Nov 26 2013

Update Your Obsolete Packages

Published by at 10:34 pm under Technology   

A Great Solution…

Maven, Leiningen, Nuget, Gradle, NPM, and numerous other package/dependency management tools are very helpful for modern (or perhaps post-modern) development, which typically involves numerous library dependencies.

These tools implement a fundamentally good and important idea:

  1. List the packages, and versions, your package/application depends on. In a text file. In the project. Where it can be diffed and merged.
  2. Run a command, all the libraries are all fetched and made available.

All of the above tools default to fetching from open source software repositories. Some or all of them can be easily configured to perform the same job with internal, closed-source repositories if needed.

All of the above tools areĀ a large improvement over the bad old days, when adding a library meant a manual, recursive search of the internet for transitive dependencies.

… Leads to a New Problem

These tools make it so easy to “lock in” specific library versions, that projects can very easily fall far behind the current release versions of those libraries. To avoid this in our projects, a few times per year we upgrade all the libraries (timed to avoid doing it right before any important release dates).

I’ve seen this done by hand, looking up the current version of each library – and it is very tedious. Instead, a package/dependency manager ought to have an easy way to update versions. Sadly, as far as I know none of them have such a thing built in. Here are the addon tools I’ve found so far:

NPM

Use npm-check-updates. The built in “npm obsolete” sounds like it might do the right thing, but it doesn’t.

Leiningen

Use lein-ancient.

Maven

The Versions Plugin does the job.

Ruby

or

Bower

There are numerous Stack Overflow questions asking for this functionality, but it is not present. To some extent, “bower list” will show you packages for which newer versions are available, then you can manually update them in your bower.json file.

Cocoapods

Others?

If anyone knows of similar tools for other dependency managers, I’ll be happy to add them to this list.

 

If you found this post useful, please link to it from your web site, mention it online, or mention it to a colleague.

2 responses so far

2 Responses to “Update Your Obsolete Packages”

  1. Alexis Gallagher says:

    Cocoapods, the dependency management tool for iOS development, has the command “pod outdated”

  2. edbond says:

    You can add Ruby:

    gem outdated
    or
    bundle outdated

    Example output for bundler:
    Outdated gems included in the bundle:
    * actionmailer (4.0.1 > 3.2.10)
    * actionpack (4.0.1 > 3.2.10)
    * activemodel (4.0.1 > 3.2.10)
    * activerecord (4.0.1 > 3.2.10)