A包最新版本依赖B包1.0
B包最新版本为2.0
使用taze升级B包
pnpm install 的时候才能发现依赖版本错误

举个例子：
@vue/eslint-config-typescript 包最新版本时 10.0.0 依赖 eslint-plugin-vue@^8
eslint-plugin-vue 最新版本升级到9了，@vue/eslint-config-typescript 没有更新

taze latest 时能否加个额外选项把依赖有冲突的版本过滤掉？

Describe the bug

Hello,

I noticed this warning message when installing dependencies in a project using taze (Vitesse in my case) :
 WARN  deprecated [email protected]: This module is not used anymore. npm config is parsed by npm itself and by @npmcli/config

I was able to reproduce the issue by doing the following

• Initializing a vite project pnpm create vite
• I selected the following options: Vue, Typescript
• I used pnpm install
• I added taze with pnpm i taze
• The warning message mentionned above was displayed

I added a reproduction repo, please note that pnpm-lock.yaml should be deleted in order for the resolution step to work and the warning message to be displayed. Deleting pnpm-lock.yaml and using pnpm i triggers the warning message.

As a side note, I think this is my first issue on Github, is the type of the issue I selected correct?

Reproduction

https://github.com/aymeric35/taze-reproduction-libnpmconfig

System Info

System:
    OS: Windows 10 10.0.19044
    CPU: (8) x64 Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
    Memory: 8.33 GB / 15.94 GB
  Binaries:
    Node: 16.14.0 - C:\Program Files\nodejs\node.EXE
    npm: 8.11.0 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (106.0.1370.47)
    Internet Explorer: 11.0.19041.1566

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

[SUGGESTION]

taze --all should list all packages and their current version

for example:

taze latest

A        ~2.3y         ^16.13.0  →   ^17.0.2   ~5mo
B        ~3.2y           ^5.7.2  →    ^7.4.0   ~1mo

if it can do:

taze latest --sort-outdate-desc

that would be:

B        ~3.2y           ^5.7.2  →    ^7.4.0   ~1mo
A        ~2.3y         ^16.13.0  →   ^17.0.2   ~5mo

Hi,

Can we please update taze as the suggested are either old or need to be changed?

Thanks!

+ taze 0.4.5

dependencies are already up-to-date in one package
 WARN  deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142
 WARN  deprecated [email protected]: this library is no longer supported
 WARN  deprecated [email protected]: Please upgrade  to version 7 or higher.  Older versions may use Math.random() in certain circumstances, which is known to be problematic.  See https://v8.dev/blog/math-random for details.

support change registry in command line.

and also can get registry from npmrc/yarnrc

It looks like emoji is not a good choice for selecting and helping with text that is displayed overlapping on my computer.

environment: macOS 12.4
shell: zsh

on terminal.app:

on iTerm2:

VSCode (xterm.js):

Using text selectors (like npm-check) should ensure consistent display on all terminal

Describe the bug

When using linked packages in the package.json, errors are thrown while taze checks for updates.
Linked local libs:

When running taze:

Reproduction

Any repo with linked packages

System Info

System:
    OS: Windows 10 10.0.19044
    CPU: (8) x64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz
    Memory: 18.70 GB / 31.94 GB
  Binaries:
    Node: 16.16.0 - C:\dev\nodejs\node.EXE
    npm: 8.16.0 - C:\dev\nodejs\npm.CMD
  Browsers:
    Chrome: 106.0.5249.103
    Edge: Spartan (44.19041.1266.0), Chromium (106.0.1370.37)
    Internet Explorer: 11.0.19041.1566

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Clear and concise description of the problem

Would love to see an option to display more details for each package, like the way pnpm outdated --long produces.

Suggested solution

Add a new option -l, --long to display the details for packages that have newer versions available.

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Describe the bug

for example package: @yutengjing/tsconfig-node.
There is already version: v0.0.3, but taze can't find the upgarde.

