Dependency updates are like cleaning your desk — you know it’s important, but it’s easy to delay.
That’s why I built danger-plugin-npm-check-updates inspired by npm-check-updates — a Danger JS plugin that checks for outdated npm packages during your CI workflow, so you can spot version drifts before they become problems.
💡 Think of it as a “dependency assistant” that leaves a PR comment when something’s outdated.
Key Features
- Supports Private Packages
- Works with Monorepos (e.g., Lerna, Nx)
- Handles Lockfiles (
package-lock.jsonoryarn.lock) - Configurable timeout, filters, and semver levels
Installation
Install it with yarn or npm:
yarn add danger-plugin-npm-check-updates --devor
npm install --save-dev danger-plugin-npm-check-updatesBasic Usage
Your dangerfile.js could look like this:
import { schedule } from 'danger'
import path from 'path'
import npmCheckUpdates from 'danger-plugin-npm-check-updates'
// Note: You need to use schedule()
schedule(npmCheckUpdates({
monorepo: true, // optional
timeout: 5000, // optional
packageFile: path.join(__dirname, './package.json'), // optional
}))When your CI runs, Danger will check your dependencies and leave a comment in the PR like:
Why I Built This
I often found myself running npx npm-check-updates manually before releases.
In large monorepos, that’s repetitive and error-prone.
With this plugin, CI does the heavy lifting — it checks updates automatically and posts feedback in PRs.
It turns dependency management from a chore into part of your CI hygiene.
Takeaway
Small automation like this saves mental bandwidth.
The less you worry about dependency versions, the more you can focus on shipping features.
Code clean. Coffee strong. Dependencies fresh. ☕
rizalibnu
Keeping Dependencies in Check — Automatically, with `danger-plugin-npm-check-updates`
Keep your dependencies healthy with danger-plugin-npm-check-updates. Learn how this plugin helps automate npm update checks across monorepos, private packages, and CI pipelines.
