatest`\n- `--newest`: Renamed to `--target newest`\n- `--semverLevel`: Renamed to `--target`\n\nSee: [7eca5bf3](https://github.com/raineorshine/npm-check-updates/commits/7eca5bf3)\n\n### Features\n\n#### Doctor Mode\n\n[#722](https://github.com/raineorshine/npm-check-updates/pull/722)\n\nUsage: `ncu --doctor [-u] [options]`\n\nIteratively installs upgrades and runs tests to identify breaking upgrades. Add `-u` to execute (modifies your package file, lock file, and node_modules).\n\nTo be more precise:\n\n1. Runs `npm install` and `npm test` to ensure tests are currently passing.\n2. Runs `ncu -u` to optimistically upgrade all dependencies.\n3. If tests pass, hurray!\n4. If tests fail, restores package file and lock file.\n5. For each dependency, install upgrade and run tests.\n6. When the breaking upgrade is found, saves partially upgraded package.json (not including the breaking upgrade) and exits.\n\nExample:\n\n```sh\n$ ncu --doctor -u\nnpm install\nnpm run test\nncu -u\nnpm install\nnpm run test\nFailing tests found:\n/projects/myproject/test.js:13\n throw new Error('Test failed!')\n ^\nNow let’s identify the culprit, shall we?\nRestoring package.json\nRestoring package-lock.json\nnpm install\nnpm install --no-save react@16.0.0\nnpm run test\n ✓ react 15.0.0 → 16.0.0\nnpm install --no-save react-redux@7.0.0\nnpm run test\n ✗ react-redux 6.0.0 → 7.0.0\nSaving partially upgraded package.json\n```\n\n#### GitHub URLs\n\nAdded support for GitHub URLs.\n\nSee: [f0aa792a4](https://github.com/raineorshine/npm-check-updates/commits/f0aa792a4)\n\nExample:\n\n```json\n{\n \"dependencies\": {\n \"chalk\": \"https://github.com/chalk/chalk#v2.0.0\"\n }\n}\n```\n\n#### npm aliases\n\nAdded support for npm aliases.\n\nSee: [0f6f35c](https://github.com/raineorshine/npm-check-updates/commits/0f6f35c)\n\nExample:\n\n```json\n{\n \"dependencies\": {\n \"request\": \"npm:postman-request@2.88.1-postman.16\"\n }\n}\n```\n\n#### Owner Changed\n\n[#621](https://github.com/raineorshine/npm-check-updates/pull/621)\n\nUsage: `ncu --ownerChanged`\n\nCheck if the npm user that published the package has changed between current and upgraded version.\n\nOutput values:\n\n- Owner changed: `*owner changed*`\n- Owner has not changed: _no output_\n- Owner information not available: `*unknown*`\n\nExample:\n\n```sh\n$ ncu --ownerChanged\nChecking /tmp/package.json\n[====================] 1/1 100%\n\n mocha ^7.1.0 → ^8.1.3 *owner changed*\n\nRun ncu -u to upgrade package.json\n```\n\n### Commits\n\n\n\n## [7.0.0] - 2020-06-09\n\n### Breaking\n\n- Removed bower support (4e4b47fd3bb567435b456906d0106ef442bf46fe)\n\n### Patch\n\n- Fix use of \"<\" with single digit versions (f04d00e550ce606893bee77b78ef2a0b2a50246a)\n\n### Other\n\n- Change eslint configuration\n- Update dependencies\n- Replace cint methods with native methods\n- Add CI via GitHub Actions workflow\n\n\n\n## [6.0.0] - 2020-05-14\n\n### Breaking\n\n- `--semverLevel` now supports version ranges. This is a breaking change since version ranges are no longer ignored by `--semverLevel`, which may result in some dependencies having new suggested updates.\n\nIf you are not using `--semverLevel`, NO CHANGE! 😅\n\n\n\n## [5.0.0] - 2020-05-11\n\n### Breaking\n\n~node >= 8~\nnode >= 10.17\n\nBump minimum node version to `v10.17.0` due to `move-file` #651\n\nIf `ncu` was working for you on `v4.x`, then `v5.0.0` will still work. Just doing a major version bump since ncu's officially supported node version is changing. `v4` should be patched to be compatible with node `v8`, but I'll hold off unless someone requests it.\n\n\n\n## [4.0.0] - 2019-12-10\n\nncu v3 excluded prerelease versions (`-alpha`, `-beta`, etc) from the remote by default, as publishing prerelease versions to `latest` is unconventional and not recommended. Prereleases versions can be included by specifying `--pre` (and is implied in options `--greatest` and `--newest`).\n\nHowever, when you are already specifying a prerelease version in your package.json dependencies, then clearly you want ncu to find newer prerelease versions. This is now default in v4, albeit with the conservative approach of sticking to the `latest` tag.\n\n### Migration\n\nNo effect for most users.\n\nIf a prerelease version is published on the `latest` tag, and you specify a prerelease version in your package.json, ncu will now suggest upgrades for it.\n\nIf a prerelease version is published on a different tag, there is no change from ncu v3; you will still need `--pre`, `--greatest`, or `--newest` to get prerelease upgrades.\n\n\n\n## [3.0.0] - 2019-03-07\n\n### Breaking\n\n#### node < 8 deprecated\n\nThe required node version has been updated to allow the use of newer JavaScript features and reduce maintenance efforts for old versions.\n\n#### System npm used\n\nIn ncu v2, an internally packaged npm was used for version lookups. When this became out-of-date and differed considerably from the system npm problems would occur. In ncu v3, the system-installed npm will be used for all lookups. This comes with the maintenance cost of needing to upgrade ncu whenever the output format of npm changes.\n\n#### Installed modules ignored\n\nIn ncu v2, out-of-date dependencies in package.json that were installed up-to-date (e.g. `^1.0.0` specified and `1.0.1` installed) were ignored by ncu. Installed modules are now completely ignored and ncu only consider your package.json. This change was made to better match users’ expectations.\n\n#### Existing version ranges that satisfy latest are ignored (-a by default)\n\nIn ncu v2, if you had `^1.0.0` in your package.json, a newly released `1.0.1` would be ignored by ncu. The logic was that `^1.0.0` is a range that includes `1.0.1`, so you don’t really need to change the version specified in your package.json, you just need to run `npm update`. While logical, that turned out to be quite confusing to users. In ncu v3, the package.json will always be upgraded if there is a newer version (same as `-a` in v2). The old default behavior is available via the `--minimal` option.\n\n#### Prerelease versions ignored\n\nIn ncu v2, any version published to the `latest` tag was assumed to be a stable release version. In practice, occasional package authors would accidentally or unconventionally publish `-alpha`, `-beta`, and `-rc` versions to the `latest` tag. While I still consider this a bad practice, ncu v3 now ignores these prerelease versions by default to better match users’ expectations. The old behavior is available via the `--pre 1` option. (When `--newest` or `--greatest` are set, `--pre 1` is set by default, and can be disabled with `--pre 0`).