I'm upgrading to Yarn Modern and am trying out yarn outdated. It appears to work; however, after its output, it never finishes:

➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed in 3s 490ms

...

➤ YN0000: Package                        Current    Latest    Workspace        Package Type
➤ YN0000: 33 dependencies are out of date
➤ YN0000: Done with warnings in 3s 493ms
➤ YN0000: ⠇ ============================================================================----

The progress bar on the last line sits at this state indefinitely, without ever finishing.

If I run yarn outdated --json, the command finishes as expected.

I'm using Yarn 3.2.0, https://mskelton.dev/yarn-outdated/v2, and Node 14.19.1.

Add the usage property to the command to provide docs

By semver:

Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.

So it should be red.

With latest version 2.1.0 of yarn-plugin-outdated, all dependencies in yarn.lock file are checked for outdated version.
Dependencies, that use Protocols with : separator, should be ignored.
Some examples (they need checks):

• npm:<string>
• [email protected]:<string>
• github:<string>
• file:<string>
• link:<string>
• patch:<string>
• portal:<string>
• workspace:<string>
• exec:<string>

Steps to reproduce:

1. yarn init -y
2. yarn set version berry
3. yarn plugin import https://github.com/mskelton/yarn-plugin-outdated/raw/v2.1.0/bundles/@yarnpkg/plugin-outdated.js
4. Add absolute path resolution with link protocol:
   yarn add src@link:./src
5. yarn outdated

Results

Actual

yarn log:

➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed

➤ YN0000: Package   Current   Latest   Package Type
➤ YN0000: src       0.0.0     1.1.2    dependencies

➤ YN0000: 1 dependency is out of date
➤ YN0000: Done with warnings in 0s 155ms

Expect

No warnings.

When I created this plugin, I was frustrated with monorepos showing huge amounts of outdated dependencies and as a result I set the default to the current workspace with a optional flag --all that would search all workspaces.

I'm questioning that decision and wondering if a better default would be all workspaces with a flag to focus to the current workspace. Some options for the flag could be.

• --focus,-f - Not a huge fan since -f generally means force
• --workspace,-w - No major drawbacks
• --current,--current-workspace,-c - Fine, but more verbose.

It should respect https://yarnpkg.com/configuration/manifest#resolutions and also list these possible version updates

Is it possible to have the repo URL, easier to click and change the release changelog?
Thanks for the plugin, I'm really used to using it in yarn v1, now after migrating to v3 - very helpful!

Linking directly to ${repoUrl}/releases might be even better :)

Hello and thank you for the great plugin! I have a monorepo setup where one of the packages is a component library loaded by other packages. It is set as private with no repository URL, however the plugin still tries to check for an update:

% yarn outdated
➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0001: │ HTTPError: Response code 404 (Not Found)
    at se.<anonymous> (/Users/lada/Projects/flare-crm/.yarn/releases/yarn-berry.cjs:23:10082)
    at processTicksAndRejections (internal/process/task_queues.js:93:5)
➤ YN0000: └ Completed
➤ YN0000: Failed with errors in 0s 199ms
➤ YN0000: ⠏ =============================================================================---

When I added some logging to yarn-berry.cjs, the failing URL request was

requestUrl: 'https://registry.yarnpkg.com/<my-dependency's-name>'

Temporarily removing the dependency from package.json solved the issue, but it would be much smoother if the plugin could just skip it.

When using a semver range in the package.json, it looks like this plugin checks whether the lowest bound of the semver range is outdated. yarn v1 was instead checking whether the locked version is outdated or no, which is more useful IMO (as the locked version is what actually runs in your project).

Steps to reproduce:

1. Create a package.json with a dependency on mdn-polyfills ^5.15.1 (any other package could work, it is not specific to that one. But versions numbers I give correspond to that one).
2. Run yarn install. As of writing this, this resolves to version 5.20.0 of mdn-polyfills
3. Run yarn outdated

This gives me this output:

Package                              Current   Latest    Package Type   
mdn-polyfills                        5.15.1    5.20.0    dependencies   

But the current version locked in my project is not 5.15.1.

I'm on Yarn 2 still and ran into this error after following the install instructions in the README:

This plugin cannot access the package referenced via typanion which is neither a builtin...

Not obvious what the issue was until I dug around in your Releases and saw that v2 is not compatible with Yarn 2.

