anifacted / lerna-update-wizard Goto Github PK
View Code? Open in Web Editor NEWA command line tool for bulk-updating lerna package dependencies
A command line tool for bulk-updating lerna package dependencies
Curently lerna-update-wizard expects the default configuration for package location, where each subdirectory of ./packages/ is a package.
However with the packages option in lerna.json you can use other directory structures as needed.
Lerna itself uses globby for it, as far as I can tell: https://github.com/lerna/lerna/blob/64916d650233f939d49d34ec52c691037f89106c/utils/collect-packages/collect-packages.js
I have several hooks which runs before git commit. So wanted an option to not ask for git features.
Hi
Nice cli. I've tried updating a private npm package (by that I don't mean "private": true but rather that it is published to npm as a private library) but I get the following error:
An error occurred:
Error: Could not look up "my-private-package" in NPM registry
npm token is correctly set up, as I can publish using lerna.
When runnings lernaupdate --dedupe
, dependencies from peerDependencies
act as a duplicate. For example, in one package we have "react": "^16.12.0"
as a dependency and in another we have "react": "16.x"
as a peer dependency. This will be seen as a duplicate
Hi,
npm audit
reports that meow:^4.0.0
uses a trim-newlines
version which has a high security vulnerability.
High Regular Expression Denial of Service
Package trim-newlines
Patched in >=3.0.1 <4.0.0 || >=4.0.1
Dependency of lerna-update-wizard [dev]
Path lerna-update-wizard > meow > trim-newlines
More info https://npmjs.com/advisories/1753
Like you show labels for highest installed and latest release, it would be nice to know which version is the most used. Often you just want to align a package with all of the packages.
I'm getting an error only as error Command failed with exit code 1.
in the installation phase of lernaupdate
on a single dependency. Some of the lerna-packages' package.json changes stick and are now marked "Already installed ✗" on subsequent runs. The ones that don't stick are logged in green as "✓ (457 ms)" but preceded by "[1/4] Resolving packages... info If you think this is a bug....". There are no yarn-error.log or any other diagnostic messages explaining the problem. Discarding changes and reattempting gives consistent results. Any tips for diagnosing the errors?
[email protected] in devDependencies
Already installed ✗
[1/4] Resolving packages...
info If you think this is a bug, please open a bug report with the information provided in "C:\\code\\Repos\\...\\packages\\shared-state\\yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.
.../shared-state ✓ (470 ms)
[1/4] Resolving packages...
info If you think this is a bug, please open a bug report with the information provided in "C:\\code\\Repos\\...\\packages\\shared-ui\\yarn-error.log".
info Visit https://yarnpkg.com/en/docs/cli/add for documentation about this command.
.../shared-ui ✓ (537 ms)
Installed 5 packages in 538 ms
? Do you want to create a new git branch for the change? No
? Do you want to create a new git commit for the change? Yes
? Enter a git commit message: Update dependency: [email protected]
Commit created ✓
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Google Cloud Builder does not like the @namespace for some reason
This package is a life saver!
It would be nice to utilize interactive mode without having to answer questions the same way each time. For example, Do you want to create a new git branch for the change? No
could be a setting that prevents the question from appearing by defaulting to the set answer.
What is the problem you're trying to solve?
Unable to go back to pick previous options
What solution would you like to see?
Be able to use "backspace" key to go back to pick previous options
runCommand.js returns a promise with all the event handlers for coroutines that only check for stdout
event handlers. As a result, when npm
or yarn
or any command writes to stderr
two things happen:
lernaupdate
reports a success without actually doing anything.Here's one such example where npm install
fails and lernaupdate
ignores it:
# npm writes to stderr only
# npm install --save @scope/[email protected]
npm ERR! code ETARGET
npm ERR! notarget No matching version found for @scope/nested-dependency-package@^1.0.0
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.
npm ERR! notarget
npm ERR! notarget It was specified as a dependency of '@scope/dependency-package'
npm ERR! notarget
npm ERR! A complete log of this run can be found in:
npm ERR! /root/.npm/_logs/2019-08-22T16_12_02_888Z-debug.log
After choosing which dependency to upgrade, I get the error SyntaxError: Unexpected end of JSON input
.
