Frequent updates

[sefinek24]

Why is this module updated so often? Doesn't it sometimes border on some kind of paranoia?

[raineorshine]

Why is this module updated so often?

Sometimes people report bugs, sometimes they request or submit a PR for a new feature, sometimes a new version of node or npm or a dependency breaks some functionality. Addressing these issues ensures the library is stable and can be relied upon for its roughly 385,000 weekly downloads.

Doesn't it sometimes border on some kind of paranoia?

The thing is, if I don't update npm-check-updates frequently the aliens will kill me. So far I'm safe, so my frequent updates seem to be working to appease them.

[sefinek24]

Express.js has more downloads and doesn't receive updates as frequently. Despite that, it still functions normally. To me, it's just plain paranoia.

[nicolas-goudry]

Just stepping in because I believe that regularly upgrading a library which goal is to upgrade your dependencies is just plain normal (+ everything the core maintainer already stated, specifically about the aliens).

[sefinek24]

And if it's not updated, what will happen? Because I don't quite understand

[nicolas-goudry]

Bugs, incompatibilities with other libraries, vulnerabilities, and maybe more. You may not be affected, but others may.

[sefinek24]

Bugs

Bugs don't appear on their own, especially in npm modules. If someone reports them, that's fine by me. After all, every creator strives to improve their product, package, or software.

incompatibilities with other libraries

Each npm module has its separate folder on the workstation: node_modules/npm-check-updates, so I'm not sure what specific incompatibilities you're talking about.

vulnerabilities

Security gaps? Again, the same question - what exact vulnerabilities and what can they relate to? It's npm's responsibility to ensure server security, not the client/user in this case. What HTTP requests does the module send to the server?

and maybe more

So, what exactly does that mean? Updating the module all the time is cumbersome. No npm module has over 400 releases, and the fact that it has 300k downloads doesn't change anything. I'm also a creator of APIs and other software, and I don't have the paranoia of the publishing new versions somehow.

By the way, why do you intervene in discussions when this question was directed straight to the creator?

You may not be affected, but others may.

From what I can see, 'Issues' are not frequently published here. So why are these updates being released? Only to waste time on updating this? Does the author of this suffer from some illness?

[raineorshine]

The users of npm-check-updates have diverse needs. While some simply use the default functionality, others incorporate npm-check-updates into build and deploy processes. I've strived to allow a wide range of customizability while keeping a clean output and intuitive defaults.

For example, v16.13.0 added an --install option so that users have more control over the auto-install suggestion. This is not essential by any means, but I like that it reduces the friction felt by some users. v16.13.1 was released to fix a small bug in the implementation.

Other examples:

• v16.12.3 fixed an issue with the --format repo option when used with workspaces.
• v16.2.2 reorganized the staticRegistry API so that it could be used in conjunction with custom package managers.
• v16.11.2 fixed a bug with the --enginesNode option.

The updates are all made for specific purposes. As much as I love coding, I wouldn't make changes if there wasn't a reason. Being responsive, fixing issues quickly, and supporting a wide variety of behavior is a rewarding aspect of open source development for me.