Automated Dependency Updates for npm
Categories: js
Renovate supports updating npm dependencies.
File Matching¶
By default, Renovate will check any files matching any of the following regular expressions:
/(^|/)package\.json$/
/(^|/)pnpm-workspace\.yaml$/
/(^|/)\.yarnrc\.yml$/
For details on how to extend a manager's managerFilePatterns value, please follow this link.
Supported datasources¶
This manager supports extracting the following datasources: github-tags, npm, node-version.
Dependency types¶
This manager extracts the following depType values:
depType |
prettyDepType |
Description |
|---|---|---|
dependencies |
dependency |
Listed under dependencies |
devDependencies |
devDependency |
Listed under devDependencies |
optionalDependencies |
optionalDependency |
Listed under optionalDependencies |
peerDependencies |
peerDependency |
Listed under peerDependencies |
engines |
engine |
Listed under engines |
volta |
volta |
Listed under volta |
resolutions |
resolutions |
Listed under resolutions (Yarn) |
packageManager |
packageManager |
Listed under packageManager |
overrides |
overrides |
Listed under overrides |
pnpm |
pnpm |
Listed under the top-level pnpm field |
pnpm.overrides |
overrides |
Listed under pnpm.overrides |
pnpm-workspace.overrides |
overrides |
Listed under overrides in a pnpm workspace YAML file |
Additionally, catalog dependencies produce dynamic depType values: pnpm.catalog.<name> for pnpm catalogs and yarn.catalog.<name> for yarn catalogs.
Default config¶
{
"managerFilePatterns": [
"/(^|/)package\\.json$/",
"/(^|/)pnpm-workspace\\.yaml$/",
"/(^|/)\\.yarnrc\\.yml$/"
],
"digest": {
"prBodyDefinitions": {
"Change": "{{#if displayFrom}}`{{{displayFrom}}}` → {{else}}{{#if currentValue}}`{{{currentValue}}}` → {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}"
}
},
"prBodyDefinitions": {
"Change": "[{{#if displayFrom}}`{{{displayFrom}}}` → {{else}}{{#if currentValue}}`{{{currentValue}}}` → {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}]({{#if depName}}https://renovatebot.com/diffs/npm/{{replace '/' '%2f' depName}}/{{{currentVersion}}}/{{{newVersion}}}{{/if}})"
}
}
Lock File Maintenance¶
This manager supports lockFileMaintenance for the following file(s):
package-lock.jsonpnpm-lock.yamlyarn.lock
Additional Information¶
npm problems and workarounds¶
Invalid lock file (npm ci fails)¶
Unfortunately, npm itself sometimes generates invalid lock files which fail npm ci.
Try adding "postUpdateOptions": ["npmInstallTwice"] to tell Renovate run any npm install command (which is used to update lock files) twice.
This is less efficient than running npm once, but has been known to fix most problems of this type.
If this npm bug remains unfixed, and it becomes too frequent for Renovate users, then we may need to modify Renovate to do this by default. Please post feedback to the Renovate repository "Discussions" if you're needing to use this feature frequently or widely.
Yarn¶
Version Selection / Installation¶
If Renovate detects a packageManager setting for Yarn in package.json then it will use Corepack to install Yarn.
HTTP Proxy Support¶
Yarn itself does not natively recognize/support the HTTP_PROXY and HTTPS_PROXY environment variables.
You can configure RENOVATE_X_YARN_PROXY=true as an environment variable to enable configuring of Yarn proxy (e.g. if you cannot configure these proxy settings yourself in ~/.yarnrc.yml).
If set, and Renovate detects Yarn 2+, and one or both of those variables are present, then Renovate will run commands like yarn config set --home httpProxy http://proxy prior to executing yarn install.
This will result in the ~/.yarnrc.yml file being created or modified with these settings, and the settings are not removed afterwards.
Configuration/conversion of NO_PROXY to Yarn config is not supported.