\n\n#### Options changed: `-m`, `--prod`, `--dev`, `--peer`\n\nIn order to only target one or more dependency sections, ncu now uses the `--dep` option instead of separate options for each section.\n\n`--prod` is now `--dep prod`\n`--dev` is now `--dep dev`\n`--dev --peer` is now `--dep dev,peer` etc\n\nThe `--packageManager` alias has changed from `-m` to `-p` to make room for `--minimal` as `-m`.\n\n\n\n## [2.0.0] - 2005-08-14\n\nv2 has a few important differences from v1:\n\n- Newer published versions that satisfy the specified range are _not_ upgraded by default (e.g. `1.0.0` to `1.1.0`). This change was made because `npm update` handles upgrades within the satisfied range just fine, and npm-check-updates is primarily intended to provide functionality not otherwise provided by npm itself. These satisfied dependencies will still be shown when you run npm-check-updates, albeit with a short explanation. **For the old behavior, add the -ua/--upgradeAll option.**\n- The command-line argument now specifies a package name filter (e.g. `ncu /^gulp-/`). For the old behavior (specifying an alternative package.json), pipe the package.json through stdin.\n- Use the easier-to-type `ncu` instead of `npm-check-updates`. `npm-check-updates` is preserved for backwards-compatibility.\n- Allow packageData to be specified as an option\n- Colored table output\n- Add -a/--upgradeAll\n- Add -e/--error-level option\n- Add -j/--json and --jsonFlat flags for json output\n- Add -r/--registry option for specifying third-party npm registry\n- Add -t/--greatest option to search for the highest versions instead of the default latest stable versions.\n- Remove -f/--filter option and move to command-line argument\n- Replace < and <= with ^\n- Automatically look for the closest descendant package.json if not found in current directory\n- Add ncu alias\n- Export functionality to allow for programmatic use\n- Bug fixes and refactoring\n- Full unit test coverage!\n\n\n" }, { "path": "Dockerfile", "content": "FROM node:latest\n\nRUN npm install -g npm-check-updates\n\nWORKDIR /app\n\nENTRYPOINT [\"npm-check-updates\"]\n" }, { "path": "LICENSE", "content": "Copyright 2025 Tomas Junnonen\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n" }, { "path": "README.md", "content": "# npm-check-updates\n\n[![npm version](https://img.shields.io/npm/v/npm-check-updates)](https://www.npmjs.com/package/npm-check-updates)\n[![Build Status](https://img.shields.io/github/actions/workflow/status/raineorshine/npm-check-updates/test.yml?branch=main&label=tests&logo=github)](https://github.com/raineorshine/npm-check-updates/actions?query=workflow%3ATests+branch%3Amain)\n\n**npm-check-updates upgrades your package.json dependencies to the _latest_ versions, ignoring specified versions.**\n\n- maintains existing semantic versioning _policies_, i.e. `\"react\": \"^17.0.2\"` to `\"react\": \"^18.3.1\"`.\n- _only_ modifies package.json file. Run `npm install` to update your installed packages and package-lock.json.\n- sensible defaults, but highly customizable\n- compatible with npm, yarn, pnpm, deno, and bun\n- CLI and module usage\n\n\"example\n\n$${\\color{red}Red}$$ major upgrade (and all [major version zero](https://semver.org/#spec-item-4))
\n$${\\color{cyan}Cyan}$$ minor upgrade
\n$${\\color{green}Green}$$ patch upgrade
\n\n## Installation\n\nInstall globally to use `npm-check-updates` or the shorter `ncu`:\n\n```sh\nnpm install -g npm-check-updates\n```\n\nOr run with [npx](https://docs.npmjs.com/cli/v7/commands/npx) (only the long form is supported):\n\n```sh\nnpx npm-check-updates\n```\n\n## Usage\n\nCheck the latest versions of all project dependencies:\n\n```sh\n$ ncu\nChecking package.json\n[====================] 5/5 100%\n\n eslint 7.32.0 → 8.0.0\n prettier ^2.7.1 → ^3.0.0\n svelte ^3.48.0 → ^3.51.0\n typescript >3.0.0 → >4.0.0\n untildify <4.0.0 → ^4.0.0\n webpack 4.x → 5.x\n\nRun ncu -u to upgrade package.json\n```\n\nUpgrade a project's package file:\n\n> **Make sure your package file is in version control and all changes have been committed. This _will_ overwrite your package file.**\n\n```sh\n$ ncu -u\nUpgrading package.json\n[====================] 1/1 100%\n\n express 4.12.x → 4.13.x\n\nRun npm install to install new versions.\n\n$ npm install # update installed packages and package-lock.json\n```\n\nCheck global packages:\n\n```sh\nncu -g\n```\n\n## Interactive Mode\n\nChoose which packages to update in interactive mode:\n\n```sh\nncu --interactive\nncu -i\n```\n\n![ncu --interactive](https://user-images.githubusercontent.com/750276/175337598-cdbb2c46-64f8-44f5-b54e-4ad74d7b52b4.png)\n\nCombine with `--format group` for a truly _luxe_ experience:\n\n![ncu --interactive --format group](https://user-images.githubusercontent.com/750276/175336533-539261e4-5cf1-458f-9fbb-a7be2b477ebb.png)\n\n### Keys\n\n- Select a package\n- Space Toggle selection\n- a Toggle all\n- Enter Upgrade\n\n## Filter packages\n\nFilter packages using the `--filter` option or adding additional cli arguments:\n\n```sh\n# upgrade only mocha\nncu mocha\nncu -f mocha\nncu --filter mocha\n\n# upgrade only chalk, mocha, and react\nncu chalk mocha react\nncu chalk, mocha, react\nncu -f \"chalk mocha react\"\n```\n\nFilter with wildcards or regex:\n\n```sh\n# upgrade packages that start with \"react-\"\nncu react-*\nncu \"/^react-.*$/\"\n```\n\nExclude specific packages with the `--reject` option or prefixing a filter with `!`. Supports strings, wildcards, globs, comma-or-space-delimited lists, and regex:\n\n```sh\n# upgrade everything except nodemon\nncu \\!nodemon\nncu -x nodemon\nncu --reject nodemon\n\n# upgrade packages that do not start with \"react-\".\nncu \\!react-*\nncu '/^(?!react-).*$/' # mac/linux\nncu \"/^(?!react-).