Reproduction

https://stackblitz.com/edit/node-cyyrfx?file=package.json

System Info

System:
    OS: Linux 5.0 undefined
    CPU: (8) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 0 Bytes / 0 Bytes
    Shell: 1.0 - /bin/jsh
Binaries:
    Node: 16.20.0 - /usr/local/bin/node
    Yarn: 1.22.19 - /usr/local/bin/yarn
    npm: 9.4.2 - /usr/local/bin/npm
    pnpm: 8.6.3 - /usr/local/bin/pnpm

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Should not fail on version with *

  "dependencies": {
    "esbuild": "^0.11.5"
  },
  "description": "",
  "devDependencies": {
    "svelte": "^3.35.0",
    "@nbhr/utils": "0.0.16",
    "@types/node": "*",
    "rimraf": "*",
    "ts-standard": "*",
    "tsup": "*",
    "typescript": "*"
  },

❯ taze -w
TypeError: Invalid Version: *
    at new SemVer (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\node_modules\semver\classes\semver.js:38:13)
    at compare (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\node_modules\semver\functions\compare.js:3:32)
    at Object.gt (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\node_modules\semver\functions\gt.js:2:29)
    at resolveDependency (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\dist\chunk-GQ3UYB63.js:337:41)
    at async C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\dist\chunk-GQ3UYB63.js:352:17
    at async Promise.all (index 3)
    at async resolvePackage (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\dist\chunk-GQ3UYB63.js:359:20)
    at async CheckSingleProject (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\dist\chunk-GQ3UYB63.js:387:3)
    at async CheckPackages (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\dist\chunk-GQ3UYB63.js:376:5)
    at async check (C:\Users\Alexander\AppData\Roaming\npm\node_modules\taze\dist\cli.js:227:3)

In a repo I'm working on, we have PHP dependencies in a /vendor directory. Some of these dependencies include NPM packages in them - so when doing taze major -r in the directory, it checks those packages too. I can't seem to find a way to ignore them. If there is a way, it isn't documented I think?

I think a --ignore "**/glob/**","**/glob2/**" sort of syntax would work great.

Hi!

I'm a big fan of npm-check-updates and I love some of the features in taze (like the display of time) but I use the -i option in ncu, this option ask the user if wanna install each update one by one, so can pick freely.

Maybe can be implemented in taze with a interactive write?

Thanks!

P.D: this project doesn't have channel is your discord, right?

Hey, thanks for this amazing package, but I found that it takes 30 seconds to install dependencies when executing npx taze. Is it possible to bundle all the used dependencies to reduce the waiting time:

I'm not sure if moving the dependencies directly from dependencies to devDependencies and then building would break something, maybe an alpha version would be needed to test?

Clear and concise description of the problem

Sometimes you have packages you don't wanna major update but minor update.

Suggested solution

Add a section to .tazerc.json which is called packageModes where user can set modes for single packages.

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Describe the bug

Reproduction

https://stackblitz.com/edit/vitejs-vite-aqrb1f?file=taze.config.js

System Info

System:
    OS: macOS 14.1.1
    CPU: (8) arm64 Apple M1 Pro
    Memory: 135.58 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 18.18.2 - ~/.nvm/versions/node/v18.18.2/bin/node
    Yarn: 1.22.19 - ~/.nvm/versions/node/v18.18.2/bin/yarn
    npm: 9.8.1 - ~/.nvm/versions/node/v18.18.2/bin/npm
    pnpm: 8.4.0 - ~/.nvm/versions/node/v18.18.2/bin/pnpm
  Browsers:
    Chrome: 119.0.6045.159
    Safari: 17.1

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Clear and concise description of the problem

Hi, I'm using taze to bump up my vitepress project but as the vitepress now has version format as 1.0.0-rc.34, it seems taze cannot keep tracking the updates on this format.

Suggested solution

NaN

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

// package.json
devDependencies: {
  "@vueuse/nuxt": "^8.7.4",
  "testpackage": "0.0.1"
}

// terminal
taze major
› - 1 patch

@vueuse/nuxt  dev  ~9d  ^8.7.4  →  ^8.7.5  ~5d

ERROR

> testpackage not found

Run taze -w to write package.json

taze -w
› - 1 patch

@vueuse/nuxt  dev  ~9d  ^8.7.4  →  ^8.7.5  ~5d

ERROR

> testpackage not found

ℹ changes wrote to package.json, run npm i to install updates.


taze major
dependencies are already up-to-date

When I run taze -w to update the versions of all packages in the package, and run taze major again, taze can no longer find the non-existent test package I wrote in the package.

Clear and concise description of the problem

First of all thx you for the amazing tools =)

I would like to have an option to upgrade dependencies one by one and run a command after it (like npx taze --oneByOne --command npm run test).

