Skip to content

[BUG] npm outdated --json doesn't provide distinct workspace packages information #7736

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
apexskier opened this issue Aug 20, 2024 · 1 comment · Fixed by #8110
Closed
2 tasks done

[BUG] npm outdated --json doesn't provide distinct workspace packages information #7736

apexskier opened this issue Aug 20, 2024 · 1 comment · Fixed by #8110
Labels
Bug thing that needs fixing Priority 2 secondary priority issue

Comments

@apexskier
Copy link

apexskier commented Aug 20, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

This issue exists in the latest npm version

  • I am using the latest npm

Current Behavior

npm outdated --json dependent field contains a non-identifying string for the package. It can't be used to uniquely identify a local workspace it's referring to. Without --json, you can determine, but I don't want to rely on that for parsing.

Expected Behavior

I'd expect --json's dependent field to contain something I can use to uniquely identify the package, whether it a sub-package in the local workspace, the main package, or something on the registry.

Steps To Reproduce

  1. Clone https://github.com/apexskier/npm-outdated-bug-repro
  2. Run npm outdated --json.

You'll see the output:

{
  "eslint": [
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    },
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    }
  ]
}

Now imagine one of those eslint installs was up to date. Which package is it actually for?

I'd expect to see:

{
  "eslint": [
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "./a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    },
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "./nest/a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    }
  ]
}

or

{
  "eslint": [
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    },
    {
      "current": "8.57.0",
      "wanted": "8.57.0",
      "latest": "9.9.0",
      "dependent": "nested-a",
      "location": "/Users/cameronlittle/Developer/test/node_modules/eslint"
    }
  ]
}

Environment

  • npm: 10.8.2
  • Node.js: v22.3.0
  • OS Name: macOS
  • System Model Name: 14.5 (23F79)
  • npm config:
; "builtin" config from /opt/homebrew/lib/node_modules/npm/npmrc

prefix = "/opt/homebrew"

; "user" config from /Users/cameronlittle/.npmrc

//registry.npmjs.org/:_authToken = (protected)

; node bin location = /opt/homebrew/Cellar/node/22.3.0/bin/node
; node version = v22.3.0
; npm local prefix = /Users/cameronlittle/Developer/test
; npm version = 10.8.2
; cwd = /Users/cameronlittle/Developer/test
; HOME = /Users/cameronlittle
; Run `npm config ls -l` to show all defaults.
@apexskier apexskier added Bug thing that needs fixing Needs Triage needs review for next steps labels Aug 20, 2024
@apexskier apexskier changed the title [BUG] npm outdated --json doesn't provide distinct workspace information [BUG] npm outdated --json doesn't provide distinct workspace packages information Aug 20, 2024
@apexskier
Copy link
Author

Additionally, the root package's "dependent" is the name of its folder, which is a little odd. This shows in the human readable output as well (without --json). This'll have the same ambiguity if a sub-folder with the same name is used as a sub-package.

@kchindam-infy kchindam-infy added Priority 2 secondary priority issue and removed Needs Triage needs review for next steps labels Dec 2, 2024
@milaninfy milaninfy mentioned this issue Feb 27, 2025
Merged
reggi pushed a commit that referenced this issue Apr 17, 2025
@milaninfy @wraithgar @reggi
fix(outdated): add dependent location in long output (#8110)
d553684 
Add dependent location details when using `--long` version of the output
to identify who is the dependent of the outdated dependencies.
Fixes: #7736

Test output
<img width="1443" alt="Screenshot 2025-04-02 at 1 27 02 PM"
src="https://github.com/user-attachments/assets/cf9cd91e-06c1-403b-a57e-53fa9d80ef01"
/>

---------

Co-authored-by: Gar <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Priority 2 secondary priority issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(outdated): add dependent location in long output milaninfy/npm-cli
2 participants
@apexskier @kchindam-infy