*$/\" # windows\n```\n\nAdvanced filters: [filter](https://github.com/raineorshine/npm-check-updates#filter), [filterResults](https://github.com/raineorshine/npm-check-updates#filterresults), [filterVersion](https://github.com/raineorshine/npm-check-updates#filterversion)\n\n## How dependency updates are determined\n\n- Direct dependencies are updated to the latest stable version:\n - `2.0.1` → `2.2.0`\n - `1.2` → `1.3`\n - `0.1.0` → `1.0.1`\n- Range operators are preserved and the version is updated:\n - `^1.2.0` → `^2.0.0`\n - `1.x` → `2.x`\n - `>0.2.0` → `>0.3.0`\n- \"Less than\" is replaced with a wildcard:\n - `<2.0.0` → `^3.0.0`\n - `1.0.0 < 2.0.0` → `^3.0.0`\n- \"Any version\" is preserved:\n - `*` → `*`\n- Prerelease versions are ignored by default.\n - Use `--pre` to include prerelease versions (e.g. `alpha`, `beta`, `build1235`)\n- Choose what level to upgrade to:\n - With `--target semver`, update according to your specified [semver](https://semver.org/) version ranges:\n - `^1.1.0` → `^1.9.99`\n - With `--target minor`, strictly update the patch and minor versions (including major version zero):\n - `0.1.0` → `0.2.1`\n - With `--target patch`, strictly update the patch version (including major version zero):\n - `0.1.0` → `0.1.2`\n - With `--target @next`, update to the version published on the `next` tag:\n - `0.1.0` -> `0.1.1-next.1`\n\n## Options\n\nOptions are merged with the following precedence:\n\n1. Command line options\n2. Local [Config File](#config-file) (current working directory)\n3. Project Config File (next to package.json)\n4. User Config File (`$HOME`)\n\nOptions that take no arguments can be negated by prefixing them with `--no-`, e.g. `--no-peer`.\n\n\n\n\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n
--cacheCache versions to a local cache file. Default --cacheFile is ~/.ncu-cache.json and default --cacheExpiration is 10 minutes.
--cacheClearClear the default cache, or the cache file specified by --cacheFile.
--cacheExpiration <min>Cache expiration in minutes. Only works with --cache. (default: 10)
--cacheFile <path>Filepath for the cache file. Only works with --cache. (default: \"~/.ncu-cache.json\")
--colorForce color in terminal.
--concurrency <n>Max number of concurrent HTTP requests to registry. (default: 8)
--configFileName <s>Config file name. (default: .ncurc.{json,yml,js,cjs})
--configFilePath <path>Directory of .ncurc config file. (default: directory of packageFile)
-c, --cooldown <period>Sets a minimum age for package versions to be considered for upgrade. Accepts a number (days) or a string with a unit: \"7d\" (days), \"12h\" (hours), \"30m\" (minutes). Reduces the risk of installing newly published, potentially compromised packages.
--cwd <path>Working directory in which npm will be executed.
--deepRun recursively in current working directory. Alias of (--packageFile '**/package.json').
--dep <value>Check one or more sections of dependencies only: dev, optional, peer, prod, or packageManager (comma-delimited). (default: [\"prod\",\"dev\",\"optional\",\"packageManager\"])
--deprecatedInclude deprecated packages. Use --no-deprecated to exclude deprecated packages (20–25% slower). (default: true)
-d, --doctorIteratively installs upgrades and runs tests to identify breaking upgrades. Requires -u to execute.
--doctorInstall <command>Specifies the install script to use in doctor mode. (default: npm install or the equivalent for your package manager)
--doctorTest <command>Specifies the test script to use in doctor mode. (default: npm test)
--enginesNodeInclude only packages that satisfy engines.node as specified in the package file.
-e, --errorLevel <n>Set the error level. 1: exits with error code 0 if no errors occur. 2: exits with error code 0 if no packages need updating (useful for continuous integration). (default: 1)
-f, --filter <p>Include only package names matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.
filterResults <fn>Filters results based on a user provided predicate function after fetching new versions.
--filterVersion <p>Filter on package version using comma-or-space-delimited list, /regex/, or predicate function.
--format <value>Modify the output formatting or show additional information. Specify one or more comma-delimited values: dep, group, ownerChanged, repo, time, lines, installedVersion. (default: [])
-g, --globalCheck global packages instead of in the current project.
groupFunction <fn>Customize how packages are divided into groups when using --format group.
--install <value>Control the auto-install behavior: always, never, prompt. (default: \"prompt\")
-i, --interactiveEnable interactive prompts for each dependency; implies -u unless one of the json options are set.
-j, --jsonAllOutput new package file instead of human-readable message.
--jsonDepsLike jsonAll but only lists dependencies, devDependencies, optionalDependencies, etc of the new package data.
--jsonUpgradedOutput upgraded dependencies in json.
-l, --loglevel <n>Amount to log: silent, error, minimal, warn, info, verbose, silly. (default: \"warn\")
--mergeConfigMerges nested configs with the root config file for --deep or --packageFile options. (default: false)
-m, --minimalDo not upgrade newer versions that are already satisfied by the version range according to semver.
--packageData <value>Package file data (you can also use stdin).
--packageFile <path|glob>Package file(s) location. (default: ./package.json)
-p, --packageManager <s>npm, yarn, pnpm, deno, bun, staticRegistry (default: npm).
--peerCheck peer dependencies of installed packages and filter updates to compatible versions.
--pre <n>Include prerelease versions, e.g. -alpha.0, -beta.5, -rc.2. Automatically set to 1 when --target is newest or greatest, or when the current version is a prerelease. (default: 0)
--prefix <path>Current working directory of npm.
-r, --registry <uri>Specify the registry to use when looking up package versions.
--registryType <type>Specify whether --registry refers to a full npm registry or a simple JSON file or url: npm, json. (default: npm)
-x, --reject <p>Exclude packages matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.
--rejectVersion <p>Exclude package.json versions using comma-or-space-delimited list, /regex/, or predicate function.
--removeRangeRemove version ranges from the final package version.
--retry <n>Number of times to retry failed requests for package info. (default: 3)
--rootRuns updates on the root project in addition to specified workspaces. Only allowed with --workspace or --workspaces. (default: true)
-s, --silentDon't output anything. Alias for --loglevel silent.
--stdinRead package.json from stdin.
