Action to report npm outdated packages on a pull request and add a customizable comment,
also includes output of npm-check-updates and npm update --dry-run.
This action will comment on a PR if packages are outdated. As packages are updated, the comment is updated. No comment is added on pulls when everything is up-to-date to reduce spam.
You can customize the heading, column visibility, column order, and reporting on wanted or latest. Check out the Comment Examples to see more.
Note
This action is under active development.
Please request any features
you would like to see and report any issues you find.
| Input | Req. | Default Value | Input Description |
|---|---|---|---|
| columns | - | n,c,w,l |
Customize Table Columns |
| latest | - | true |
Report if Latest > Wanted |
| heading | - | ### NPM Outdated Check |
Comment Heading |
| open | - | true |
Details Open by Default |
| ncu | - | true |
Show npm-check-updates Output |
| update | - | true |
Show npm update --dry-run Output |
| link | - | true |
Use Hyperlink for Names |
| exclude | - | - | CSV of Package Names to Exclude |
| fail | - | false |
Fail Job if Updates are Found |
| summary | - | true |
Add Workflow Job Summary * |
| token | - | github.token |
For use with a PAT |
summary: Will add result details to the job summary on the workflow run.
π View Example Job Summary
PR Comment: #4
PR Comment will Appear Here
Config
columns: ["n","c","w","l"]
latest: true
heading: "### NPM Outdated Check"
open: true
ncu: true
update: true
link: true
summary: trueAt a minimum, you need to checkout the repository. The workspace should also be somewhat "clean".
The action will run a npm clean-install npm ci. If this fails it will report the errors and skip the checks.
- name: 'Checkout'
uses: actions/checkout@v4
- name: 'NPM Outdated Check'
uses: cssnr/npm-outdated-action@master
continue-on-error: trueNote: continue-on-error: true is used to prevent the workflow from failing if the action fails.
If you want the job to fail, remove continue-on-error and set fail: true.
See the Comment Options for more details on inputs.
You can also view more Examples below.
This action requires the following permissions to add pull request comments:
permissions:
pull-requests: writePermissions documentation for Workflows and Actions.
| Output | Empty | Output Description |
|---|---|---|
| outdated | {} |
Outdated JSON Object |
| ncu | |
NPM Check Updates Output |
| update | |
NPM Update Dry Run Output |
| markdown | - | Results Markdown Output |
This outputs the outdated JSON object string, ncu output, npm update output, and the markdown results.
- name: 'NPM Outdated Check'
id: outdated
uses: cssnr/npm-outdated-action@master
- name: 'Echo Output'
env:
OUTDATED: ${{ steps.outdated.outputs.outdated }}
NCU: ${{ steps.outdated.outputs.ncu }}
UPDATE: ${{ steps.outdated.outputs.update }}
MARKDOWN: ${{ steps.outdated.outputs.markdown }}
run: |
echo "outdated: '${{ env.OUTDATED }}'"
echo "ncu: '${{ env.NCU }}'"
echo "update: '${{ env.UPDATE }}'"
echo "markdown: '${{ env.MARKDOWN }}'"Note: due to the way ${{}} expressions are evaluated, multi-line output gets executed in a run block.
JSON Schema
{
"@package/name": {
"current": "1.0.0",
"wanted": "1.0.1",
"latest": "2.0.0",
"dependent": "npm-outdated-action",
"location": "node_modules/name"
}
}More Output Examples Coming Soon...
latest: To disable reporting of latest and ONLY show wanted, set this to false.
heading: You can customize the heading or set to an empty string to remove it.
open: Set to false for sections to be closed (collapsed/not open) by default.
ncu: Set this to false to disable reporting the output of npx npm-check-updates.
update: Set this to false to disable reporting the output of npm update --dry-run.
link: Set this to false to use plain text for package names instead of hyperlinks.
exclude: Packages to ignore/omit when running checks; example @eslint/js,tsparticles.
fail: Set this to true to fail if updates are found to enforce this through status checks.
columns: Customize column visibility and order.
This must be a perfectly formatted CSV with any combination of these keys:
Default value: n,c,w,l
| Key | Column | Description |
|---|---|---|
n |
Package Name | Name of Package |
c |
Current | Current Version |
w |
Wanted | Wanted Version |
l |
Latest | Latest Version |
d |
Dependent | Dependent Package |
p |
Location | Path of Package |
π View the Column Map
const maps = {
n: { align: 'l', col: 'Package Name' },
c: { align: 'c', col: 'Current' },
w: { align: 'c', col: 'Wanted' },
l: { align: 'c', col: 'Latest' },
d: { align: 'l', col: 'Dependent' },
p: { align: 'l', col: 'Location' },
}Note: the examples are generated with no heading and default options.
