Dependency updates are like cleaning your desk — you know it’s important, but it’s easy to delay.
That’s why I built danger-plugin-npm-check-updates inspired by npm-check-updates — a Danger JS plugin that checks for outdated npm packages during your CI workflow, so you can spot version drifts before they become problems.
💡 Think of it as a “dependency assistant” that leaves a PR comment when something’s outdated.
⚙️ Key Features
- ✅ Supports Private Packages
- 📦 Works with Monorepos (e.g., Lerna, Nx)
- 🔒 Handles Lockfiles (
package-lock.jsonoryarn.lock) - ⏱️ Configurable timeout, filters, and semver levels
🧩 Installation
Install it with yarn or npm:
yarn add danger-plugin-npm-check-updates --devor
npm install --save-dev danger-plugin-npm-check-updates🚀 Basic Usage
Your dangerfile.js could look like this:
import { schedule } from 'danger'
import path from 'path'
import npmCheckUpdates from 'danger-plugin-npm-check-updates'
// Note: You need to use schedule()
schedule(npmCheckUpdates({
monorepo: true, // optional
timeout: 5000, // optional
packageFile: path.join(__dirname, './package.json'), // optional
}))When your CI runs, Danger will check your dependencies and leave a comment in the PR like:
🧠 Why I Built This
I often found myself running npx npm-check-updates manually before releases.
In large monorepos, that’s repetitive and error-prone.
With this plugin, CI does the heavy lifting — it checks updates automatically and posts feedback in PRs.
🧩 It turns dependency management from a chore into part of your CI hygiene.
✨ Takeaway
Small automation like this saves mental bandwidth.
The less you worry about dependency versions, the more you can focus on shipping features.
Code clean. Coffee strong. Dependencies fresh. ☕
rizalibnu
Keeping Dependencies in Check — Automatically, with danger-plugin-npm-check-updates
Keep your dependencies healthy with danger-plugin-npm-check-updates. Learn how this plugin helps automate npm update checks across monorepos, private packages, and CI pipelines.