Releases: raineorshine/npm-check-updates
v19.3.2
Contributors
Assets 2
v19.3.1
What's Changed
- fix(catalog): use the right yarn config name by @MKruschke in #1586
Full Changelog: v19.3.0...v19.3.1
Contributors
Assets 2
v19.3.0
What's Changed
- feat: support yarn catalogs by @MKruschke in #1582
- Fixed default catalog behavior.
- See discussion here: #1582 (review)
- If you think this is wrong, please open an issue.
Full Changelog: v19.2.1...v19.3.0
Contributors
Assets 2
v19.2.1
Full Changelog: v19.2.0...v19.2.1
v19.2.0
What's Changed
- Add --format dep
- Add interactive mode keyboard controls to docs by @jsoref in #1577
- Spelling by @jsoref in #1578
New Contributors
Full Changelog: v19.1.2...v19.2.0
Contributors
Assets 2
v19.1.2
What's Changed
- fix: support singular 'catalog' field in pnpm-workspace.yaml by @afonsojramos in #1572
New Contributors
- @afonsojramos made their first contribution in #1572
Full Changelog: v19.1.1...v19.1.2
Contributors
Assets 2
v19.1.1
What's Changed
- fix(cooldown): handle
CooldownFunctionin config file by @SebastianSedzik in #1565
Full Changelog: v19.1.0...v19.1.1
Contributors
Assets 2
v19.1.0
What's Changed
- feat(cooldown): support for cooldown predicate function by @SebastianSedzik in #1563
Full Changelog: v19.0.0...v19.1.0
Contributors
Assets 2
v19.0.0
Breaking
- node
>= 20required --workspaces(plural) short option-wschanged to-w- Better compatibility with commander v13
- Short option should always be a single character for consistency
- Replaces the short option for
--workspace(singular) --workspace(singular) no longer has a short option.
v18.2.0
Thanks to community members for raising awareness and to @SebastianSedzik for the implementation.
See: #1547
Feature: --cooldown
Usage:
ncu --cooldown [n]
ncu -c [n]
The cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.
Note that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.
Example:
Let's examine how cooldown works with a package that has these versions available:
1.0.0 Released 7 days ago (initial version)
1.1.0 Released 6 days ago (minor update)
1.1.1 Released 5 days ago (patch update)
1.2.0 Released 5 days ago (minor update)
2.0.0-beta.1 Released 5 days ago (beta release)
1.2.1 Released 4 days ago (patch update)
1.3.0 Released 4 days ago (minor update) [latest]
2.0.0-beta.2 Released 3 days ago (beta release)
2.0.0-beta.3 Released 2 days ago (beta release) [beta]
With default target (latest):
$ ncu --cooldown 5No update will be suggested because:
- Latest version (1.3.0) is only 4 days old.
- Cooldown requires versions to be at least 5 days old
- Use
--cooldown 4or lower to allow this update
With @beta/@tag target:
$ ncu --cooldown 3 --target @betaNo update will be suggested because:
- Current beta (2.0.0-beta.3) is only 2 days old
- Cooldown requires versions to be at least 3 days old
- Use
--cooldown 2or lower to allow this update
With other targets:
$ ncu --cooldown 5 --target greatest|newest|minor|patch|semverEach target will select the best version that is at least 5 days old:
greatest → 1.2.0 (highest version number outside cooldown)
newest → 2.0.0-beta.1 (most recently published version outside cooldown)
minor → 1.2.0 (highest minor version outside cooldown)
patch → 1.1.1 (highest patch version outside cooldown)
Note for latest/tag targets:
⚠️ For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default--target latestor--target @tagmay prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.