v19.3.1

What's Changed

• fix(catalog): use the right yarn config name by @MKruschke in #1586

Full Changelog: v19.3.0...v19.3.1

v19.3.0

What's Changed

• feat: support yarn catalogs by @MKruschke in #1582
• Fixed default catalog behavior.
  • See discussion here: #1582 (review)
  • If you think this is wrong, please open an issue.

Full Changelog: v19.2.1...v19.3.0

v19.2.1

Full Changelog: v19.2.0...v19.2.1

v19.2.0

What's Changed

• Add --format dep
• Add interactive mode keyboard controls to docs by @jsoref in #1577
• Spelling by @jsoref in #1578

New Contributors

• @jsoref made their first contribution in #1577

Full Changelog: v19.1.2...v19.2.0

v19.1.2

What's Changed

• fix: support singular 'catalog' field in pnpm-workspace.yaml by @afonsojramos in #1572

New Contributors

• @afonsojramos made their first contribution in #1572

Full Changelog: v19.1.1...v19.1.2

v19.1.1

What's Changed

• fix(cooldown): handle CooldownFunction in config file by @SebastianSedzik in #1565

Full Changelog: v19.1.0...v19.1.1

v19.1.0

What's Changed

• feat(cooldown): support for cooldown predicate function by @SebastianSedzik in #1563

Full Changelog: v19.0.0...v19.1.0

v19.0.0

Breaking

• node >= 20 required
• --workspaces (plural) short option -ws changed to -w
  • Better compatibility with commander v13
  • Short option should always be a single character for consistency
  • Replaces the short option for --workspace (singular)
  • --workspace (singular) no longer has a short option.

v18.2.0

Thanks to community members for raising awareness and to @SebastianSedzik for the implementation.

See: #1547

Feature: --cooldown

Usage:

ncu --cooldown [n]
ncu -c [n]

The cooldown option helps protect against supply chain attacks by requiring package versions to be published at least the given number of days before considering them for upgrade.

Note that previous stable versions will not be suggested. The package will be completely ignored if its latest published version is within the cooldown period. This is due to a limitation of the npm registry, which does not provide a way to query previous stable versions.

Example:

Let's examine how cooldown works with a package that has these versions available:

1.0.0          Released 7 days ago    (initial version)
1.1.0          Released 6 days ago    (minor update)
1.1.1          Released 5 days ago    (patch update)
1.2.0          Released 5 days ago    (minor update)
2.0.0-beta.1   Released 5 days ago    (beta release)
1.2.1          Released 4 days ago    (patch update)
1.3.0          Released 4 days ago    (minor update) [latest]
2.0.0-beta.2   Released 3 days ago    (beta release)
2.0.0-beta.3   Released 2 days ago    (beta release) [beta]

With default target (latest):

$ ncu --cooldown 5

No update will be suggested because:

• Latest version (1.3.0) is only 4 days old.
• Cooldown requires versions to be at least 5 days old
• Use --cooldown 4 or lower to allow this update

With @beta/@tag target:

$ ncu --cooldown 3 --target @beta

No update will be suggested because:

• Current beta (2.0.0-beta.3) is only 2 days old
• Cooldown requires versions to be at least 3 days old
• Use --cooldown 2 or lower to allow this update

With other targets:

$ ncu --cooldown 5 --target greatest|newest|minor|patch|semver

Each target will select the best version that is at least 5 days old:

greatest → 1.2.0        (highest version number outside cooldown)
newest   → 2.0.0-beta.1 (most recently published version outside cooldown)
minor    → 1.2.0        (highest minor version outside cooldown)
patch    → 1.1.1        (highest patch version outside cooldown)

Note for latest/tag targets:

⚠️ For packages that update frequently (e.g. daily releases), using a long cooldown period (7+ days) with the default --target latest or --target @tag may prevent all updates since new versions will be published before older ones meet the cooldown requirement. Please consider this when setting your cooldown period.

v18.0.0

Breaking

The only breaking change in v18 is with the -g/--global flag.

npm-check-updates -g will now auto-detect your package manager based on the execution path. Previously, it defaulted to npm.

• yarn dlx ncu -g --packageManager yarn → yarn dlx ncu -g
• pnpm dlx ncu --global --packageManager pnpm → pnpm dlx ncu -g
• bunx ncu -g--packageManager pnpm → bunx ncu -g

If for some reason you were running ncu -g with an alternative package manager and relying on it checking the global npm packages, you will need to now explicitly specify npm:

• ncu -g → ncu -g--packageManager npm

Thanks to @LuisFerLCC for the improvement (#1514).