We could also provide a command for committing just after upgrade with a custom message (like npx taze --oneByOne --commit 'chore: upgrade %n %cv to %v' where %n is the package name %cv is the current version and %v is the updated version)

I think the option --command can be globaly available (chainable with other options) since you might want to run a command juste after and upgrade and roll back if this command fail.

Option --commit should only be available with the --oneByOne option.

(feel free to change options name and send me feedback on it)

Suggested solution

If you like the idea I can try to implement it =)

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Clear and concise description of the problem

I maintain some pkg in my work and when upgrade the deps of devDependencies and dependencies I always forgot to match the peerDependencies with the new devDependencies.

Suggested solution

Include the packages in peerDependencies in the list of packages to check and update.

Maybe include in the -D param or create a new one -P --peer

Alternative

Update the list with copy paste the devs that include

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Clear and concise description of the problem

In order to be able to run taze in CI (for example in a GitLab CI scheduled job), an option to exit with a status code of 1 when some outdated dependencies are found would be handy.

Suggested solution

Example (not sure of the flag name):

# will exit with status 1 if outdated dependencies were found
taze major --fail-on-outdated

Or using taze.config.js:

import { defineConfig } from 'taze'

export default defineConfig({
  // ...
  failOnOutdated: true,
  // ...
})

Alternative

The actual alternative would be to test if the output is more than one line, which is kinda hackish:

outdated=$(taze major)
echo $outdated

if (( $(grep -c . <<<"$outdated") > 1 )); 
  exit 1
else
  exit 0
fi

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Describe the bug

As it says in readme, all options command supported are also supported by defineConfig function.

However the generic type of defineConfig is CommonOptions which doesn't cover all command options.

https://github.com/antfu/taze/blob/b2f8bdd9a69e5b3c66343887faa4094d9ffcce45/src/index.ts#L9

Create a taze.config.ts file with content from https://github.com/antfu/taze#config-file will repro the issue.

Reproduction

https://github.com/antfu/taze#config-file

System Info

none.

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

I suggest doing this which may be more like newest means. Or may I ask why it is using the hard-coded next tag for this mode?

Clear and concise description of the problem

my yarn version in package.json in project root folder is "packageManager": "[email protected]+sha256.732620bac8b1690d507274f025f3c6cfdc3627a84d9642e38a07452cc00e0f2e"

when i run npx taze -r -w, the packageManager was replaced to "packageManager": "[email protected]"

i hope i can ignore packageManager check but still check for deps in "dependencies" and "devDependencies" in package.json

Suggested solution

Will the --exclude parameter solve my problem?

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Hey, so I wanted to try this out because it looks cool, but I don't have pnpm installed. Because of the preinstall hook, npx taze doesn't seem to work for me:

Not sure if this is deliberate, so I thought I'd open an issue.

package: https://www.npmjs.com/package/prisma

Describe the bug

https://github.com/antfu/taze/blob/97b2a4a18e1faa6b79310354709923a4d01ddacb/src/io/resolves.ts#L184-L188

Not sure if it's a bug or design

Reproduction

https://stackblitz.com/edit/stackblitz-starters-hjqpp7?file=taze.config.js

System Info

System:
    OS: macOS 14.1.1
    CPU: (8) arm64 Apple M1 Pro
    Memory: 74.67 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 18.18.2 - ~/.nvm/versions/node/v18.18.2/bin/node
    Yarn: 1.22.19 - ~/.nvm/versions/node/v18.18.2/bin/yarn
    npm: 9.8.1 - ~/.nvm/versions/node/v18.18.2/bin/npm
    pnpm: 8.4.0 - ~/.nvm/versions/node/v18.18.2/bin/pnpm
  Browsers:
    Chrome: 119.0.6045.159
    Safari: 17.1

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Describe the bug

I just ran npx taze major -wi, disabled my VPN while it was in the process, and then it basically stopped progressing indefinitely

Reproduction

any repo with some outdated dependencies

System Info

System:
    OS: Linux 5.19 Arch Linux
    CPU: (24) x64 AMD Ryzen 9 3900X 12-Core Processor
    Memory: 3.60 GB / 31.27 GB
    Container: Yes
    Shell: 5.9 - /usr/bin/zsh
  Binaries:
    Node: 16.16.0 - /usr/bin/node
    Yarn: 1.22.19 - /usr/bin/yarn
    npm: 8.19.1 - /usr/bin/npm
  Browsers:
    Brave Browser: 105.1.43.89
    Chromium: 105.0.5195.102
    Firefox: 104.0.2

Used Package Manager

yarn

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Clear and concise description of the problem

I would like to split out dev dependency updates from dependency updates, since devDeps should be less volatile if an upgrade goes bad.