I already tried the following to try and solve this issue:
Do you have any idea as to what could be causing this?
In this wizard, it will allow you to select either the exact version (e.g. 1.0.1
) or a semver variant like ^1.0.1
or ~1.0.1
. However, because this script runs --save-dev
but does NOT add --save-exact
, then no matter if an exact version is specified, it will default to ^1.0.1
because of the way NPM works.
So, currently, there's no way to run lernaupdate
and actually output what is selected.
I just need to keep track of one dependency across multiple packages in my monorepo. Would be great if I could run lernaupdate for a specific dependency, which version to set it to, and which packages to target, all without any interactivity.
Something like
lernaupdate --dep="lodash" --version="latest" --packages="packages/a,packages/b/one,packages/b/two"
If a package.json has both a peerDependency and a devDependency field, and the same dependency is in both lists, only one of them will be updated, e.g. if updating "foo" to version "2.0.0":
{
"peerDependencies": {
"foo": "1.0.0" ==> "2.0.0"
},
"devDependencies": {
"foo": "1.0.0" ==> "1.0.0"
}
}
Hi,
Thank you a lot for this nice tool.
Do you think it would be possible to add the support of hoisted dependencies ?
Thank you.
Hello, thanks for developing this tool.
When I upgrade a dependency, I'd like the option for 'latest installed' and to bump the caret version in each respective package.json as well.
For example:
My packages
Component1
package.json
- prop-types@^15.6.1
Component2
package.json
- prop-types@^15.6.2
Run lernaupdate
Lerna Update Wizard
v0.9.4
Starting update wizard for project
? Select a dependency to upgrade: prop-types (1 version)
? Select packages to affect: Component1, Component2
? Select version to install: (Use arrow keys)
❯ ^15.6.2 #latest with caret version
15.6.2 #latest
15.5.0-alpha.0 #dev
15.5.7-alpha.1 #next
^15.6.1 Highest installed
By updating the version string in each package's package.json
, this helps prevent the appearance of node_modules
directories nested inside a package with an outdated dependency, when using Yarn Workspaces with Lerna.
I'm willing to help contribute a solution for this.
I've installed lerna-update-wizard
as recommended (as a devDependency), and once it is installed, running lernaupdate
from terminal returns a message of command not found
:
$ lernaupdate
bash: lernaupdate: command not found
I tried installing as a regular dependency as well and got the same result.
I'm working with a Lerna monorepo and running all of this from the root, with several packages. I'm also using --hoist
with Lerna, but I don't think this should cause the lernaupdate
command itself to not even be found.
I would really love is there was an option to list only outdated package when using lernaupdate
.
Lerna Update Wizard v0.9.3
Getting this at the beginning of the process
Starting update wizard for root
? Select a dependency to upgrade: (Use arrow keys or type to search)
@nestjs/common (2 versions)
On selecting the first one, the system get stuck on that screen, cannot even exit using Control C
? Select a dependency to upgrade: @nestjs/common(2 versions)
instead of having to check each package individually, i'd love to just be able to execute something like lernaupdate --all
and i'd want that to update all packages to the latest version installable based on the package.json.
Just like npm update
does, but for lerna! 😉
i love this tool. but when updating dependency i have to search one by one and install one at a time . it would be really awesome if we select all dependencies to install . and in one go it updates/installs them all
it would be a real time saver.
One yarn
package and one npm
package. Verify that the script picks the correct package manager for each sub project.
I had peer dependency "lodash": "^4.17.11"
in one package
And just dependency "lodash": "^4.17.11"
in another two packages
I ran update command and got peer dependency "lodash": "4.17.15"
(exact version, not ^)
Another two packages has "lodash": "^4.17.15"
(with ^)
Why does it happen?
Because of this when I try to update lodash again, I see I have two lodash versions:
Starting update wizard for @org/front
? Select a dependency to upgrade: lodash (2 versions)
? Select packages to affect: @org/common (4.17.15), @org/proj1 (^4.17.15), @org/proj2 (^4.17.15)
? Select version to install:
...
How can I avoid this behaviour and install peer dependency with ^?
Thanks, lib is awesome
when updating package.jsons, it looks like it uses 2 spaces, and in my code i'm using 4. is there some configuration for that that i missed? or is there not a way to adjust that currently? ifso, could there please be an option added so that when versions are modified the whole file isn't modified? thanks!
