renovate
npm-check
Our great sponsors
renovate | npm-check | |
---|---|---|
113 | 11 | |
15,658 | 6,535 | |
3.5% | - | |
10.0 | 8.0 | |
4 days ago | 5 days ago | |
TypeScript | JavaScript | |
GNU Affero General Public License v3.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
renovate
-
Self-Hosted Is Awesome
> Yes, it is awesome until you have to sysadmin it, apply updates, patch it, fix security holes, etc. I am not saying all self-hosted solutions are like that. There are exceptions. However, the majority of open-source self-hosted solutions require a lot of extra work.
I'm currently self-hosting 10 different applications on my local server, which represents everything I've ever seen that looked fun or useful to me. Every one of them had a Docker image with an example compose file, which means updating them just requires periodically running Renovate [0] on the repo that stores all my compose files and then running a script that docker compose pulls the updates. It takes maybe 10 minutes every other week, and is actually kinda fun.
It helps that all the apps are only accessible from within my VPN, so I'm not too worried about fixing security updates within a tiny time window.
-
Why I recommend Renovate over any other dependency update tools
This is a big deal! Where did you read this? I found:
-
Locally test and validate your Renovate configuration files
Renovate is an automated dependency management tool that can be used to keep your dependencies up-to-date. It can be configured to automatically create pull requests to update your dependencies, and it supports a wide range of package managers and platforms.
-
Understanding Mend Renovate's Pull Request Workflow
To get started with Mend Renovate, the comprehensive official documentation provides detailed instructions on installation, configuration, and best practices. Additionally, the Mend Renovate community forum offers a platform for users to connect, share experiences, and access the collective knowledge base.
-
Unfork with ArgoCD
It is a good practice to keep software up to date. To track changes in upstream software, we can utilize automatic dependency tracking systems such as Dependabot or Renovate. This is a broad topic and requires a separate article to be covered. If you would like to read about it, please vote in the comments section below.
- 🦊 GitLab CI YAML Modifications: Tackling the Feedback Loop Problem
-
Evaluating New Software Forges
So do other forges: I have Renovate [0] set up on my self-hosted Forgejo and it's worked great so far.
-
Long Term Ownership of an Event-Driven System
You can ease some of the burden for yourself though using tooling. If you are using GitHub, dependabot can be configured to make automatic PRs to your repo whenever there are dependencies to update. If you're not a GitHub user, you can use renovate which even supports self hosting.
-
How to Manage Helm Chart Dependency Versions?
Hello! I'm using Helm in K8s and curious if there is a solution that could keep tabs on the deployed chart dependency versions and either alert us when something is out of date or when a new release is available. Does this exist? I was thinking something like Dependabot or Renovate, but neither seems to be able to manage this.
- Dependency inventory / dashboard for multiple maven projects
npm-check
-
Writing Javascript without a build system
I find this tool helps https://www.npmjs.com/package/npm-check
-
How to update all npm packages to latest?
You can also see npm-check for some more control.
-
I am feeling really scared of upgrading so many packages at once, Any tips?
What I do; - run https://www.npmjs.com/package/npm-check with the -u command - select all libs that are relatively safe (minor, patch upgrades) and that are unrelated - upgrade those first and check the app; run it and prod build plus any tests you might have - commit; this is your save point - then upgrade clusters; sets of dependencies that are related (I.e. all test dependencies in one go, all webpack, or all react dependencies in one go) - build, run, test and save again. - Repeat previous two steps until done. - if some dependency requires a major change through the whole app; skip it / revert and safe for another day. Upgrading is sometimes as much about information gathering as it is about upgrading.
-
Do I need to update my packages?
I use https://www.npmjs.com/package/npm-check Make a new branch and update all minor (green) in one go, if that's good I commit and move on, then I update all orange in one go, there's usually an issue so then I undo and split that up and do a few each, committing each time it's all ok. Then I do major (red) one by one and commit each time. Some are too hard to update and I'll leave it alone till probably another update fixes the issue.
-
One simple command to improve your JavaScript workflow
When I remember the command, sometimes I use npm-check or npm-check-updates to save some time, but I most often don't remember which is the one I usually use and what's the syntax. Yarn has definitely an edge here with its yarn upgrade-interactive command.
-
If package.json references some package but there is no require, am I safe to remove?
Try using `npm-check`: https://www.npmjs.com/package/npm-check
-
Dependabot needs a workflow too
If Dependabot keeps on creating the maximum number of PR's several days in a row, we sometimes just run npm-check update to test and update a bunch of packages at the same time. This is basically the workflow of projects without dependabot and the problem with that approach was that actually nobody was updating the dependencies at all.
-
Detect outdated dependencies from package.json?
Install this package globally npm-check and here is the link link to npmjs.com
- How to update all your NPM packages at once
-
Node.js cheatsheet
npm-check is a useful tool to check for outdated, incorrect, and unused dependencies
What are some alternatives?
dependabot-core - 🤖 Dependabot's core logic for creating update PR's.
dependabot
scala-steward - :robot: A bot that helps you keep your projects up-to-date
updatecli - A Declarative Dependency Management tool
github-actions-and-renovate
bitbucket-branch-source-plugin - Bitbucket Branch Source Plugin
charts - Bitnami Helm Charts
watchtower - A process for automating Docker container base image updates.
charts - ⚠️ Deprecated : Helm charts for applications you run at home
git-link - Emacs package to get the GitHub/Bitbucket/GitLab/... URL for a buffer location
ort - A suite of tools to automate software compliance checks.
pipreqs - pipreqs - Generate pip requirements.txt file based on imports of any project. Looking for maintainers to move this project forward.