-t, --target <value>Determines the version to upgrade to: latest, newest, greatest, minor, patch, semver, @[tag], or [function]. (default: latest)
--timeout <ms>Global timeout in milliseconds. (default: no global timeout and 30 seconds per npm-registry-fetch)
-u, --upgradeOverwrite package file with upgraded versions instead of just outputting to console.
--verboseLog additional information for debugging. Alias for --loglevel verbose.
--workspace <s>Run on one or more specified workspaces. Add --no-root to exclude the root project. (default: [])
-w, --workspacesRun on all workspaces. Add --no-root to exclude the root project.
\n\n\n\n## Advanced Options\n\nSome options have advanced usage, or allow per-package values by specifying a function in your .ncurc.js file.\n\nRun `ncu --help [OPTION]` to view advanced help for a specific option, or see below:\n\n\n\n\n## cooldown\n\nUsage:\n\n ncu --cooldown [period]\n ncu -c [period]\n\nThe cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given amount of time before considering them for upgrade.\n\nThe value can be a plain number (days) or a string with a unit suffix:\n\n --cooldown 7 7 days\n --cooldown 7d 7 days (same as above)\n --cooldown 12h 12 hours\n --cooldown 30m 30 minutes\n\nNote that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.\n\nExample:\n\nLet's examine how cooldown works with a package that has these versions available:\n\n 1.0.0 Released 7 days ago (initial version)\n 1.1.0 Released 6 days ago (minor update)\n 1.1.1 Released 5 days ago (patch update)\n 1.2.0 Released 5 days ago (minor update)\n 2.0.0-beta.1 Released 5 days ago (beta release)\n 1.2.1 Released 4 days ago (patch update)\n 1.3.0 Released 4 days ago (minor update) [latest]\n 2.0.0-beta.2 Released 3 days ago (beta release)\n 2.0.0-beta.3 Released 2 days ago (beta release) [beta]\n\nWith default target (latest):\n\n```js\n$ ncu --cooldown 5\n```\n\nNo update will be suggested because:\n\n- Latest version (1.3.0) is only 4 days old.\n- Cooldown requires versions to be at least 5 days old\n- Use `--cooldown 4` or lower to allow this update\n\nWith `@beta`/`@tag` target:\n\n```js\n$ ncu --cooldown 3 --target @beta\n```\n\nNo update will be suggested because:\n\n- Current beta (2.0.0-beta.3) is only 2 days old\n- Cooldown requires versions to be at least 3 days old\n- Use `--cooldown 2` or lower to allow this update\n\nWith other targets:\n\n```js\n$ ncu --cooldown 5 --target greatest|newest|minor|patch|semver\n```\n\nEach target will select the best version that is at least 5 days old:\n\n greatest → 1.2.0 (highest version number outside cooldown)\n newest → 2.0.0-beta.1 (most recently published version outside cooldown)\n minor → 1.2.0 (highest minor version outside cooldown)\n patch → 1.1.1 (highest patch version outside cooldown)\n\nNote for latest/tag targets:\n\n> :warning: For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default `--target latest` or `--target @tag` may prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.\n\nYou can also provide a custom function in your .ncurc.js file or when importing npm-check-updates as a module.\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions.\n\n```js\n/** Set cooldown to 3 days but skip it for `@my-company` packages.\n @param packageName The name of the dependency.\n @returns Cooldown days restriction for given package.\n*/\ncooldown: packageName => (packageName.startsWith('@my-company') ? 0 : 3)\n```\n\n## doctor\n\nUsage:\n\n ncu --doctor -u\n ncu --no-doctor\n ncu -du\n\nIteratively installs upgrades and runs your project's tests to identify breaking upgrades. Reverts broken upgrades and updates package.json with working upgrades.\n\nRequires `-u` to execute (modifies your package file, lock file, and node_modules)\n\nTo be more precise:\n\n1. Runs `npm install` and `npm test` to ensure tests are currently passing.\n2. Runs `ncu -u` to optimistically upgrade all dependencies.\n3. If tests pass, hurray!\n4. If tests fail, restores package file and lock file.\n5. For each dependency, install upgrade and run tests.\n6. Prints broken upgrades with test error.\n7. Saves working upgrades to package.json.\n\nAdditional options:\n\n\n \n \n
--doctorInstallspecify a custom install script (default: `npm install` or `yarn`)
--doctorTestspecify a custom test script (default: `npm test`)
\n\nExample:\n\n $ ncu --doctor -u\n Running tests before upgrading\n npm install\n npm run test\n Upgrading all dependencies and re-running tests\n ncu -u\n npm install\n npm run test\n Tests failed\n Identifying broken dependencies\n npm install\n npm install --no-save react@16.0.0\n npm run test\n ✓ react 15.0.0 → 16.0.0\n npm install --no-save react-redux@7.0.0\n npm run test\n ✗ react-redux 6.0.0 → 7.0.0\n\n /projects/myproject/test.js:13\n throw new Error('Test failed!')\n ^\n\n npm install --no-save react-dnd@11.1.3\n npm run test\n ✓ react-dnd 10.0.0 → 11.1.3\n Saving partially upgraded package.json\n\n## filter\n\nUsage:\n\n ncu --filter [p]\n ncu -f [p]\n\nInclude only package names matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function. Only included packages will be checked with `--peer`.\n\n`--filter` runs _before_ new versions are fetched, in contrast to `--filterResults` which runs _after_.\n\nYou can also specify a custom function in your .ncurc.js file, or when importing npm-check-updates as a module.\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions.\n\n```js\n/**\n @param name The name of the dependency.\n @param semver A parsed Semver array of the current version.\n (See: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)\n @returns True if the package should be included, false if it should be excluded.\n*/\nfilter: (name, semver) => {\n if (name.startsWith('@myorg/')) {\n return false\n }\n return true\n}\n```\n\n## filterResults\n\nFilters results based on a user provided predicate function after fetching new versions.\n\n`filterResults` runs _after_ new versions are fetched, in contrast to `filter`, `reject`, `filterVersion`, and `rejectVersion`, which run _before_. This allows you to exclude upgrades with `filterResults` based on how the version has changed (e.g. a major version change).\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions.\n\n```js\n/** Exclude major version updates. Note this could also be achieved with --target semver.\n @param {string} packageName The name of the dependency.\n @param {string} current Current version declaration (may be a range).\n @param {SemVer[]} currentVersionSemver Current version declaration in semantic versioning format (may be a range).\n @param {string} upgraded Upgraded version.\n @param {SemVer} upgradedVersionSemver Upgraded version in semantic versioning format.\n @returns {boolean} Return true if the upgrade should be kept; otherwise, it will be ignored.\n*/\nfilterResults: (packageName, { current, currentVersionSemver, upgraded, upgradedVersionSemver }) => {\n const currentMajor = parseInt(currentVersionSemver[0]?.major, 10)\n const upgradedMajor = parseInt(upgradedVersionSemver?.major, 10)\n if (currentMajor && upgradedMajor) {\n return currentMajor >= upgradedMajor\n }\n return true\n}\n```\n\nFor the SemVer type definition, see: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring\n\n## filterVersion\n\nUsage:\n\n ncu --filterVersion [p]\n\nInclude only versions matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.\n\n`--filterVersion` runs _before_ new versions are fetched, in contrast to `--filterResults` which runs _after_.\n\nYou can also specify a custom function in your .ncurc.js file, or when importing npm-check-updates as a module.\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions. This function is an alias for the `filter` option function.\n\n```js\n/**\n @param name The name of the dependency.\n @param semver A parsed Semver array of the current version.\n (See: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)\n @returns True if the package should be included, false if it should be excluded.\n*/\nfilterVersion: (name, semver) => {\n if (name.startsWith('@myorg/') && parseInt(semver[0]?.major) > 5) {\n return false\n }\n return true\n}\n```\n\n## format\n\nUsage:\n\n ncu --format [value]\n\nModify the output formatting or show additional information. Specify one or more comma-delimited values.\n\n\n \n \n \n \n \n \n \n \n \n
depPrints the dependency type (dev, peer, optional) of each package.
