Automated Dependency Updates for npm
Categories: js
Renovate supports updating npm dependencies.
File Matching¶
By default, Renovate will check any files matching any of the following regular expressions:
/(^|/)package\.json$/
/(^|/)pnpm-workspace\.yaml$/
For details on how to extend a manager's managerFilePatterns
value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: github-tags
, npm
, node-version
.
Default config¶
{
"managerFilePatterns": [
"/(^|/)package\\.json$/",
"/(^|/)pnpm-workspace\\.yaml$/"
],
"digest": {
"prBodyDefinitions": {
"Change": "{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}"
}
},
"prBodyDefinitions": {
"Change": "[{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}]({{#if depName}}https://renovatebot.com/diffs/npm/{{replace '/' '%2f' depName}}/{{{currentVersion}}}/{{{newVersion}}}{{/if}})"
}
}
Additional Information¶
The following depTypes
are currently supported by the npm manager :
dependencies
devDependencies
optionalDependencies
peerDependencies
engines
: Renovate will update anynode
,npm
andyarn
version specified underengines
.volta
: Renovate will update anynode
,npm
,pnpm
andyarn
version specified undervolta
.packageManager
overrides
resolutions
pnpm.overrides
pnpm.catalog.<name>
, such aspnpm.catalog.default
andpnpm.catalog.myCatalog
. Matches any default and named pnpm catalogs.
npm problems and workarounds¶
Invalid lock file (npm ci fails)¶
Unfortunately, npm
itself sometimes generates invalid lock files which fail npm ci
.
Try adding "postUpdateOptions": ["npmInstallTwice"]
to tell Renovate run any npm install
command (which is used to update lock files) twice.
This is less efficient than running npm once, but has been known to fix most problems of this type.
If this npm bug remains unfixed, and it becomes too frequent for Renovate users, then we may need to modify Renovate to do this by default. Please post feedback to the Renovate repository "Discussions" if you're needing to use this feature frequently or widely.
Yarn¶
Version Selection / Installation¶
If Renovate detects a packageManager
setting for Yarn in package.json
then it will use Corepack to install Yarn.
HTTP Proxy Support¶
Yarn itself does not natively recognize/support the HTTP_PROXY
and HTTPS_PROXY
environment variables.
You can configure RENOVATE_X_YARN_PROXY=true
as an environment variable to enable configuring of Yarn proxy (e.g. if you cannot configure these proxy settings yourself in ~/.yarnrc.yml
).
If set, and Renovate detects Yarn 2+, and one or both of those variables are present, then Renovate will run commands like yarn config set --home httpProxy http://proxy
prior to executing yarn install
.
This will result in the ~/.yarnrc.yml
file being created or modified with these settings, and the settings are not removed afterwards.
Configuration/conversion of NO_PROXY
to Yarn config is not supported.