I still had to figure out how to install version 1.2.0 of the plugin, using:

yarn plugin import https://github.com/mskelton/yarn-plugin-outdated/raw/v1.2.0/bundles/@yarnpkg/plugin-outdated.js

Anyway, figured it would be worth adding this to your README to help others. Especially since this is such a helpful tool and you've done a great job bringing it into the Yarn 2+ world.

Thanks!

Performance seems definitely slower than Yarn 1. Let's explore if this can be improved.

When running:
yarn plugin import https://mskelton.dev/yarn-outdated/v4

it is freezing at:
➤ YN0000: Downloading https://mskelton.dev/yarn-outdated/v4

After updating yarn to v4.0.0-rc.2, the plugin stops to work.

Steps to reproduce

yarn init -y
yarn set version canary
yarn add @emotion/cache
yarn plugin import https://mskelton.dev/yarn-outdated/v2
yarn outdated

Actual

➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0001: │ Error: @emotion/cache@latest isn't supported by any available resolver
    at Ym.getResolverByDescriptor (C:\0-outdated\.yarn\releases\yarn-4.0.0-rc.2.cjs:135:1721)
    at Ym.bindDescriptor (C:\0-outdated\.yarn\releases\yarn-4.0.0-rc.2.cjs:135:1106)
    at Object.hU (C:\0-outdated\.yarn\releases\yarn-4.0.0-rc.2.cjs:378:10959)
    at ze.fetch (C:\0-outdated\.yarn\plugins\@yarnpkg\plugin-outdated.cjs:7:28220)
    at C:\0-outdated\.yarn\plugins\@yarnpkg\plugin-outdated.cjs:8:2348
    at Array.map (<anonymous>)
    at Ee.getOutdatedDependencies (C:\0-outdated\.yarn\plugins\@yarnpkg\plugin-outdated.cjs:8:2217)
    at C:\0-outdated\.yarn\plugins\@yarnpkg\plugin-outdated.cjs:8:376
    at Ft.startSectionPromise (C:\0-outdated\.yarn\releases\yarn-4.0.0-rc.2.cjs:161:2954)
    at Ft.startTimerPromise (C:\0-outdated\.yarn\releases\yarn-4.0.0-rc.2.cjs:161:3834)
➤ YN0000: └ Completed

Expect

No error

First of all, thank you for the cool package.

1. SemVer information: It helps to reduce cognitive loads. There are cases where people ask questions about the meaning of color.
2. URL Highlighting: I think it will be helpful when distinguishing.

Without format=json:

$ yarn outdated
➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed in 25s 650ms

➤ YN0000: Package           Current   Latest    Package Type
➤ YN0000: @types/node       20.1.1    20.1.2    devDependencies
➤ YN0000: @vue/test-utils   1.3.5     2.3.2     devDependencies
➤ YN0000: cypress           12.11.0   12.12.0   devDependencies
➤ YN0000: vue               2.7.14    3.2.47    devDependencies
➤ YN0000: vue-router        3.6.5     4.1.6     devDependencies
➤ YN0000: vue-tsc           1.3.8     1.6.4     devDependencies

➤ YN0000: 6 dependencies are out of date
➤ YN0000: Done with warnings in 25s 657ms

$ echo $?
0

With format=json:

$ yarn outdated --format=json
[{"current":"20.1.1","latest":"20.1.2","name":"@types/node","severity":"patch","type":"devDependencies"},{"current":"1.3.5","latest":"2.3.2","name":"@vue/test-utils","severity":"major","type":"devDependencies"},{"current":"12.11.0","latest":"12.12.0","name":"cypress","severity":"minor","type":"devDependencies"},{"current":"2.7.14","latest":"3.2.47","name":"vue","severity":"major","type":"devDependencies"},{"current":"3.6.5","latest":"4.1.6","name":"vue-router","severity":"major","type":"devDependencies"},{"current":"1.3.8","latest":"1.6.4","name":"vue-tsc","severity":"minor","type":"devDependencies"}]

$ echo $?
1

Please could the json formatted option be made to respect the --check flag, and return 0 if it's not present?

yarn --cwd dir outdated doesn't run the command from dir. You have to already be in dir or it says Outdated lockfile. Please run yarn install and try again. It should use cwd to be consistent with other yarn commands.

