New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Frequent updates #1320
Comments
Sometimes people report bugs, sometimes they request or submit a PR for a new feature, sometimes a new version of node or npm or a dependency breaks some functionality. Addressing these issues ensures the library is stable and can be relied upon for its roughly 385,000 weekly downloads.
The thing is, if I don't update npm-check-updates frequently the aliens will kill me. So far I'm safe, so my frequent updates seem to be working to appease them. |
Express.js has more downloads and doesn't receive updates as frequently. Despite that, it still functions normally. To me, it's just plain paranoia. |
Just stepping in because I believe that regularly upgrading a library which goal is to upgrade your dependencies is just plain normal (+ everything the core maintainer already stated, specifically about the aliens). |
And if it's not updated, what will happen? Because I don't quite understand |
Bugs, incompatibilities with other libraries, vulnerabilities, and maybe more. You may not be affected, but others may. |
Bugs don't appear on their own, especially in npm modules. If someone reports them, that's fine by me. After all, every creator strives to improve their product, package, or software.
Each npm module has its separate folder on the workstation:
Security gaps? Again, the same question - what exact vulnerabilities and what can they relate to? It's npm's responsibility to ensure server security, not the client/user in this case. What HTTP requests does the module send to the server?
So, what exactly does that mean? Updating the module all the time is cumbersome. No npm module has over 400 releases, and the fact that it has 300k downloads doesn't change anything. I'm also a creator of APIs and other software, and I don't have the paranoia of the publishing new versions somehow. By the way, why do you intervene in discussions when this question was directed straight to the creator?
From what I can see, 'Issues' are not frequently published here. So why are these updates being released? Only to waste time on updating this? Does the author of this suffer from some illness? |
The users of npm-check-updates have diverse needs. While some simply use the default functionality, others incorporate npm-check-updates into build and deploy processes. I've strived to allow a wide range of customizability while keeping a clean output and intuitive defaults. For example, Other examples:
The updates are all made for specific purposes. As much as I love coding, I wouldn't make changes if there wasn't a reason. Being responsive, fixing issues quickly, and supporting a wide variety of behavior is a rewarding aspect of open source development for me. |
Why is this module updated so often? Doesn't it sometimes border on some kind of paranoia?
The text was updated successfully, but these errors were encountered: