Codependence is a JavaScript utility for checking dependencies to ensure they're up-to-date or match a specified version.

Codependence updates package.json's dependencies based on a "codependencies" array of dependency names. The difference from {npm,pnpm} update or yarn upgrade is Codependence allows you to pin what you want and update the rest! Furthermore, Codependence works with monorepos and is package manager agnostic.

Readme more about Codependence why you might want to use it below!

Codependence can be used as a standalone CLI, in npm scripts or, secondarily, as node utility!

npm install codependence --save-dev

Pure CLI quick run

codependence --condependencies 'fs-extra' 'lodash'

Or use it with a config in the root package.json file

{
  "codependence": {
    "condependencies": ["fs-extra", "lodash"]
  },
  "scripts": {
    "update-codependencies": "codependence --update",
    "prepare": "npm run update-codependencies"
  }
}

Quickly setup Codependence in your project with the interactive init command:

# Interactive setup with permissive mode by default - recommended!
codependence init

# Create .codependencerc with all dependencies pinned (legacy mode)
codependence init rc

# Add configuration to package.json with all dependencies pinned (legacy mode)
codependence init package

The init command will:

• Default to permissive mode (update all dependencies to latest, except those you want to pin)
• Scan your package.json for dependencies
• Let you choose your dependency management strategy:
  • 🚀 Permissive mode (default/recommended): Update all to latest, pin specific ones
  • 🔒 Pin all mode: Keep all dependencies at current versions
• Create either a .codependencerc file or add config to package.json
• Provide clear next steps for running Codependence
• Handle edge cases like missing files or invalid JSON gracefully

Unit Tests:

bun test                    # Run all unit tests
bun test --coverage        # Run with coverage report

E2E Tests:

./tests/e2e/test-multilang.sh all    # Run all e2e tests (Node.js, Python, Go)

Codependence is built as a CLI-first, set-it-and-forget-it tool.

It is recommendeded to install and setup Codependence as a devDependency within your root package.json and use a codependence.codependencies array to define dependencies you need to keep updated or pinned to a specific version.

Furthermore, you can add a codependence.codependencies array to child packages' package.json in your monorepo to ensure specific dependencies are pinned to a specific versions within your monorepo packages.

Usage: program [options]

Codependency, for code dependency. Checks `codependencies` in package.json files to ensure dependencies are up-to-date

Options:
  -f, --files [files...]                      file glob pattern
  -u, --update                                update dependencies based on check
  -r, --rootDir <rootDir>                     root directory to start search
  -i, --ignore [ignore...]                    ignore glob pattern
  --debug                                     enable debugging
  --silent                                    enable mainly silent logging
  -cds, --codependencies [codependencies...]  a path to a file with a codependenies object
  -c, --config <config>                       accepts a path to a config file
  -s, --searchPath <searchPath>               a search path string for locationing config files
  -h, --help                                  display help for command

Although, Codependence is built to primarily be a CLI utility, it can be used as a node utility.

import codependence from "codependence";

const checkForUpdate = async () => {
  const isLatest = await codependence({
    codependencies: ["fs-extra", "lodash"],
  });
  if (!isLatest) {
    console.log("This repo is update-to-date");
  } else {
    console.error("This repo is not update-to-date");
  }
};

const updateAllExceptSpecific = async () => {
  await codependence({
    codependencies: ["react", "lodash"],
    permissive: true,
    update: true,
  });
};

checkForUpdate();

Codependence options can be used via CLI options, a config file read from the CLI, or with node by passing them into exported Codependence functions. Read more below!

A required option or *config array! Codependencies are required via being passed in an array as a cli option **or as within a codependence.codependencies array.

• The default value is undefined
• An array is required!

The Codependence codependencies array supports latest out-of-the-box.

So having this ["fs-extra", "lodash"] will return the latest versions of the packages within the array. It will also match a specified version, like so [{ "foo": "1.0.0" }] and [{ "foo": "^1.0.0" }] or [{ "foo": "~1.0.0" }]. You can also include a * at the end of a name you would like to match. For example, @foo/* will match all packages with @foo/ in the name and return their latest versions. This will also work with foo-*, etc.

Codependence is built in to give you more capability to control your dependencies!

You can add a codependence.codependencies array to child packages in your monorepo to ensure specific dependencies are pinned to a specific different versions within your monorepo packages.

You can have a package.json file in a @foo/bar package with following:

{
  "name": "@foo/bar",
  "dependencies": {
    "fs-extra": "^9.0.0",
  },
  "codependence": {
    "codependencies": [{ "fs-extra": "^9.0.0" }]
  }
}

And another package.json file in a @foo/baz package with following:

{
  "name": "@foo/baz",
  "dependencies": {
    "fs-extra": "^11.1.0",
  },
  "codependence": {
    "codependencies": [{ "fs-extra": "^11.1.0" }]
  }
}

Codependencies will install the right dependency version for each package in your monorepo!

Note: Codependencies can and will still install the expected version defined at the monorepo's root for packages that don't specify differences in their package.json files!

An optional array of strings to check for package.json files to update.

• The default value is ['package.json']
• This array accepts glob patterns as well, example ["package.json", "**/package.json"

An optional boolean which defines whether Codependence should update dependencies in package.json's or not.

• The default value is false

An optional string which can used to specify the root directory to run checks from;

• The default value is "./"

An optional array of strings used to specify directories to ignore

• The default value is ["node_modules/**/*", "**/node_modules/**/*"]
• glob patterns are accepted

An optional boolean value used to enable debugging output

• The default value is false

An optional boolean value used to enable a more silent developer experience

• The default value is false

An optional string containing a package to file which contains codependence config.

• The default is undefined

An optional string containing a search path for location config files.

• The default value is undefined

An optional boolean value used to enable *yarn config checking

• The default value is false

An optional boolean value used to update all dependencies to their latest versions except those specified in the codependencies array.

• The default value is false
• When set to true, all dependencies not listed in codependencies will be updated to their latest versions

Listed below are some common patterns (recipes) for using Codependence.

Starting out, you may not want a config object. Have no fear, Codependence can be used as a CLI utility ONLY!

codependence --codependencies 'lodash' '{ \"fs-extra\": \"10.0.1\" }'

codependence --codependencies '@foo/*' --update

codependence --codependencies 'react' 'lodash' --permissive --update

Codependence is a JavaScript utility CLI and node tool that compares a codependencies array against package.json dependencies, devDependencies, and peerDependencies for *codependencies.

For each dependency included in the codependencies array, Codependence will either a) check that versions are at latest or b) Check that a specified version is matched within package.json files. Codependence can either a) return a pass/fail result or b) update dependencies, devDependencies, and peerDependencies, in package.json file(s).

Codependence is useful for ensuring specified dependencies are up-to-date—or at a specified version within a project's package.json files(s)!

This utility is built to work alongside dependency management tools like dependabot. It could work instead of dependency management tool but is built for managing specific dependency versions vs all dependencies.

In example, if your repository requires the latest version and latest can't be specified as the dependency version within your package.json, Codependence will ensure your package.json has the actual latest semver version set in your package.json. It can/will do the same if an exact version is specified!

Codependence is a utility tool focused on a single task—managing specified dependency versions!

• It is built to work along side tools (like Dependabot) but it can also manage dependencies fully!
• It handles monorepos child package dependencies with ease and without package manager bias!
• It is as immediate as you want it to be, via npm install scripts and build pipeline tools, such as Husky
• It can be run along with npm scripts or in github actions

Codependence isn't for everybody or every repository. Here are some reasons why it might not be for you!

• You don't need intricate dependency version management
• You prefer specifying necessary dependencies with latest, or manually pinning, or using a tool like Dependabot's ignore spec within a dependabot.yml.

Check out Codependence in Action!

• Codependence Cron: Codependence running off a Github Action cron job.
• Codependence Monorepo: Codependence monorepo example.

If there is a .npmrc file, there is no issue with Codependence monitoring private packages. However, if a yarn config is used, Codependence must be instructed to run version checks differently.

• With the CLI, add the --yarnConfig option.
• With node, add yarnConfig: true to your options or your config.
• For other private package issues, submit an issue or pull request.

This project uses:

• Node.js 18.0.0+
• Bun 1.2.9+

We use mise to manage tool versions. If you have mise installed, it will automatically use the correct versions of Node.js and bun.

# Install mise if you don't have it
curl https://mise.run | sh

# Clone the repository
git clone https://github.com/yowainwright/codependence.git
cd codependence

# mise will automatically use the correct versions from .mise.toml
mise install

# Install dependencies
bun install

# Install Node.js 18.0.0+
nvm install 18

# Install bun
curl -fsSL https://bun.sh/install | bash

# Install dependencies
bun install

Contributing is straightforward.

• Sprinkle some context
• Can you submit a pull request if needed?

• Add a test (or a description of the test) that should be added
• Update the readme (if needed)
• Sprinkle some context in the pull request.
• Hope it's fun!

Thank you!

• Code:
  • add better spying/mocking (in progress)
  • add utils functions to be executed with the cli cmd (monorepo, cadence, all deps)
• Demo Repos
  • monorepo: present how codependence can work to support monorepo updates (in progress)
  • cadence: present how cadence can be implemented with codependence
• Documentation
  • write recipes section after the demo repos are complete (in progress)

Thanks to Dev Wells and Steve Cox for the aligned code leading to this project. Thanks Navid for some great insights to improve the api!

Made by @yowainwright, MIT 2022