Automated Dependency Updates for Npm
Categories: js
Renovate supports updating Npm dependencies.
File Matching¶
By default, Renovate will check any files matching the following regular expression: (^|/)package\.json$
.
For details on how to extend a manager's fileMatch
value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: github-tags
, npm
, node-version
.
Default config¶
{
"fileMatch": [
"(^|/)package\\.json$"
],
"digest": {
"prBodyDefinitions": {
"Change": "{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}"
}
},
"prBodyDefinitions": {
"Change": "[{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}]({{#if depName}}https://renovatebot.com/diffs/npm/{{replace '/' '%2f' depName}}/{{{currentVersion}}}/{{{newVersion}}}{{/if}})"
}
}
Additional Information¶
The following depTypes
are currently supported by the npm manager :
dependencies
devDependencies
optionalDependencies
peerDependencies
engines
: Renovate will update anynode
,npm
andyarn
version specified underengines
.volta
: Renovate will update anynode
,npm
,pnpm
andyarn
version specified undervolta
.packageManager
Yarn¶
Version Selection / Installation¶
If Renovate detects a packageManager
setting for Yarn in package.json
then it will use Corepack to install Yarn.
HTTP Proxy Support¶
Yarn itself does not natively recognize/support the HTTP_PROXY
and HTTPS_PROXY
environment variables.
You can configure RENOVATE_X_YARN_PROXY=true
as an environment variable to enable configuring of Yarn proxy (e.g. if you cannot configure these proxy settings yourself in ~/.yarnrc.yml
).
If set, and Renovate detects Yarn 2+, and one or both of those variables are present, then Renovate will run commands like yarn config set --home httpProxy http://proxy
prior to executing yarn install
.
This will result in the ~/.yarnrc.yml
file being created or modified with these settings, and the settings are not removed afterwards.
Configuration/conversion of NO_PROXY
to Yarn config is not supported.
Open items¶
The below list of features and bugs were current when this page was generated on October 12, 2024.
Feature requests¶
- Support pnpm Catalogs #30079
- Node.js | Follow dist tag automatically #29303
- Support pnpm aliases #28541
- Renovate Yarn's
packageExtensions
in .yarnrc.yml #19163 - Default npm to use default version from node #19044
- PNPM + package from GIT using YARN #18005
- Support
node_modules
that live in source control #13926 - Option to regenerate lock files during updates #13470
- Add source URL compare links for npm digest updates #12112
chore
commit type when only the lockfile is updated #6791- Feature request: Rushjs monorepo support #3681
Bug reports¶
- Set
npmToken
value in npmrc string even when it is not withtinencrypted
object #31808 - Avoid accidental commit of .yarnrc.yml modifications #29325
- In workspaces, Renovate sources "major updates" from the package-lock.json rather than package.json #26312
- Yarn: Error updating complex resolutions when yarn@4.0.1 is defined as packageManager #25853
- Mismatch between PR title/body and bumped version when remediating yarn range #20929
- Cannot handle yarn v3 and private registry #14756
- Renovate cannot upgrade npm to an incompatible version when
engine-strict=true
is in.npmrc
#12068