Prevent updating major for specific dependency

[drmrbrewer]

Usually I am happy to have the dependencies in my package.json to update to a different major version (of course I then test for any breakages). But now I've identified one dependency which breaks things for me with its new major version, so I want to stick to a specific version for just that dependency, but want ncu -u to carry on updating all other dependencies as per normal across major boundaries. Is this possible? I am presently using the ^ switch (e.g. "p-queue": "^6.6.2") and had hoped that there might be another switch which which tells ncu to "leave alone".

[raineorshine]

What you need is --target, which controls the upgraded version, but unfortunately npm-check-updates does not support different targets for different dependencies. You'll have to run them separately:

ncu -p-queue    # upgrade all dependencies except p-queue
ncu p-queue --target minor   # upgrade p-queue

[drmrbrewer]

OK thanks for the info. Would be a nice feature to have, wouldn't it? i.e. different switches to signify "update at most patch level", "update at most minor level", "update any level", or "don't touch anything!".

[raineorshine]

Would be a nice feature to have, wouldn't it?

Yes, I agree. It would be a bit too complex for cli options, but it could be supported via the ncurc file.

i.e. different switches to signify "update at most patch level", "update at most minor level", "update any level", or "don't touch anything!".

These are all currently supported via --target, just not on a per-dependency level, to be clear. And don't touch anything is well supported via filters.

[drmrbrewer]

I guess I'm expecting the ~ and ^ flags (see here) to be understood by ncu... which would be ideal since these apply on a per-dependency basis. At the moment it seems that ncu just updates every dependency to the latest version, regardless of those flags? Of course, there is the --target CLI option but (as you say) that is a global switch and doesn't seem to take account of these per-dependency flags...

So IMHO it would be nice if there was a CLI option for ncu which enables this per-dependency behaviour, and where dependencies are updated individually based on their flag:

• a ~ dependency is updated at most at the patch level
• a ^ dependency is updated at most at the minor level

Without any flag, it's either updated to the latest version (including at a new major level) or left alone... my knowledge of semantic versioning conventions is totally inadequate but maybe there is an existing flag to convey this distinction?

[raineorshine]

I see, that makes sense! --target semver is not currently implemented, though it has been requested by others. It's tracked in #581 and can be re-opened by an active PR.

As a bit of additional explanation, I would offer that the raison d'être of npm-check-updates is to break semver conventions. That's the whole reason it was created. npm generally does a good job of allowing installs and upgrades while conforming to semver. npm-check-updates was created for the purpose as stated at the beginning of the README:

npm-check-updates upgrades your package.json dependencies to the latest versions, ignoring specified versions.

There are enough people that prefer the additional control of npm-check-updates over npm that --target semver would be a useful addition, but it is not the typical use case. I would love to see someone volunteer their time to contribute a PR for this. I do my best to maintain the library and respond to all issues and feature requests, but I don't have the availability to add dedicated new features.

[drmrbrewer]

OK thank you for the additional insight, and for reminding me of the raison d'être of ncu. I hope that something like this can be implemented in future (I am not sure that I am sufficiently capable to do this myself). In the meantime, using the following .ncurc.json does achieve what I want (albeit using a separate config file which I don't like so much), which is to avoid updating this package to the next (major) version (which has too much of a knock-on effect for me, for now):

{
  "upgrade": true,
  "reject": [
    "p-queue"
  ]
}

Thanks for your continued efforts with ncu... it is very much appreciated.

[ipsips]

I'm in a similar situation and resorting to use .ncurc.json:

{
  "upgrade": true,
  "reject": [
    "p-queue"
  ]
}

But finer control over target version for specific packages would be nice. target could take an array. Eg. constricting "p-queue" version to currently installed major:

{
  "upgrade": true,
  "target": [
    {
      "p-queue": "minor"
    }
  ]
}

[raineorshine]

As of v12.5.0, you can specify a custom target function in your .ncurc.js config file:

module.exports = {
  /** Custom target that performs minor upgrades for the p-queue package.
    @param dependencyName The name of the dependency.
    @param parsedVersion A parsed Semver object from semver-utils.
      (See https://git.coolaj86.com/coolaj86/semver-utils.js#semverutils-parse-semverstring)
    @returns 'latest' | 'newest' | 'greatest' | 'minor' | 'patch'
  */
  target: (dependencyName, parsedVersion) => {
    return dependencyName === 'p-queue' ? 'minor' : 'latest'
  }
}

You can hack together your own semver-like target logic with this function, but the intention is to eventually add a --semver option that handles this for you. See #1054.

[christianhaller3000]

module.exports = {
  target: (dependencyName) => {
    if(["node-fetch", "@types/node-fetch", "globby","susy"].includes(dependencyName)  ){
      const res = "minor"
      console.log(`👀  ️${dependencyName} is pinned to ${res}`)
      return  res;
    }
    return 'latest'
  },
}

great!