groupGroups packages by major, minor, patch, and major version zero updates.
homepageDisplays links to the package's homepage if specified in its package.json.
installedVersionPrints the exact current version number instead of a range.
linesPrints name@version on separate lines. Useful for piping to npm install.
ownerChangedShows if the package owner has changed.
repoInfers and displays links to the package's source code repository. Requires packages to be installed.
diffDisplay link to compare the changes between package versions.
timeShows the publish time of each upgrade.
\n\n## groupFunction\n\nCustomize how packages are divided into groups when using `--format group`.\n\nOnly available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions.\n\n```js\n/**\n @param name The name of the dependency.\n @param defaultGroup The predefined group name which will be used by default.\n @param currentSpec The current version range in your package.json.\n @param upgradedSpec The upgraded version range that will be written to your package.json.\n @param upgradedVersion The upgraded version number returned by the registry.\n @returns A predefined group name ('major' | 'minor' | 'patch' | 'majorVersionZero' | 'none') or a custom string to create your own group.\n*/\ngroupFunction: (name, defaultGroup, currentSpec, upgradedSpec, upgradedVersion) => {\n if (name === 'typescript' && defaultGroup === 'minor') {\n return 'major'\n }\n if (name.startsWith('@myorg/')) {\n return 'My Org'\n }\n return defaultGroup\n}\n```\n\n## install\n\nUsage:\n\n ncu --install [value]\n\nDefault: prompt\n\nControl the auto-install behavior.\n\n\n \n \n \n
alwaysRuns your package manager's install command automatically after upgrading.
neverDoes not install and does not prompt.
promptShows a message after upgrading that recommends an install, but does not install. In interactive mode, prompts for install. (default)
\n\n## packageManager\n\nUsage:\n\n ncu --packageManager [s]\n ncu -p [s]\n\nSpecifies the package manager to use when looking up versions.\n\n\n \n \n \n \n
npmSystem-installed npm. Default.
yarnSystem-installed yarn. Automatically used if yarn.lock is present.
pnpmSystem-installed pnpm. Automatically used if pnpm-lock.yaml is present.
bunSystem-installed bun. Automatically used if bun.lock or bun.lockb is present.
\n\n## peer\n\nUsage:\n\n ncu --peer\n ncu --no-peer\n\nCheck peer dependencies of installed packages and filter updates to compatible versions.\n\nExample:\n\nThe following example demonstrates how `--peer` works, and how it uses peer dependencies from upgraded modules.\n\nThe package ncu-test-peer-update has two versions published:\n\n- 1.0.0 has peer dependency `\"ncu-test-return-version\": \"1.0.x\"`\n- 1.1.0 has peer dependency `\"ncu-test-return-version\": \"1.1.x\"`\n\nOur test app has the following dependencies:\n\n \"ncu-test-peer-update\": \"1.0.0\",\n \"ncu-test-return-version\": \"1.0.0\"\n\nThe latest versions of these packages are:\n\n \"ncu-test-peer-update\": \"1.1.0\",\n \"ncu-test-return-version\": \"2.0.0\"\n\nWith `--peer`:\n\nncu upgrades packages to the highest version that still adheres to the peer dependency constraints:\n\n ncu-test-peer-update 1.0.0 → 1.1.0\n ncu-test-return-version 1.0.0 → 1.1.0\n\nWithout `--peer`:\n\nAs a comparison: without using the `--peer` option, ncu will suggest the latest versions, ignoring peer dependencies:\n\n ncu-test-peer-update 1.0.0 → 1.1.0\n ncu-test-return-version 1.0.0 → 2.0.0\n\n## registryType\n\nUsage:\n\n ncu --registryType [type]\n\nSpecify whether `--registry` refers to a full npm registry or a simple JSON file.\n\n\n \n \n
npmDefault npm registry
jsonChecks versions from a file or url to a simple JSON registry. Must include the `--registry` option.\n\nExample:\n\n // local file\n $ ncu --registryType json --registry ./registry.json\n\n // url\n $ ncu --registryType json --registry https://api.mydomain/registry.json\n\n // you can omit --registryType when the registry ends in .json\n $ ncu --registry ./registry.json\n $ ncu --registry https://api.mydomain/registry.json\n\nregistry.json:\n\n {\n \"prettier\": \"2.7.1\",\n \"typescript\": \"4.7.4\"\n }\n\n
\n\n## reject\n\nUsage:\n\n ncu --reject [p]\n ncu -x [p]\n\nThe inverse of `--filter`. Exclude package names matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function. This will also exclude them from the `--peer` check.\n\n`--reject` runs _before_ new versions are fetched, in contrast to `--filterResults` which runs _after_.\n\nYou can also specify a custom function in your .ncurc.js file, or when importing npm-check-updates as a module.\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions.\n\n```js\n/**\n @param name The name of the dependency.\n @param semver A parsed Semver array of the current version.\n (See: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)\n @returns True if the package should be excluded, false if it should be included.\n*/\nreject: (name, semver) => {\n if (name.startsWith('@myorg/')) {\n return true\n }\n return false\n}\n```\n\n## rejectVersion\n\nUsage:\n\n ncu --rejectVersion [p]\n\nThe inverse of `--filterVersion`. Exclude versions matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.\n\n`--rejectVersion` runs _before_ new versions are fetched, in contrast to `--filterResults` which runs _after_.\n\nYou can also specify a custom function in your .ncurc.js file, or when importing npm-check-updates as a module.\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions. This function is an alias for the reject option function.\n\n```js\n/**\n @param name The name of the dependency.\n @param semver A parsed Semver array of the current version.\n (See: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)\n @returns True if the package should be excluded, false if it should be included.\n*/\nrejectVersion: (name, semver) => {\n if (name.startsWith('@myorg/') && parseInt(semver[0]?.major) > 5) {\n return true\n }\n return false\n}\n```\n\n## target\n\nUsage:\n\n ncu --target [value]\n ncu -t [value]\n\nDetermines the version to upgrade to. (default: \"latest\")\n\n\n \n \n \n \n \n \n \n
greatestUpgrade to the highest version number published, regardless of release date or tag. Includes prereleases.
