Automated Dependency Updater CLI Tool

A CLI tool that automatically checks for outdated dependencies in Node.js projects and creates pull requests with updated versions, including changelog summaries.

visit npmjs

Table of Contents

• Features
• Why It’s Needed
• Installation
• Configuration
• Usage
  • Run Updater Immediately
  • Schedule Updater
  • CLI Options
• Supported Platforms
• Contributing
• License

Features

• Supports Multiple Package Managers: Works seamlessly with npm, Yarn, and pnpm.
• Customizable Update Schedules: Schedule automated updates using cron expressions.
• Integration with Major VCS Platforms: Supports GitHub, GitLab, and Bitbucket.
• Automated Changelog Summaries: Includes changelog summaries in pull/merge requests.
• Notifications: Sends email notifications on update statuses and failures.
• Semantic Versioning Categorization: Automatically handles minor and patch updates while alerting for major updates requiring manual review.

Why It’s Needed

Keeping dependencies up-to-date is essential for:

• Security: Reduces vulnerabilities by patching known issues.
• Performance: Enhances application performance with optimized dependencies.
• Maintenance: Saves time by automating the tedious process of dependency management.
• Compliance: Ensures compatibility with the latest standards and practices.

Automating this process helps developers maintain their projects efficiently and minimizes the risk of outdated or vulnerable dependencies.

Installation

You can install the Automated Dependency Updater globally or use it via npx.

Using npm

npm install -g automated-dependency-updater

Using Yarn

yarn global add automated-dependency-updater

Using pnpm

pnpm add -g automated-dependency-updater

Using npx

You can run the updater without installing it globally:

npx automated-dependency-updater run

Configuration

Before using the updater, you need to configure environment variables for authentication and repository details.

1. Copy .env.example to .env

cp .env.example .env

2. Populate the .env File

Open the .env file and fill in the required details:

# GitHub Configuration
GITHUB_TOKEN=your_github_token
GITHUB_OWNER=your_github_username
GITHUB_REPO=your_repo_name
GITHUB_BASE_BRANCH=main

# GitLab Configuration
GITLAB_TOKEN=your_gitlab_token
GITLAB_PROJECT_ID=your_gitlab_project_id
GITLAB_BASE_BRANCH=main

# Bitbucket Configuration
BITBUCKET_TOKEN=your_bitbucket_token
BITBUCKET_WORKSPACE=your_bitbucket_workspace
BITBUCKET_REPO_SLUG=your_repo_slug
BITBUCKET_BASE_BRANCH=main

# Email Configuration
EMAIL_USER=your_email@example.com
EMAIL_PASS=your_email_password
NOTIFICATION_EMAIL=notify@example.com

# Platform Configuration
PLATFORM=github  # Options: github, gitlab, bitbucket

🔑 Important:

• Tokens and Permissions:
  • GitHub Token: Should have repo and workflow scopes.
  • GitLab Token: Should have api scope.
  • Bitbucket Token: Should have appropriate repository access scopes.
• Email Credentials: Use application-specific passwords if using services like Gmail.
• Security: Never commit your .env file to version control. Consider using secret management tools for enhanced security.

Usage

The CLI tool offers various commands and options to manage dependency updates effectively.

Run Updater Immediately

Execute the updater to check for outdated dependencies and create pull/merge requests.

dep-updater run

Or using npx:

npx automated-dependency-updater run

Schedule Updater

Schedule the updater to run automatically at specified intervals using cron expressions.

dep-updater schedule "0 0 * * SUN"

This example schedules the updater to run every Sunday at midnight.

Or using npx:

npx automated-dependency-updater schedule "0 0 * * SUN"

CLI Options

Enhance the functionality with additional options:

• Specify Platform:

  Define the platform (github, gitlab, bitbucket) for pull/merge request creation.

  dep-updater run --platform gitlab

• Enable Verbose Logging:

  Enable detailed logs for better insight during the update process.

  dep-updater run --verbose

• Combine Options:

  Use multiple options simultaneously for tailored operations.

  dep-updater run --platform bitbucket --verbose

Default Command

You can also run the updater without specifying the run command explicitly:

dep-updater

Or using npx:

npx automated-dependency-updater

Supported Platforms

The updater supports integration with the following Version Control Systems (VCS) platforms:

• GitHub: Create Pull Requests.
• GitLab: Create Merge Requests.
• Bitbucket: Create Pull Requests.

Ensure you have the necessary tokens and permissions configured in your .env file for the respective platforms.

Contributing

Contributions are welcome! Follow these steps to contribute to the project:

1. Fork the Repository

2. Clone Your Fork

   git clone https://github.com/AAGAM17/automated-dependency-updater.git
   cd automated-dependency-updater

3. Install Dependencies

   npm install

4. Create a Feature Branch

   git checkout -b feature/YourFeatureName

5. Commit Your Changes

   git commit -m "Add Your Feature"

6. Push to Your Fork

   git push origin feature/YourFeatureName

7. Open a Pull Request

   Visit the original repository and create a pull request from your fork.

Guidelines:

• Code Quality: Ensure your code follows the project's coding standards and passes all tests.
• Documentation: Update the README.md and other relevant documentation as needed.
• Tests: Add or update tests to cover your changes.

License

This project is licensed under the MIT License.

---