Suggested solution

Add a flag that controls this behavior --type: "all" | "devDep" | "dep"

Alternative

• Manually selecting the packages that I can see are sorted into the "dep" and "devDep" fields in my package.json
• Just upgrading everybody at once

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Clear and concise description of the problem

Many times when working in a big monorepo I want to only select a few updates using interactive mode. This means I have to manually deselect the deps I want to exclude.

Suggested solution

I'd love to have a keybind to quickly toggle selecting all deps. Pnpm's interactive upgrade mode has similar functionality bound to a. If people are interested, I'd be willing to create a PR for this

Alternative

No response

Additional context

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Describe the bug

After running taze, I get this eslint error:

error  Expected object keys to be in ascending order. '3dmol' should be before '@atomistics/xyz'  jsonc/sort-key

If I start with these dependencies:

"dependencies": {
    "3dmol": "^2.0.3",
    "@atomistics/xyz": "^1.0.0",
    "@vueuse/core": "^10.1.2",
    "date-fns": "^2.30.0",
}

after I run taze, they end up like this:

"dependencies": {
    "@atomistics/xyz": "^1.0.0",
    "@vueuse/core": "^10.1.2",
    "3dmol": "^2.0.3",
    "date-fns": "^2.30.0",
}

which causes the jsonc/sort-key linter error.

Looks like taze is sorting numbers after symbols, whereas jsonc/sort-key is expecting symbols first.

If you look at the reproduction repo: https://github.com/dflock/vitesse-jsonc-sort-keys-repro - this is a fork of vitesse, where I've run the following command (which you can see in the git log):

• pnpm i
• pnpm upgrade pnpm taze
• pnpm run lint

eslint succeeds. Then I ran this to install a module with a name starting with a number:

• pnpm add 3dmol
• pnpm run lint

eslint succeeds. Then I ran this to run taze:

• pnpm run up
• pnpm run lint

and I get this:

❯ pnpm run lint

> @ lint C:\Users\DuncanLock\dev\vitesse-jsonc-sort-keys-repro
> eslint .

=============

WARNING: You are currently running a version of TypeScript which is not officially supported by @typescript-eslint/typescript-estree.

You may find that it works just fine, or you may not.

SUPPORTED TYPESCRIPT VERSIONS: >=3.3.1 <5.1.0

YOUR TYPESCRIPT VERSION: 5.1.3

Please only submit bug reports when using the officially supported version.

=============

C:\Users\DuncanLock\dev\vitesse-jsonc-sort-keys-repro\package.json
  24:5  error  Expected object keys to be in ascending order. '3dmol' should be before '@vueuse/head'  jsonc/sort-keys

✖ 1 problem (1 error, 0 warnings)
  1 error and 0 warnings potentially fixable with the `--fix` option.

 ELIFECYCLE  Command failed with exit code 1.

Reproduction

https://github.com/dflock/vitesse-jsonc-sort-keys-repro

System Info

System:
    OS: Windows 10 10.0.19045
    CPU: (16) x64 Intel(R) Core(TM) i7-10700T CPU @ 2.00GHz
    Memory: 14.34 GB / 31.71 GB
  Binaries:
    Node: 18.16.0 - ~\scoop\apps\nodejs-lts\current\node.EXE
    npm: 9.5.1 - ~\scoop\apps\nodejs-lts\current\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (114.0.1823.37)
    Internet Explorer: 11.0.19041.1566

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Clear and concise description of the problem

"pnpm": {
    "overrides": {
      "vite": "^4.4.1",
      "@vitejs/plugin-vue": "^4.2.3"
    }
  },

每次这种都需要手动修改

Suggested solution

建议支持下

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Hello.,

I noticed that there is an unrecognized symbol in windows when the latest update is less than a day. Please see below.

I digged in the code and found that is supposed to use this symbol "⩽" which I think windows does not like it.

Can I create a PR to change it to "<="? Or maybe any other suggestion that you prefer?

Describe the bug

When using overrides in package.json taze always fails with TypeError: currentVersion.startsWith is not a function.