Just tried the tool out and the diff shows that the version
, engines
, typings
etc top-level keys in package.json have all been reordered arbitrarily. They don't appear to be alphabetized.
On top of that, the keys within the scripts
section were reordered to no longer be alphabetized! Why!? Edit: looks like they are alphabetical except for foo
and postfoo
being made adjacent. Still, this is undesirable.
This creates a ton of diff noise that either has to be carefully reverted or painfully absorbed by other contributors.
Hi,
the update of globby
to version v11 #112 has broken the compatibility with windows.
The reason for that is a change of globby
's transitive dependency fast-glob
which requires a convertion of the Windows-style path to a Unix-style path.
Quote:
Recommendation fast-glob
:
https://github.com/mrmlnc/fast-glob#how-to-write-patterns-on-windows
I just tried a quick and dirty fix on my machine and everything worked as expected if I replace all backslashes at the resolved path with the following regex.
defaultPackagesGlobs.map(glob => resolve(projectDir, glob, "package.json").replace(/\\/g, '/')),
Line: index.js#L89
I need to pass --ignore-engines
to yarn due to a dependency that has an overly-restrictive engines
field. Can we add the ability to pass flags to yarn/npm?
It would be cool to update multiple packages at once.
E.g. jest
and @types/jest
Hi! I love using the tool.
When I use the tool to select a dependency and upgrade it, I want the default version semver prefix to respect my ~/.npmrc
save-prefix settings, which is documented here
Awesome script, I have been running into an issue. Maybe I don't understand quite correctly but I have been trying to update a react as peer denpendency
, but when I run the script and I select peer dependecy
the script write down the update under dependencies, which is not what I'm expecting.
I have something like this:
{
"name": "@myOrg/button",
"version": "0.0.1",
"description": "",
"main": "index.js",
"peerDependencies": {
"react": "^16.7.0",
"styled-components": "^4.1.3"
},
"repository": {
"type": "git",
"url": ""
},
"publishConfig": {
"access": "public"
},
"author": "@",
"license": "MIT"
}
after updating to peer dependecy ends like:
{
"name": "@myOrg/button",
"version": "0.0.1",
"description": "",
"main": "index.js",
"peerDependencies": {
"react": "^16.7.0",
"styled-components": "^4.1.3"
},
"repository": {
"type": "git",
"url": ""
},
"publishConfig": {
"access": "public"
},
"author": "@",
"license": "MIT",
"dependencies": {
"react": "16.8.6",
"styled-components": "4.2.0"
}
}
Do you have any idea what am I possible doing wrong?
I just tried to run lerna-update-wizzard a couple of times in a project with about 60 packages. It always got stuck before showing the 'Select a dependency to upgrade'-prompt. Then I deleted all node_module-directories (recursively) and ran it again. This time the prompt was shown immediately. Is this a known thing?
I have a lerna project with 10 packages. 4 of these packages use node-rdkafka
which I want to update. When I run lerna-update-wizard, it lists literally tens of thousands of various packages, and seems to be any package that any sub-package (not one that I author) though-out the entire packages installed.
If I then select the package I want to update, it then lists out thousands of other packages, where I would expect only the 4 packages I control to be shown. I can't 'upgrade' package depdencies in third party packages. It seems to just be a list of all packages, for example, @jest/console
is listed, but this package doesn't install or consume node-rdkafka
.
Lerna Update Wizard
v1.1.0
Starting update wizard for root
? Select a dependency to upgrade: node-rdkafka (2 versions)
? Select packages to affect: (Press <space> to select, <a> to toggle all, <i> to invert selection)
❯◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
◯ 1to2
I was expecting the tool to list and show me mismatched and outdated dependencies consume in packages with my lerna project only.
Hello everyone.
I'm using this package in order to update some dependencies in my project, so I follow all the instructions on the README.
After choose some package to update, I picked an options to commit with new message all changes.
After received a feedback, I checked to file changes and nothing happened.
There is anyone with these problems too?
When I ran the wizard, in addition to updating the selected package version in my package.jsons, it removed the newline at the end of every file. Is there an option to leave that newline in place?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.