Automic VaultAutomic Vault

brew

Install npm-check-updates with Homebrew, Nix, pacman

Find newer versions of dependencies than what your package.json allows. Version 22.2.9 via Homebrew; verified 2026-06-29.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install npm-check-updates

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#npm-check-updates

nixpkgs package indexes · pkgs/by-name/np/npm-check-updates/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S npm-check-updates

Arch Linux sync databases · npm-check-updates · source: geo.mirror.pkgbuild.com

overview

Package summary

Find newer versions of dependencies than what your package.json allows

Commands and aliases

  • ncu
  • npm-check-updates

history

Project history and usage

npm-check-updates, usually invoked as ncu, is a long-running Node.js CLI for finding newer dependency versions than the ranges recorded in package.json and optionally rewriting those ranges. Its GitHub repository and npm registry package were both created on 2013-09-07.

Project history

The project's core behavior has stayed focused: compare project dependency declarations with registry versions, preserve the user's version-range style where possible, and write the package file only when asked with -u/--upgrade. The README describes support for npm, yarn, pnpm, deno, and bun, plus CLI and module usage.

By 2026 the project had a large option surface for dependency sections, registries, JSON output, workspaces, interactive upgrades, owner-change reporting, and doctor mode. The npm registry metadata consulted for this batch reported 532 published versions and latest version 22.2.9 published on 2026-06-28.

Adoption history

ncu is a mainstream utility in JavaScript dependency maintenance because it covers a workflow that npm outdated and npm update do not fully replace: reviewing and changing declared ranges in package.json before reinstalling. The GitHub metadata consulted for this batch reported over 10k stars, and the package is available through npm, Homebrew, Nix, and Arch.

npm's public downloads API reported 3,121,600 downloads for npm-check-updates from 2026-05-30 through 2026-06-28 and 31,701,760 downloads from 2025-06-29 through 2026-06-28. Homebrew analytics reported 4,290 formula installs over its 365-day window.

How it is used

Package maintainers use ncu as a review step: run ncu to see available upgrades, inspect changelogs or use output formats such as repo/time/group, then run ncu -u followed by the package manager install command to update the lockfile. Its doctor mode is aimed at the more cautious path: iteratively install upgrades and run tests to isolate breaking updates.

Its practical role is especially visible in projects that do not want an automated bot to make every dependency decision. It gives humans a terse dependency diff, lets them filter by dependency type or package name, and supports alternative package managers while still centering package.json.

Why package nerds care

npm-check-updates is one of the standard 'dependency hygiene' tools in the Node ecosystem: small enough to use by hand, scriptable enough for CI or release chores, and independent of any one package manager's built-in update semantics.

Timeline

  • 2013-09-07: GitHub repository and npm package created.
  • 2026-06-28: npm registry metadata reports version 22.2.9 published.
  • 2026-05-30 to 2026-06-28: npm downloads API reports 3,121,600 downloads.

Related projects

  • npm outdated
  • npm update
  • Renovate
  • Dependabot
  • yarn
  • pnpm
  • bun
  • deno

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for npm-check-updates. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.ncurc.ncurc.json.ncurc.yaml.ncurc.yml.ncurc.js.ncurc.mjs.ncurc.cjs~/.ncurc

executables

Installed executables

CommandKindExposureNote
ncucliglobal executable
npm-check-updatescliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version22.2.9
manager updated2026-06-29
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/raineorshine/npm-check-updates

install metadata

Package metadata

Package keybrew:npm-check-updates
Version22.2.9
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/npm-check-updates
Homepagehttps://github.com/raineorshine/npm-check-updates
Repositoryhttps://github.com/raineorshine/npm-check-updates
Upstream docshttps://github.com/raineorshine/npm-check-updates#readme
LicenseApache-2.0
Source archivehttps://registry.npmjs.org/npm-check-updates/-/npm-check-updates-22.2.9.tgz
Last updated2026-06-29T21:17:57Z
Pulseupdated
Dependenciesnode
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenpm-check-updates
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

npm-check-updates

nix profile install nixpkgs#npm-check-updates
  • normalized package name match
  • Matched by: npm Check Updates
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/np/npm-check-updates/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

npm-check-updates 22.2.3-1

Find newer versions of dependencies than what your package.json allows

https://github.com/raineorshine/npm-check-updates

sudo pacman -S npm-check-updates
  • License: Apache-2.0
  • Architecture: any
  • 1 dependencies
  • normalized package name match
  • Matched by: npm Check Updates
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: npm-check-updates from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment