Menu
I run git command npm outdated in bash on a mac.
See the output in the image below.
Does anyone know why the first four packages are printed in red?
I guess it's because I have them pointing to github repos in my package.json, but why the red?
Is it a warning? Should I worry?
Thank you.
837
Description. This command will check the registry to see if any (or, specific) installed packages are currently outdated. By default, only the direct dependencies of the root project and direct dependencies of your configured workspaces are shown.
json. Red means there's a newer version matching your semver requirements, so you should update now. Yellow indicates that there's a newer version above your semver requirements (usually new major, or new 0. x minor) so proceed with caution.
You have to be careful when depending on packages that are Github-hosted: if you're just pointing to the master branch of a package (which is the default when adding such dependencies), you can get in all sorts of trouble when that branch is updated and it's either not functional (it happens) or it breaks backward compatibility (that happens too).
I think this is what npm is trying to tell you.
FWIW, you should always include an identifier to a particular commit/tag/sha when you're dealing with Github-hosted dependencies. See this for more documentation. Although I doubt that npm won't also mark these URL's as red, because it's still possible for any of those identifiers to get invalidated.
EDIT: perhaps not quite.
Looking at it a little closer, it'll show the package name in red if the installed version doesn't (semver-)match the required version as set in package.json. In case of Github-hosted packages these will probably never match, hence the red.
Yellow is used when the installed version matches the required version, but there's a more recent version available in the NPM repository.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
