Skip to content

Automated Dependency Updates for Npm

Categories: js

Renovate supports updating Npm dependencies.

File Matching

By default, Renovate will check any files matching the following regular expression: (^|/)package\.json$.

For details on how to extend a manager's fileMatch value, please follow this link.

Supported datasources

This manager supports extracting the following datasources: github-tags, npm.

Default config

{
  "fileMatch": [
    "(^|/)package\\.json$"
  ],
  "versioning": "npm",
  "digest": {
    "prBodyDefinitions": {
      "Change": "{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}"
    }
  },
  "prBodyDefinitions": {
    "Change": "[{{#if displayFrom}}`{{{displayFrom}}}` -> {{else}}{{#if currentValue}}`{{{currentValue}}}` -> {{/if}}{{/if}}{{#if displayTo}}`{{{displayTo}}}`{{else}}`{{{newValue}}}`{{/if}}]({{#if depName}}https://renovatebot.com/diffs/npm/{{replace '/' '%2f' depName}}/{{{currentVersion}}}/{{{newVersion}}}{{/if}})"
  }
}

Additional Information

The following depTypes are currently supported by the npm manager :

  • dependencies
  • devDependencies
  • optionalDependencies
  • peerDependencies
  • engines : Renovate will update any node, npm and yarn version specified under engines.
  • volta : Renovate will update any node, npm, pnpm and yarn version specified under volta.
  • packageManager

Open items

The below list of features and bugs were current when this page was generated on December 08, 2023.

Feature requests

  • Support pnpm workspaces #25335
  • Support rangeStrategy=update-lockfile for pnpm #21438
  • Renovate Yarn's packageExtensions in .yarnrc.yml #19163
  • Default npm to use default version from node #19044
  • PNPM + package from GIT using YARN #18005
  • Support for pnpm.overrides #17298
  • Support node_modules that live in source control #13926
  • Option to regenerate lock files during updates #13470
  • Add source URL compare links for npm digest updates #12112
  • chore commit type when only the lockfile is updated #6791
  • Feature request: Rushjs monorepo support #3681

Bug reports

  • Yarn: Error updating complex resolutions when yarn@4.0.1 is defined as packageManager #25853
  • Mismatch between PR title/body and bumped version when remediating yarn range #20929
  • Cannot handle yarn v3 and private registry #14756
  • Renovate cannot upgrade npm to an incompatible version when engine-strict=true is in .npmrc #12068