latestUpgrade to whatever the package's \"latest\" git tag points to. Excludes prereleases unless --pre is specified.
minorUpgrade to the highest minor version without bumping the major version.
newestUpgrade to the version with the most recent publish date, even if there are other version numbers that are higher. Includes prereleases.
patchUpgrade to the highest patch version without bumping the minor or major versions.
semverUpgrade to the highest version within the semver range specified in your package.json.
@[tag]Upgrade to the version published to a specific tag, e.g. 'next' or 'beta'.
\n\ne.g.\n\n ncu --target semver\n\nYou can also specify a custom function in your .ncurc.js file, or when importing npm-check-updates as a module.\n\n> :warning: The predicate function is only available in .ncurc.js or when importing npm-check-updates as a module, not on the command line. To convert a JSON config to a JS config, follow the instructions at https://github.com/raineorshine/npm-check-updates#config-functions.\n\n```js\n/** Upgrade major version zero to the next minor version, and everything else to latest.\n @param name The name of the dependency.\n @param semver A parsed Semver object of the upgraded version.\n (See: https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)\n @returns One of the valid target values (specified in the table above).\n*/\ntarget: (name, semver) => {\n if (parseInt(semver[0]?.major) === '0') return 'minor'\n return 'latest'\n}\n```\n\n\n\n## Config File\n\nAdd a `.ncurc.{json,yml,js,cjs}` file to your project directory to specify configuration information.\n\nFor example, `.ncurc.json`:\n\n```json\n{\n \"upgrade\": true,\n \"filter\": \"svelte\",\n \"reject\": [\"@types/estree\", \"ts-node\"]\n}\n```\n\nOptions are merged with the following precedence:\n\n1. Command line options\n2. Local Config File (current working directory)\n3. Project Config File (next to package.json)\n4. User Config File (`$HOME`)\n\nYou can also specify a custom config file name or path using the `--configFileName` or `--configFilePath` command line options.\n\n### Config Functions\n\nSome options offer more advanced configuration using a function definition. These include [filter](https://github.com/raineorshine/npm-check-updates#filter), [filterVersion](https://github.com/raineorshine/npm-check-updates#filterversion), [filterResults](https://github.com/raineorshine/npm-check-updates#filterresults), [reject](https://github.com/raineorshine/npm-check-updates#reject), [rejectVersion](https://github.com/raineorshine/npm-check-updates#rejectversion), and [groupFunction](https://github.com/raineorshine/npm-check-updates#groupfunction). To define an options function, convert the config file to a JS file by adding the `.js` extension and setting module.exports:\n\nFor example, `.ncurc.js`:\n\n```js\n/** @type {import('npm-check-updates').RcOptions } */\nmodule.exports = {\n upgrade: true,\n filter: name => name.startsWith('@myorg/'),\n}\n```\n\nAlternatively, you can use the defineConfig helper which should provide intellisense without the need for jsdoc annotations:\n\n```js\nconst { defineConfig } = require('npm-check-updates')\n\nmodule.exports = defineConfig({\n upgrade: true,\n filter: name => name.startsWith('@myorg/'),\n})\n```\n\n### JSON Schema\n\nIf you write `.ncurc` config files using json or yaml, you can add the JSON Schema to your IDE settings for completions.\n\ne.g. for VS Code:\n\n```json\n \"json.schemas\": [\n {\n \"fileMatch\": [\n \".ncurc\",\n \".ncurc.json\",\n ],\n \"url\": \"https://raw.githubusercontent.com/raineorshine/npm-check-updates/main/src/types/RunOptions.json\"\n }\n ],\n \"yaml.schemas\": {\n \"https://raw.githubusercontent.com/raineorshine/npm-check-updates/main/src/types/RunOptions.json\": [\n \".ncurc.yml\",\n ]\n },\n```\n\n## Module/Programmatic Usage\n\nnpm-check-updates can be imported as a module:\n\n```js\nimport ncu from 'npm-check-updates'\n\nconst upgraded = await ncu.run({\n // Pass any cli option\n packageFile: '../package.json',\n upgrade: true,\n // Defaults:\n // jsonUpgraded: true,\n // silent: true,\n})\n\nconsole.log(upgraded) // { \"mypackage\": \"^2.0.0\", ... }\n```\n\n## Contributing\n\nContributions are happily accepted. I respond to all PR's and can offer guidance on where to make changes. For contributing tips see [CONTRIBUTING.md](https://github.com/raineorshine/npm-check-updates/blob/main/.github/CONTRIBUTING.md).\n\n## Problems?\n\n[File an issue](https://github.com/raineorshine/npm-check-updates/issues). Please [search existing issues](https://github.com/raineorshine/npm-check-updates/issues?utf8=%E2%9C%93&q=is%3Aissue) first.\n" }, { "path": "deploy.md", "content": "# Deployment Instructions\n\n- Have you created tests?\n- Have you updated the README?