π· Full Example Closed
npm outdated
| Package Name | Current | Wanted | Latest |
|---|---|---|---|
| axios | 1.8.3 | 1.8.4 | - |
npm-check-updates
@eslint/js ^9.20.0 β ^9.22.0
axios ^1.8.3 β ^1.8.4
npm update --dry-run
change undici 5.28.5 => 5.29.0
change axios 1.8.3 => 1.8.4
change @pkgr/core 0.1.1 => 0.1.2
change @octokit/types 13.8.0 => 13.10.0
change @octokit/openapi-types 23.0.1 => 24.2.0
change @octokit/core 5.2.0 => 5.2.1
changed 6 packages in 4s
32 packages are looking for funding
run `npm fund` for details
π· Full Example Open
npm outdated
| Package Name | Current | Wanted | Latest |
|---|---|---|---|
| axios | 1.8.3 | 1.8.4 | - |
npm-check-updates
@eslint/js ^9.20.0 β ^9.22.0
axios ^1.8.3 β ^1.8.4
npm update --dry-run
change undici 5.28.5 => 5.29.0
change axios 1.8.3 => 1.8.4
change @pkgr/core 0.1.1 => 0.1.2
change @octokit/types 13.8.0 => 13.10.0
change @octokit/openapi-types 23.0.1 => 24.2.0
change @octokit/core 5.2.0 => 5.2.1
changed 6 packages in 4s
32 packages are looking for funding
run `npm fund` for details
π· Only One Outdated Package
npm outdated
| Package Name | Current | Wanted | Latest |
|---|---|---|---|
| npm-check-updates | 17.1.15 | 17.1.16 | - |
npm-check-updates
npm-check-updates ^17.1.15 β ^17.1.16
npm update --dry-run
change npm-check-updates 17.1.15 => 17.1.16
changed 1 package
π· After Everything Updated
β All packages are up-to-date.
Note: this only appears if a previous comment is edited and does not show up on a new PR with no outdated packages.
More Comment Examples Coming Soon...
π‘ Click on an example heading to expand or collapse the example.
Custom Heading
- name: 'Package Changelog Action'
uses: cssnr/npm-outdated-action@master
continue-on-error: true
with:
heading: '**NPM Changelog**'Remove Heading
- name: 'Package Changelog Action'
uses: cssnr/npm-outdated-action@master
continue-on-error: true
with:
heading: ''This puts latest before current and adds dependent.
Fail Status Check if Outdated
- name: 'Package Changelog Action'
uses: cssnr/npm-outdated-action@master
with:
fail: trueCustom Column Order
- name: 'Package Changelog Action'
uses: cssnr/npm-outdated-action@master
continue-on-error: true
with:
columns: 'n,l,c,w,d'This puts latest before current and adds dependent.
Disable NCU Check
- name: 'Package Changelog Action'
uses: cssnr/npm-outdated-action@master
continue-on-error: true
with:
ncu: falseThis puts latest before current and adds dependent.
Disable Update Check
- name: 'Package Changelog Action'
uses: cssnr/npm-outdated-action@master
continue-on-error: true
with:
update: falseThis puts latest before current and adds dependent.
Full Workflow Example
If you don't have a pull_request workflow already you can use this one.
Simply create a file called pull.yaml in the .github/workflows directory: .github/workflows/pull.yaml
Then add the below content to the file, save, commit, and create a PR...
name: 'Pull'
on:
pull_request:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
pull:
name: 'Pull'
runs-on: ubuntu-latest
timeout-minutes: 5
permissions:
pull-requests: write
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: 'NPM Outdated Check'
uses: cssnr/npm-outdated-action@masterMore Examples Coming Soon...
The following rolling tags are maintained.
| Version Tag | Rolling | Bugs | Feat. | Name | Target | Example |
|---|---|---|---|---|---|---|
 |
β | β | β | Major | vN.x.x |
vN |
 |
β | β | β | Minor | vN.N.x |
vN.N |
 |
β | β | β | Micro | vN.N.N |
vN.N.N |
You can view the release notes for each version on the releases page.
The Major tag is recommended. It is the most up-to-date and always backwards compatible. Breaking changes would result in a Major version bump. At a minimum you should use a Minor tag.
- Automatically report npm outdated packages on a PR and add a comment.
- Report wanted and latest with option to only report wanted.
- Option to exclude packages by name from being reported.
- Option to customize columns visibility and columns order.
- Option to display results expanded or collapsed.
- Option to display
npx npm-check-updatesoutput. - Option to display
npm update --dry-runoutput. - Outputs outdated, ncu, update, and markdown results.
- Custom Column Alignment
- Custom Column Titles
- Custom Section Text
Want to show package changes on release notes? Check out: cssnr/package-changelog-action
Want to automatically updated tags on release? Check out: cssnr/update-version-tags-action
If you would like to see a new feature, please submit a feature request.
For general help or to request a feature, see:
- Q&A Discussion: https://github.com/cssnr/npm-outdated-action/discussions/categories/q-a
- Request a Feature: https://github.com/cssnr/npm-outdated-action/discussions/categories/feature-requests
If you are experiencing an issue/bug or getting unexpected results, you can:
- Report an Issue: https://github.com/cssnr/npm-outdated-action/issues
- Chat with us on Discord: https://discord.gg/wXy6m2X8wY
- Provide General Feedback: https://cssnr.github.io/feedback/
For more information, see the CSSNR SUPPORT.md.
Currently, the best way to contribute to this project is to star this project on GitHub.
For more information, see the CSSNR CONTRIBUTING.md.
Additionally, you can support other GitHub Actions I have published:
- Stack Deploy Action
- Portainer Stack Deploy
- VirusTotal Action
- Mirror Repository Action
- Update Version Tags Action
- Update JSON Value Action
- Parse Issue Form Action
- Cloudflare Purge Cache Action
- Mozilla Addon Update Action
- Docker Tags Action
- Package Changelog Action
- NPM Outdated Check Action
For a full list of current projects to support visit: https://cssnr.github.io/