Dependency version should be ignored if it's not like a semantic version.

To reproduce

1. Create a package on GitHub
2. yarn add <dependency_name>@<github_username>/<repository_name>
3. yarn outdated

➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0035: │ The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 404 (Not Found)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.yarnpkg.com/<dependency_name>
➤ YN0000: └ Completed in 10s 413ms
➤ YN0000: Failed with errors in 10s 414ms
➤ YN0000: ⠋ =========================================================================-------

Note: package isn't published to any registry.

Hello, thank you for writing this very useful plugin!

Currently, it skips dependencies with patch: protocol. Such dependencies are specified like this:

    "puppeteer": "patch:[email protected]#./patches/puppeteer+10.4.0.patch",

Patches are always applied to a specific version.

However, even though I applied a patch, I would still like to know if there is a new version of the dependency (perhaps they fixed the issue and my patch is no longer needed?).

Thank you!

Could --workspace take an argument that filters the names so we can just check some of them? If there's a big monorepo with lots of projects and subprojects you could only be responsible for updating a some projects instead of everything so this argument can help.

• --workspace @project/* get all subprojects for a project
• --workspace */subproject get the same subproject from all projects
• --workspace @project1/subproject1,@project2/subproject3 get unrelated subprojects

Or could be a new argument like --filter.

Match of pre-release versions (e.g. canary, alpha, beta, rc) should be like this logic.

Example:

1.0.0-alpha < 1.0.0-alpha.1 < 1.0.0-alpha.beta < 1.0.0-beta < 1.0.0-beta.2 < 1.0.0-beta.11 < 1.0.0-rc.1 < 1.0.0

Steps to reproduce

1. yarn init -y
2. yarn set version berry
3. yarn plugin import https://github.com/mskelton/yarn-plugin-outdated/raw/v2.1.1/bundles/@yarnpkg/plugin-outdated.js
4. yarn add next@canary video.js@next
5. yarn outdated

Results

Actual

yarn log:

➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed

➤ YN0000: Package    Current            Latest   Package Type
➤ YN0000: next       11.1.3-canary.29   11.1.2   dependencies
➤ YN0000: video.js   7.15.5             7.15.4   dependencies

➤ YN0000: 2 dependencies are out of date
➤ YN0000: Done with warnings

Expect

No yarn log.

Maybe this regex can help:

const regex = /^([0-9]+\.)([0-9]+\.)([0-9]+).+(\.[0-9]+)$/

console.log(value.match(regex))

// "5.0.0-rc.1" => ["5.0.0-rc.1", "5.", "0.", "0", ".1"]
// "11.1.3-canary.29" => ["11.1.3-canary.29", "11.", "1.", "3", ".29"] 

Or to compare use a lib like semver.

After updating to the most recent version, the plugin no longer executes:

% yarn outdated   
Usage Error: Couldn't find a script named "outdated".

I am using Yarn 2 - not sure if it may be connected.

Can there be an option to hide major version updates? I have package.json files that set exact dependency versions and there are times I just want to do non breaking updates or when I'm stuck on old versions of packages because of breaking changes.

I'd like to hide the major updates and only see minor and patch updates. Now I have to check all the output and ignore the lines that are from major updates. Would be good to run this plugin with a --hide-major option and not see any packages when I'm all up to date with non breaking changes.

Currently no changes are actually required to the plugin to support Yarn 4.x, but we should update the repo to ensure compatibility.

Is there a way i can get list of only outdated dependencies.

Originally posted by @Deepak7985 in yarnpkg/berry#749 (comment)

It would be great to have some type of acceptance tests for this plugin.

Hello,

I'm trying to use this plugin in a CI environment to fail when my dependencies are outdated. However, I have exceptions that I would like to ignore.