\n\n```bash\nnpm version [minor]\ngit push && git push --tags\nnpm publish [--tag unstable]\n```\n\n- Update the release history\n \n" }, { "path": "package.json", "content": "{\n \"name\": \"npm-check-updates\",\n \"version\": \"19.6.5\",\n \"author\": \"Tomas Junnonen \",\n \"license\": \"Apache-2.0\",\n \"contributors\": [\n \"Raine Revere (https://github.com/raineorshine)\",\n \"Imamuzzaki Abu Salam \"\n ],\n \"description\": \"Find newer versions of dependencies than what your package.json allows\",\n \"keywords\": [\n \"dependencies\",\n \"npm\",\n \"package.json\",\n \"update\",\n \"upgrade\",\n \"versions\"\n ],\n \"engines\": {\n \"node\": \">=20.0.0\",\n \"npm\": \">=8.12.1\"\n },\n \"main\": \"build/index.js\",\n \"types\": \"build/index.d.ts\",\n \"scripts\": {\n \"build\": \"rimraf build && npm run build:options && vite build\",\n \"build:options\": \"vite-node src/scripts/build-options.ts\",\n \"build:analyze\": \"rimraf build && npm run build:options && ANALYZER=true vite build\",\n \"lint\": \"cross-env FORCE_COLOR=1 npm-run-all --parallel --aggregate-output lint:*\",\n \"lint:lockfile\": \"lockfile-lint\",\n \"lint:markdown\": \"markdownlint \\\"**/*.md\\\" --ignore \\\"**/node_modules/**/*.md\\\" --ignore build --config .markdownlint.js\",\n \"lint:src\": \"eslint --cache --cache-location node_modules/.cache/.eslintcache --ignore-path .gitignore --report-unused-disable-directives .\",\n \"prepare\": \"src/scripts/install-hooks\",\n \"prepublishOnly\": \"npm run build\",\n \"prettier\": \"prettier . --check\",\n \"prettier:fix\": \"prettier . --write\",\n \"test\": \"npm run test:unit && npm run test:e2e\",\n \"test:bun\": \"test/bun-install.sh && mocha test/bun\",\n \"test:unit\": \"mocha test test/package-managers/*\",\n \"test:e2e\": \"./test/e2e.sh\",\n \"ncu\": \"node build/cli.js\"\n },\n \"bin\": {\n \"npm-check-updates\": \"build/cli.js\",\n \"ncu\": \"build/cli.js\"\n },\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/raineorshine/npm-check-updates.git\"\n },\n \"homepage\": \"https://github.com/raineorshine/npm-check-updates\",\n \"bugs\": {\n \"url\": \"https://github.com/raineorshine/npm-check-updates/issues\"\n },\n \"overrides\": {\n \"ip\": \"2.0.1\",\n \"jsonparse\": \"https://github.com/ARitz-Cracker/jsonparse/tree/patch-1\",\n \"@yarnpkg/parsers\": \"2.6.0\"\n },\n \"devDependencies\": {\n \"@trivago/prettier-plugin-sort-imports\": \"^5.2.2\",\n \"@types/bun\": \"^1.2.23\",\n \"@types/chai\": \"^4.3.19\",\n \"@types/chai-as-promised\": \"^8.0.0\",\n \"@types/chai-string\": \"^1.4.5\",\n \"@types/cli-table\": \"^0.3.4\",\n \"@types/hosted-git-info\": \"^3.0.5\",\n \"@types/ini\": \"^4.1.1\",\n \"@types/js-yaml\": \"^4.0.9\",\n \"@types/jsonlines\": \"^0.1.5\",\n \"@types/lodash\": \"^4.17.20\",\n \"@types/mocha\": \"^10.0.10\",\n \"@types/node\": \"^24.5.2\",\n \"@types/npm-registry-fetch\": \"^8.0.8\",\n \"@types/parse-github-url\": \"^1.0.3\",\n \"@types/picomatch\": \"^4.0.2\",\n \"@types/progress\": \"^2.0.7\",\n \"@types/prompts\": \"^2.4.9\",\n \"@types/semver\": \"^7.7.1\",\n \"@types/semver-utils\": \"^1.1.3\",\n \"@types/sinon\": \"^17.0.4\",\n \"@types/update-notifier\": \"^6.0.8\",\n \"@typescript-eslint/eslint-plugin\": \"^8.44.1\",\n \"@typescript-eslint/parser\": \"^8.44.1\",\n \"camelcase\": \"^6.3.0\",\n \"chai\": \"^4.3.10\",\n \"chai-as-promised\": \"^7.1.2\",\n \"chai-string\": \"^1.6.0\",\n \"chalk\": \"^5.6.2\",\n \"cli-table3\": \"^0.6.5\",\n \"commander\": \"^14.0.1\",\n \"cross-env\": \"^10.0.0\",\n \"dequal\": \"^2.0.3\",\n \"eslint\": \"^8.57.0\",\n \"eslint-config-prettier\": \"^10.1.8\",\n \"eslint-config-raine\": \"^0.5.0\",\n \"eslint-config-standard\": \"^17.1.0\",\n \"eslint-plugin-import\": \"^2.32.0\",\n \"eslint-plugin-jsdoc\": \"^60.5.0\",\n \"eslint-plugin-n\": \"^16.6.2\",\n \"eslint-plugin-promise\": \"^6.6.0\",\n \"fast-glob\": \"^3.3.3\",\n \"fast-memoize\": \"^2.5.2\",\n \"find-up\": \"5.0.0\",\n \"fp-and-or\": \"^1.0.2\",\n \"hosted-git-info\": \"^9.0.0\",\n \"ini\": \"^5.0.0\",\n \"js-yaml\": \"^4.1.0\",\n \"jsonc-parser\": \"^3.3.1\",\n \"jsonlines\": \"^0.1.1\",\n \"lockfile-lint\": \"^4.14.1\",\n \"lodash\": \"^4.17.21\",\n \"markdownlint-cli\": \"^0.45.0\",\n \"mocha\": \"^11.7.2\",\n \"npm-registry-fetch\": \"^19.0.0\",\n \"npm-run-all\": \"^4.1.5\",\n \"p-map\": \"^4.0.0\",\n \"parse-github-url\": \"^1.0.3\",\n \"picomatch\": \"^4.0.3\",\n \"prettier\": \"^3.6.2\",\n \"progress\": \"^2.0.3\",\n \"prompts-ncu\": \"^3.0.2\",\n \"rc-config-loader\": \"^4.1.3\",\n \"rfdc\": \"^1.4.1\",\n \"rimraf\": \"^6.0.1\",\n \"rollup-plugin-node-externals\": \"^8.1.1\",\n \"semver\": \"^7.7.2\",\n \"semver-utils\": \"^1.1.4\",\n \"should\": \"^13.2.3\",\n \"sinon\": \"^21.0.0\",\n \"source-map-support\": \"^0.5.21\",\n \"spawn-please\": \"^3.0.0\",\n \"strip-ansi\": \"^7.1.2\",\n \"ts-node\": \"^10.9.2\",\n \"typescript\": \"^5.9.2\",\n \"typescript-json-schema\": \"^0.65.1\",\n \"untildify\": \"^4.0.0\",\n \"update-notifier\": \"^7.3.1\",\n \"verdaccio\": \"^6.1.6\",\n \"vite\": \"^7.1.7\",\n \"vite-bundle-analyzer\": \"^1.2.3\",\n \"vite-node\": \"^3.2.4\",\n \"vite-plugin-dts\": \"^4.5.4\",\n \"yaml\": \"^2.8.2\",\n \"yarn\": \"^1.22.22\",\n \"zod\": \"^4.3.5\"\n },\n \"files\": [\n \"build\",\n \"!**/test/**\"\n ],\n \"lockfile-lint\": {\n \"allowed-schemes\": [\n \"https:\",\n \"git+ssh:\"\n ],\n \"allowed-hosts\": [\n \"npm\",\n \"github.com\"\n ],\n \"empty-hostname\": false,\n \"type\": \"npm \",\n \"path\": \"package-lock.json\"\n },\n \"mocha\": {\n \"check-leaks\": true,\n \"extension\": [\n \"test.ts\"\n ],\n \"require\": [\n \"source-map-support/register\",\n \"ts-node/register\"\n ],\n \"timeout\": 60000,\n \"trace-deprecation\": true,\n \"trace-warnings\": true,\n \"use_strict\": true\n }\n}\n" }, { "path": "src/bin/cli.ts", "content": "#!