Skip to content

Automated Dependency Updates for Npm

Categories: js

Renovate supports updating Npm dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)package\.json$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: github-tags, npm, node-version.

Default config

{
  "fileMatch": [
    "(^|/)package\\.json$"
  ],
  "digest": {
    "prBodyDefinitions": {
      "Change": "{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}"
    }
  },
  "prBodyDefinitions": {
    "Change": "[{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}]({{#if depName}}https://renovatebot.com/diffs/npm/{{replace '/' '%2f' depName}}/{{{currentVersion}}}/{{{newVersion}}}{{/if}})"
  }
}

Additional Information

The following depTypes are currently supported by the npm manager :

  • dependencies
  • devDependencies
  • optionalDependencies
  • peerDependencies
  • engines : Renovate will update any node, npm and yarn version specified under engines.
  • volta : Renovate will update any node, npm, pnpm and yarn version specified under volta.
  • packageManager

Yarn

Version Selection / Installation

If Renovate detects a packageManager setting for Yarn in package.json then it will use Corepack to install Yarn.

HTTP Proxy Support

Yarn itself does not natively recognize/support the HTTP_PROXY and HTTPS_PROXY environment variables.

You can configure RENOVATE_X_YARN_PROXY=true as an environment variable to enable configuring of Yarn proxy (e.g. if you cannot configure these proxy settings yourself in ~/.yarnrc.yml).

If set, and Renovate detects Yarn 2+, and one or both of those variables are present, then Renovate will run commands like yarn config set --home httpProxy http://proxy prior to executing yarn install. This will result in the ~/.yarnrc.yml file being created or modified with these settings, and the settings are not removed afterwards.

Configuration/conversion of NO_PROXY to Yarn config is not supported.

Open items

The below list of features and bugs were current when this page was generated on October 12, 2024.

Feature requests

  • Support pnpm Catalogs #30079
  • Node.js | Follow dist tag automatically #29303
  • Support pnpm aliases #28541
  • Renovate Yarn's packageExtensions in .yarnrc.yml #19163
  • Default npm to use default version from node #19044
  • PNPM + package from GIT using YARN #18005
  • Support node_modules that live in source control #13926
  • Option to regenerate lock files during updates #13470
  • Add source URL compare links for npm digest updates #12112
  • chore commit type when only the lockfile is updated #6791
  • Feature request: Rushjs monorepo support #3681

Bug reports

  • Set npmToken value in npmrc string even when it is not withtin encrypted object #31808
  • Avoid accidental commit of .yarnrc.yml modifications #29325
  • In workspaces, Renovate sources "major updates" from the package-lock.json rather than package.json #26312
  • Yarn: Error updating complex resolutions when yarn@4.0.1 is defined as packageManager #25853
  • Mismatch between PR title/body and bumped version when remediating yarn range #20929
  • Cannot handle yarn v3 and private registry #14756
  • Renovate cannot upgrade npm to an incompatible version when engine-strict=true is in .npmrc #12068