NPM
kind: npm
Description
The npm crawler looks recursively for all npm dependencies updates from a specific root directory. Then for each of them, it tries to update them.
Manifest
Parameters
| Name | Type | Description | Required |
|---|---|---|---|
| ignore | array | Ignore allows to specify rule to ignore autodiscovery a specific NPM based on a rule | |
| hasversionconstraint | boolean | HasVersionConstraint indicates whether the matching rule should match any version constraint or not. | |
| packages | object | Packages specifies the list of NPM packages to check | |
| path | string | Path specifies a package.json path pattern, the pattern requires to match all of name, not just a substring. | |
| ignoreversionconstraints | boolean | IgnoreVersionConstraints indicates whether to respect version constraints defined in package.json or not. When set to true, Updatecli will ignore version constraints and update to the latest version available in the registry according to the specified version filter. Default is false. Remark:
| |
| npmrcpath | string | NpmrcPath defines the path to the .npmrc file to use for all discovered packages. This will be propagated to all generated npm resource specs. | |
| only | array | Only allows to specify rule to only autodiscover manifest for a specific NPM based on a rule | |
| hasversionconstraint | boolean | HasVersionConstraint indicates whether the matching rule should match any version constraint or not. | |
| packages | object | Packages specifies the list of NPM packages to check | |
| path | string | Path specifies a package.json path pattern, the pattern requires to match all of name, not just a substring. | |
| registrytoken | string | RegistryToken defines the token to use when connecting to the registry. This will be propagated to all generated npm resource specs. | |
| rootdir | string | RootDir defines the root directory used to recursively search for npm packages.json | |
| url | string | URL defines the registry url (defaults to https://registry.npmjs.org/).
This will be propagated to all generated npm resource specs. | |
| versionfilter | object | versionfilter provides parameters to specify the version pattern used when generating manifest. | |
| kind | string | specifies the version kind such as semver, regex, or latest | |
| pattern | string | specifies the version pattern according the version kind for semver, it is a semver constraint for regex, it is a regex pattern for time, it is a date format | |
| regex | string | specifies the regex pattern, used for regex/semver and regex/time. Output of the first capture group will be used. | |
| replaceall | object | replaceAll applies a regex replacement to version strings before filtering. This is useful for transforming versions (e.g., curl-8_15_0 to curl-8.15.0) before regex extraction. | |
| pattern | string | Pattern specifies the regex pattern to match for replacement | |
| replacement | string | Replacement specifies the replacement string (supports $1, $2, etc. for captured groups) | |
| strict | boolean | strict enforce strict versioning rule. Only used for semantic versioning at this time |
Example
Basic Example
# updatecli.d/npm.yaml
autodiscovery:
crawlers:
npm:
rootdir: "."
versionfilter:
kind: semver
pattern: minorPrivate Registry Example
The following example shows how to configure npm autodiscovery to work with a private npm registry:
# updatecli.d/npm-private.yaml
autodiscovery:
crawlers:
npm:
rootdir: "."
# URL of your private npm registry
url: "https://npm.example.com"
# Authentication token (use environment variables for security)
registrytoken: "${NPM_TOKEN}"
# Optional: path to custom .npmrc file
npmrcpath: "/path/to/.npmrc"
versionfilter:
kind: semver
pattern: ">=1.0.0"Note | The url, registrytoken, and npmrcpath parameters are propagated to all generated npm resource specs, allowing consistent authentication across all discovered dependencies. |