/usr/bin/env node\nimport { Help, Option, program } from 'commander'\nimport createCloneDeep from 'rfdc'\nimport semver from 'semver'\nimport pkg from '../../package.json'\nimport cliOptions, { renderExtendedHelp } from '../cli-options'\nimport ncu from '../index'\nimport { chalkInit } from '../lib/chalk'\n// async global contexts are only available in esm modules -> function\nimport getNcuRc from '../lib/getNcuRc'\nimport { pickBy } from '../lib/pick'\n\nconst optionVersionDescription = 'Output the version number of npm-check-updates.'\n\n/** Removes inline code ticks. */\nconst uncode = (s: string) => s.replace(/`/g, '')\n\nconst cloneDeep = createCloneDeep()\n\n;(async () => {\n // importing update-notifier dynamically as esm modules are only allowed to be dynamically imported inside of cjs modules\n const { default: updateNotifier } = await import('update-notifier')\n\n // check if a new version of ncu is available and print an update notification\n //\n // For testing from specific versions, use:\n //\n // updateNotifier({\n // pkg: {\n // name: 'npm-check-updates',\n // version: x.y.z\n // },\n // updateCheckInterval: 0\n // })\n\n const notifier = updateNotifier({ pkg })\n if (notifier.update && notifier.update.latest !== pkg.version) {\n const { default: chalk } = await import('chalk')\n\n // generate release urls for all the major versions from the current version up to the latest\n const currentMajor = semver.parse(notifier.update.current)?.major\n const latestMajor = semver.parse(notifier.update.latest)?.major\n const majorVersions =\n // Greater than or equal to (>=) will always return false if either operant is NaN or undefined.\n // Without this condition, it can result in a RangeError: Invalid array length.\n // See: https://github.com/raineorshine/npm-check-updates/issues/1200\n currentMajor && latestMajor && latestMajor >= currentMajor\n ? new Array(latestMajor - currentMajor).fill(0).map((x, i) => currentMajor + i + 1)\n : []\n const releaseUrls = majorVersions.map(majorVersion => `${pkg.homepage ?? ''}/releases/tag/v${majorVersion}.0.0`)\n\n // for non-major updates, generate a URL to view all commits since the current version\n const compareUrl = `${pkg.homepage ?? ''}/compare/v${notifier.update.current}...v${notifier.update.latest}`\n\n notifier.notify({\n defer: false,\n isGlobal: true,\n message: `Update available ${chalk.dim('{currentVersion}')}${chalk.reset(' → ')}${\n notifier.update.type === 'major'\n ? chalk.red('{latestVersion}')\n : notifier.update.type === 'minor'\n ? chalk.yellow('{latestVersion}')\n : chalk.green('{latestVersion}')\n }\nRun ${chalk.cyan('{updateCommand}')} to update\n${chalk.dim.underline(\n notifier.update.type === 'major' ? releaseUrls.map(url => chalk.dim.underline(url)).join('\\n') : compareUrl,\n)}`,\n })\n }\n\n // manually detect option-specific help\n // https://github.com/raineorshine/npm-check-updates/issues/787\n const rawArgs = process.argv.slice(2)\n const indexHelp = rawArgs.findIndex(arg => arg === '--help' || arg === '-h')\n if (indexHelp !== -1 && rawArgs[indexHelp + 1]) {\n const helpOption = rawArgs[indexHelp + 1].replace(/^-*/, '')\n if (helpOption === 'help' || helpOption === 'h') {\n console.info('Would you like some help with your help?')\n } else {\n await chalkInit()\n const nonHelpArgs = [...rawArgs.slice(0, indexHelp), ...rawArgs.slice(indexHelp + 1)]\n nonHelpArgs.forEach(arg => {\n // match option by long or short\n const query = arg.replace(/^-*/, '')\n const option = cliOptions.find(\n option =>\n query === option.long ||\n query === option.short ||\n (query === `no-${option.long}` && option.type === 'boolean'),\n )\n if (option) {\n console.info(renderExtendedHelp(option) + '\\n')\n } else if (query === 'version' || query === 'v' || query === 'V') {\n console.info(\n renderExtendedHelp({\n long: 'version',\n short: 'v',\n description: optionVersionDescription,\n // do not pass boolean or it will print --no-version\n type: 'string',\n }) + '\\n',\n )\n } else {\n console.info(`Unknown option: ${arg}`)\n }\n })\n }\n process.exit(0)\n }\n\n // a set of options that only work in an rc config file, not on the command line\n const noCli = new Set(cliOptions.filter(option => option.cli === false).map(option => `--${option.long}`))\n\n // start commander program\n program\n .description('[filter] is a list or regex of package names to check (all others will be ignored).')\n .usage('[options] [filter]')\n // See: boolean optional arg below\n .configureHelp({\n optionTerm: option =>\n option.long && noCli.has(option.long)\n ? option.long.replace('--', '') + '*'\n : option.long === '--version'\n ? // add -v to version help to cover the alias added below\n '-v, -V, --version'\n : option.flags.replace('[bool]', ''),\n optionDescription: option =>\n option.long === '--version'\n ? optionVersionDescription\n : option.long === '--help'\n ? `You're lookin' at it. Run \"ncu --help