{
   // ...
  "overrides": {
    "vue3-perfect-scrollbar": {
      "postcss-import": "13.0.0"
    }
  }
}

Reproduction

In description

System Info

System:
    OS: Linux 6.2 Ubuntu 22.04.3 LTS 22.04.3 LTS (Jammy Jellyfish)
    CPU: (12) x64 13th Gen Intel(R) Core(TM) i5-1335U
    Memory: 21.07 GB / 31.03 GB
    Container: Yes
    Shell: 5.8.1 - /usr/bin/zsh
Binaries:
    Node: 20.6.0 - ~/.nvm/versions/node/v20.6.0/bin/node
    npm: 9.8.1 - ~/.nvm/versions/node/v20.6.0/bin/npm

Used Package Manager

npm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Describe the bug

It looks like taze minor and taze major interpret minor changes differently when the major version is 0; I think this is unexpected behavior, but let me know if it is meant to be this way!

In the repro:

❯ npx taze minor
success Install finished in 5.57s

dependencies are already up-to-date

~/projects/node-ugjrw2 7s
❯ npx taze major
success Install finished in 5.601s


node-starter - 1 minor

  vitest  dev  ~2mo  ^0.23.4  →  ^0.25.3  ~6d  


Add -w to write package.json

Reproduction

https://stackblitz.com/edit/node-ugjrw2?file=package.json&view=editor

System Info

❯ npx envinfo --system --binaries --browsers
success Install finished in 6.376s


  System:
    OS: Linux 5.0 undefined
    CPU: (8) x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
    Memory: 0 Bytes / 0 Bytes
    Shell: 1.0 - /bin/jsh
  Binaries:
    Node: 16.14.2 - /usr/local/bin/node
    Yarn: 1.22.19 - /usr/local/bin/yarn
    npm: 7.17.0 - /usr/local/bin/npm

Used Package Manager

npm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Describe the bug

Error when pnpm patch exists
Error Info: Either remove them from "patchedDependencies" or update them to match packages in your dependencies.

`
my package.json

"dependencies": { .... },
"devDependencies": { ... },
"pnpm": {
"patchedDependencies": { ... }
}
`

Reproduction

none

System Info

System:
    OS: macOS 13.2.1
    CPU: (8) arm64 Apple M1 Pro
    Memory: 41.03 MB / 16.00 GB
    Shell: 5.8.1 - /bin/zsh
Binaries:
    Node: 16.20.2 - /opt/homebrew/bin/node
    Yarn: 1.22.19 - /opt/homebrew/bin/yarn
    npm: 8.19.4 - /opt/homebrew/bin/npm
    pnpm: 8.11.0 - /opt/homebrew/bin/pnpm
Browsers:
    Chrome: 120.0.6099.129
    Safari: 16.3

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Clear and concise description of the problem

Support for installing missing types packages.

Suggested solution

There could an option to specify if missing typings should also be installed.

Alternative

Just as typesync

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

I use pnpx taze major -w regularly to have the most recent versions of vue, vite and it's plugins. It worked perfectly with taze v.0.4.2, but today I see the version is 0.4.3 and the command stopped working. It loads, shows the version and then just silently exits. I've checked – there are definitely some deps to be updated. So it's some bug introduced just recently.

My version of a package is ^1.0.0-alpha2, by running npx taze it tried to guide me changing to version ^1.0.0-draft.8, however this is an older version.

I use tabs for indent all my code and taze always change it to 2 spaces, so the ideal would be to preserve the actual indent of the original package.json.

I can make the PR, but I like to ask first just in case 😄

Hello! I was going to make a PR on this matter but I'd rather make an issue for discussion first.

The problem at hand is the following error:

> erlpack has an unresolvable version range: github:discord/erlpack

How should taze handle git dependencies? I'm assuming it should ignore them entirely considering they're always up-to-date.
If necessary, we could use https://github.com/pnpm/pnpm/tree/main/packages/git-resolver to parse git deps.

Clear and concise description of the problem

There is no way to check updates for packages installed in a global scope (npm/pnpm install * -g).

Suggested solution

Add -g option to check/write updates for packages installed globally.

Alternative

No response

Additional context

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

running npx taze major -w returns timeout

Additional context

Hello, in the readme description, you mentioned that the word "taze" comes from the Turkish language. However, the root of this word is from the Persian language.

source

Thank you.

I'm not entirely sure if this is the correct and intended way, or it's a mistake. But when I run taze major, the command prints:

Run taze -w to write package.json

And as you know this (taze -w) doesn't use major. So I'm assuming the print should be :

Run taze major -w to write package.json

Clear and concise description of the problem

Adding a parameter to exclude a path when using it in a monorepo.

