Automic VaultAutomic Vault

brew

使用 Homebrew, Nix, pacman 安装 npm-check-updates

查看 npm-check-updates 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

安装

其他安装命令

macOS

Homebrew已验证 · 100%
brew install npm-check-updates

local Homebrew formula metadata

Linux

Nix已验证 · 92%
nix profile install nixpkgs#npm-check-updates

nixpkgs package indexes · pkgs/by-name/np/npm-check-updates/package.nix · 来源: api.github.com

Arch Linux pacman已验证 · 92%
sudo pacman -S npm-check-updates

Arch Linux sync databases · npm-check-updates · 来源: geo.mirror.pkgbuild.com

概览

软件包摘要

Find newer versions of dependencies than what your package.json allows

命令和别名

  • ncu
  • npm-check-updates

历史

项目历史与用法

npm-check-updates, usually invoked as ncu, is a long-running Node.js CLI for finding newer dependency versions than the ranges recorded in package.json and optionally rewriting those ranges. Its GitHub repository and npm registry package were both created on 2013-09-07.

项目历史

The project's core behavior has stayed focused: compare project dependency declarations with registry versions, preserve the user's version-range style where possible, and write the package file only when asked with -u/--upgrade. The README describes support for npm, yarn, pnpm, deno, and bun, plus CLI and module usage.

By 2026 the project had a large option surface for dependency sections, registries, JSON output, workspaces, interactive upgrades, owner-change reporting, and doctor mode. The npm registry metadata consulted for this batch reported 532 published versions and latest version 22.2.9 published on 2026-06-28.

采用历史

ncu is a mainstream utility in JavaScript dependency maintenance because it covers a workflow that npm outdated and npm update do not fully replace: reviewing and changing declared ranges in package.json before reinstalling. The GitHub metadata consulted for this batch reported over 10k stars, and the package is available through npm, Homebrew, Nix, and Arch.

npm's public downloads API reported 3,121,600 downloads for npm-check-updates from 2026-05-30 through 2026-06-28 and 31,701,760 downloads from 2025-06-29 through 2026-06-28. Homebrew analytics reported 4,290 formula installs over its 365-day window.

使用方式

Package maintainers use ncu as a review step: run ncu to see available upgrades, inspect changelogs or use output formats such as repo/time/group, then run ncu -u followed by the package manager install command to update the lockfile. Its doctor mode is aimed at the more cautious path: iteratively install upgrades and run tests to isolate breaking updates.

Its practical role is especially visible in projects that do not want an automated bot to make every dependency decision. It gives humans a terse dependency diff, lets them filter by dependency type or package name, and supports alternative package managers while still centering package.json.

为什么软件包爱好者会关心

npm-check-updates is one of the standard 'dependency hygiene' tools in the Node ecosystem: small enough to use by hand, scriptable enough for CI or release chores, and independent of any one package manager's built-in update semantics.

时间线

  • 2013-09-07: GitHub repository and npm package created.
  • 2026-06-28: npm registry metadata reports version 22.2.9 published.
  • 2026-05-30 to 2026-06-28: npm downloads API reports 3,121,600 downloads.

Related projects

  • npm outdated
  • npm update
  • Renovate
  • Dependabot
  • yarn
  • pnpm
  • bun
  • deno

安全态势

尚未找到受保护工具覆盖

没有找到 npm-check-updates 的匹配本地密钥处理 manifest。Nucleus 软件包元数据仍在此发布,以便未来覆盖拥有稳定的软件包 URL。

安装行为

  • formula 元数据中未记录 Homebrew post-install 钩子。
  • Homebrew bottle 元数据适用于 1 个平台目标。
  • 安装时包含 1 个运行时依赖。

建议审查

在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
.ncurc.ncurc.json.ncurc.yaml.ncurc.yml.ncurc.js.ncurc.mjs.ncurc.cjs~/.ncurc

可执行文件

已安装的可执行文件

命令类型暴露范围备注
ncucli全局可执行文件
npm-check-updatescli全局可执行文件

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-07-10
管理器版本22.2.9
管理器更新时间2026-06-29
本地数据OK
上游not checked
检测到的最新版本未检测到

https://github.com/raineorshine/npm-check-updates

安装元数据

软件包元数据

软件包键brew:npm-check-updates
版本22.2.9
软件包管理器Homebrew
软件包管理器页面https://formulae.brew.sh/formula/npm-check-updates
主页https://github.com/raineorshine/npm-check-updates
仓库https://github.com/raineorshine/npm-check-updates
上游文档https://github.com/raineorshine/npm-check-updates#readme
许可证Apache-2.0
源码归档https://registry.npmjs.org/npm-check-updates/-/npm-check-updates-22.2.9.tgz
最后更新2026-06-29T21:17:57Z
Pulseupdated
依赖node
Bottle可用 (于 all)
Homebrew post-install未定义
服务未声明

注册表事实

源数据库详情

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenpm-check-updates
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

源数据库匹配

其他软件包管理器记录

匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。

Nix95%

npm-check-updates

nix profile install nixpkgs#npm-check-updates
  • normalized package name match
  • 匹配方式:npm Check Updates
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/np/npm-check-updates/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
pacman95%

npm-check-updates 22.2.3-1

Find newer versions of dependencies than what your package.json allows

https://github.com/raineorshine/npm-check-updates

sudo pacman -S npm-check-updates
  • License: Apache-2.0
  • Architecture: any
  • 1 依赖
  • normalized package name match
  • 匹配方式:npm Check Updates
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: npm-check-updates from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment