[RRFC] New --ci flag for npm outdated command

[khalyomede]

Motivation ("The Why")

Using NPM, we can check for outdated packages:

khalyomede@ubuntu:~/programming/test npm outdated

Package             Current  Wanted  Latest  Location                         Depended by
workbox-core          6.5.3   6.5.3   6.5.4  node_modules/workbox-core        node
workbox-routing       6.5.3   6.5.3   6.5.4  node_modules/workbox-routing     node
workbox-strategies    6.5.3   6.5.3   6.5.4  node_modules/workbox-strategies  node

khalyomede@ubuntu:~/programming/test echo $?
0

I also have a CI that is running everytime I push a commit on the main branch, and will check for missing updates to pull. Unfortunately, no flags exists to make this command to return a non zero code when it finds outdated packages.

Example

I suggest to have a new --ci flag (inspired by npm ci command), to make the outdated check to return a non-zero code when some packages have been found for greater versions.

khalyomede@ubuntu:~/programming/test npm outdated --ci

Package             Current  Wanted  Latest  Location                         Depended by
workbox-core          6.5.3   6.5.3   6.5.4  node_modules/workbox-core        node
workbox-routing       6.5.3   6.5.3   6.5.4  node_modules/workbox-routing     node
workbox-strategies    6.5.3   6.5.3   6.5.4  node_modules/workbox-strategies  node

khalyomede@ubuntu:~/programming/test echo $?
1

How

Current Behaviour

No flags exist to return a non-zero code.

Desired Behaviour

An flag is available to return a non-zero code.

References

Split from

npm/cli#5208

Existing arts

Composer (PHP) is providing a flag for it behind the --strict flag:

khalyomede@ubuntu:~/programming/test-php composer outdated --direct 
Info from https://repo.packagist.org: #StandWithUkraine
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
aws/aws-sdk-php 3.231.15 3.231.17 AWS SDK for PHP - Use Amazon Web Services in your PHP project
laravel/sanctum v2.15.1  v3.0.0   Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.

khalyomede@ubuntu:~/programming/test-php echo $?
0

khalyomede@ubuntu:~/programming/test-php composer outdated --direct --strict
Info from https://repo.packagist.org: #StandWithUkraine
Color legend:
- patch or minor release available - update recommended
- major release available - update possible
aws/aws-sdk-php 3.231.15 3.231.17 AWS SDK for PHP - Use Amazon Web Services in your PHP project
laravel/sanctum v2.15.1  v3.0.0   Laravel Sanctum provides a featherweight authentication system for SPAs and simple APIs.

khalyomede@ubuntu:~/programming/test-php echo $?
1

[tiennou]

Right now, npm outdated --json is really hard to use because of that non-zero error status it returns; all of the sync-exec variants of Node's stdlib raise in that case, which means that the output cannot be recovered without doing unholy things (redirect to tmp, execute, read from tmp, delete tmp), and the alternative of using the promisified-exec variant isn't exactly viable if the check happens deep inside low-level code and would need a lot of functions to be async-recolored.

As I said in #473, I'd add an npm outdated --check that returns 1 and no output if there are outdated dependencies, for the purpose of tooling that only cares about whether everything is up-to-date — vs. me who wants the list of what isn't updated and act on it programmatically.

So the error return would be:

• network failure, or invalid package.json, return 1,
• --check is passed and there are outdated packages installed, return 1,
• otherwise return 0.

I guess an alternative, preserving the current behavior, would be a flag like --silent, but --json --silent and expecting output to parse feels… weird. Or even just making --json always return 0, because otherwise you can only ever get {} or an error thrown.