This is my current output:

$ yarn outdated --check
➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed in 47s 653ms

➤ YN0000: Package                 Current   Latest   Package Type
➤ YN0000: @pinia/testing          0.0.13    0.0.16   devDependencies
➤ YN0000: @vitejs/plugin-vue2     1.1.2     2.2.0    devDependencies
➤ YN0000: @vue/test-utils         1.3.5     2.3.2    devDependencies
➤ YN0000: start-server-and-test   1.15.4    2.0.0    devDependencies
➤ YN0000: vue                     2.7.14    3.2.47   devDependencies
➤ YN0000: vue-router              3.6.5     4.1.6    devDependencies
➤ YN0000: vue-tsc                 1.3.8     1.6.4    devDependencies

➤ YN0000: 7 dependencies are out of date
➤ YN0000: Failed with errors in 47s 662ms

I would like to exclude both vue and vue-router (I can't upgrade just yet), but I can't seem to find a way to do it. This is what I've tried so far:

Multiple globs. This doesn't seem to work at all:

$ yarn outdated '!vue' '!vue-router' --check
➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed in 32s 72ms

➤ YN0000: Package                 Current   Latest   Package Type
➤ YN0000: @pinia/testing          0.0.13    0.0.16   devDependencies
➤ YN0000: @vitejs/plugin-vue2     1.1.2     2.2.0    devDependencies
➤ YN0000: @vue/test-utils         1.3.5     2.3.2    devDependencies
➤ YN0000: start-server-and-test   1.15.4    2.0.0    devDependencies
➤ YN0000: vue                     2.7.14    3.2.47   devDependencies
➤ YN0000: vue-router              3.6.5     4.1.6    devDependencies
➤ YN0000: vue-tsc                 1.3.8     1.6.4    devDependencies

➤ YN0000: 7 dependencies are out of date
➤ YN0000: Failed with errors in 32s 82ms

Single glob with list. This works, but for some reason also excludes all the namespaced deps, I'm not sure why:

$ yarn outdated '!(vue|vue-router)' --check
➤ YN0000: ┌ Checking for outdated dependencies
➤ YN0000: └ Completed in 18s 665ms

➤ YN0000: Package                 Current   Latest   Package Type
➤ YN0000: start-server-and-test   1.15.4    2.0.0    devDependencies
➤ YN0000: vue-tsc                 1.3.8     1.6.4    devDependencies

➤ YN0000: 2 dependencies are out of date
➤ YN0000: Failed with errors in 18s 671ms

I'm not really sure what else to try. Is there a way I can use this and ignore multiple outdated deps? Thank you.

Hi,
plugin not in npmjs.com

We have a lot of different options, let's flesh out the docs with some better examples and explanations.

It would be nice to have the Yarn 1 behavior where it colors the number that is changing to help draw attention to the diff.

Sometimes it is not possible to upgrade to latest (semver major may contain breaking changes).

So it is useful to see if any new patch/minor versions exist.

Thanks!

To make scenarios like this less problematic

yarn outdated --workspace my-workspace

If the user passes a period, or the current working directory, we'll assuming they mean the current workspace.

yarn outdated --workspace .

Thanks for the cool plugin!

It would be nice to have an URL column. It is convenient to go to the library repository to check the CHANGELOG.
As far as I know, it was showing the repository field from package.json.

The output for the root workspace is root-workspace which isn't great.

#72

The current unit tests are heavily implementation detail dependent. We should update the tests to work more like how Yarn itself runs tests.

It seems to only operate on the package.json in the current directory. The previous merged all them listed in the workspaces property.

First, your plugin is simply awesome. I still can't believe yarn maintainers decided to drop this command...

As for the topic at hand, having to write --url every time goes against years of muscle memory 😅

yarn classic displays urls by default, but having to use --url is the total opposite.

What could be done so we can simply type yarn outdated like we used to and get the result of yarn outdated --url?

• Is there a way to alias yarn outdated --url as yarn outdated?
• Is there a config file?
• Change the default to display url and have a --no-url flag instead?

Originally posted by @TheThirdRace in #54 (comment)

Using a slow network connection (but not terrible, between 3-8 Mbps down, 0.75-1 Mbps up), with 29 devDependencies & 4 dependencies, I measured a wait time of 30 seconds with no visual indication of progress.

Consider something to let the user know Things Are Happening™. Could be very simple, or a package like https://www.npmjs.com/package/cli-progress

Bring back URLs

These were really helpful cause I often jump in some of the URLs to look for changelogs

(These are screenshot from two different projects)

Yarn v1:

Yarn berry:

cheerio has versions like 1.0.0-rc.11 and 1.0.0-rc.12 which isn't being highlighted in colors or included in any severity.

Allow filtering outdated dependencies by dependency type and outdated severity:

yarn outdated --filter=minor
yarn outdated --filter=major,minor
yarn outdated --filter=dependencies,major