Suggested solution

Equivalent to the include and exclude parameterr I would suggest the following conversion:
taze --ignore __OLD__/,ignoreMe/

Alternative

No response

Additional context

In our monorepo we have a few projects that we want to explicitly exclude because they are not to be upgraded.

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that request the same feature to avoid creating a duplicate.

Describe the bug

PNPM warns of a deprecated transitive dependency @npmcli/[email protected]
If upgrading dependencies will remove this warning please do that

PS D:\> pnpm i -g taze
 WARN  deprecated @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
Already up to date
Progress: resolved 573, reused 543, downloaded 0, added 0, done
Done in 5.4s
PS D:\> pnpm why @npmcli/[email protected] -g
Legend: production dependency, optional only, dev only

C:\Users\Dimava\AppData\Local\pnpm\global\5

dependencies:
taze 0.9.1
└─┬ pacote 13.6.2
  ├─┬ @npmcli/run-script 4.2.1
  │ └─┬ node-gyp 9.3.1
  │   └─┬ make-fetch-happen 10.2.1
  │     └─┬ cacache 16.1.3
  │       └── @npmcli/move-file 2.0.1
  ├─┬ cacache 16.1.3
  │ └── @npmcli/move-file 2.0.1
  └─┬ npm-registry-fetch 13.3.1
    └─┬ make-fetch-happen 10.2.1
      └─┬ cacache 16.1.3
        └── @npmcli/move-file 2.0.1

Reproduction

pnpm i -g taze && pnpm why @npmcli/[email protected] -g

System Info

System:
    OS: Windows 10 10.0.19044
    CPU: (8) x64 Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz   
    Memory: 962.90 MB / 7.84 GB
  Binaries:
    Node: 18.16.0 - ~\AppData\Local\nvs\default\node.EXE     
    npm: 9.5.1 - ~\AppData\Local\nvs\default\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (112.0.1722.58)
    Internet Explorer: 11.0.19041.1566

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

https://pnpm.io/workspaces#workspace-protocol-workspace

Currently taze shows an error of not being able to resolve the version string:

> pkg has an unresolvable version range: workspace:*

It will be ok to just ignore them because they are meant to be used in monorepo and not to be updated automatically.

Describe the bug

执行 taze -rI major -f ，上下移动进行选择时出现终端闪烁问题
There is a terminal flashing issue when executing taze -rI major -f while moving up and down for selection

VSCode Terminal testing

Warp 测试（使用 Warp 执行也是一样的，应该不是命令行工具的问题）

Warp testing (using Warp to execute is also the same, it should not be a problem with command-line tools)

prompts （2.4.2）Demo测试（没有出现闪烁现象，应该不是 promps 的 bug）

prompts （2.4.2） Demo test (no flickering phenomenon, it should not be a bug in prompts)

Reproduction

taze -rI major -f

System Info

node       v18.18.2
taze       0.13.3
prompts    2.4.2
zsh 5.9    (x86_64-apple-darwin23.0)

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.

Describe the bug

According with npm/pnpm's default sorting and jsonc/sort-keys, hypen should come before underscore, however, after running taze on the project, the underscore comes before hyphen and causes lint error:

Example packages for reproduction:
fast-equals, fast-xml-parser, fast_array_intersect
Open the reproduction link and run pnpx taze -w

Though, not sure if it's just ignoring hyphen/underscore and just compares the letters or is sorting the underscore first

Reproduction

https://stackblitz.com/edit/node-dqvwar?file=package.json&view=editor

System Info

System:
    OS: Windows 10 10.0.22621
    CPU: (16) x64 AMD Ryzen 7 5700U with Radeon Graphics
    Memory: 2.43 GB / 13.85 GB
  Binaries:
    Node: 18.14.0 - D:\Softwares\nodejs\node.EXE
    Yarn: 1.22.19 - D:\Softwares\nodejs\_npm\yarn.CMD
    npm: 9.3.1 - D:\Softwares\nodejs\npm.CMD

Browsers:
Chrome: 102
Firefox: latest

Used Package Manager

pnpm

Validations

• Follow our Code of Conduct
• Read the Contributing Guide.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Check that this is a concrete bug. For Q&A, please open a GitHub Discussion instead.
• The provided reproduction is a minimal reproducible of the bug.