Onwerk Blog

New version of npm module „versioneye-update“: Keeping globally installed npm packages up to date (English)

Zur deutschen Version dieses Artikels.
VersionEye is a big help for developers when it comes to keeping projects and components of your projects up to date. Public projects hosted in GitHub and Bitbucket repositories can be monitored out of the box. But for private projects or projects hosted on private repository server the package manager files have to be uploaded to the VersionEye platform manually.
This task can be automated by the npm-module versioneye-update which can upload the package manager file to VersionEye by using the command line, which makes perfect sense for the use in continuous integration systems like Jenkins.
We are using this approach in our customer projects to upload the package manager file to VersionEye with every Jenkins build: A very convenient way to keep track which project uses which components and which components should be updated. (Read the full story…)
versioneye-update“ has been updated to version 1.4 with some cool new features:

  • Support tracking of globally installed npm modules,
  • Creating VersionEye projects and
  • Configuration files.


Globally installed npm modules

npm can be used to install npm modules to packages (package.json), furthermore npm can be used to install npm modules globally with the command line flag "-g" for system wide usage. Usually this is the way to install „grunt“, „eslint“ or „npm“ itself.
These globally installed npm modules cannot be monitored. They are not updated with "apt-get" or any other system updates. This is usually not a problem on developer machines but it can lead to problems on servers without any interactive logins like Jenkins build server. „versioneye-update“ in the new version 1.4 can create a list of the globally installed npm modules and upload it as package file to VersionEye. VersionEye will send you a notification as soon as there is a new version of one of the globally installed modules available.
How to use „versioneye-update“ to track globally installed modules:
First, you have to create a project with VersionEye that contains the installed modules. This is done by creating a „pseudo“-package.json and uploading it to VersionEye. Use this command to create the project with VersionEye:
$ versioneye-update --apikey <APIKEY> --createproject --globalinstalls
This will create the project with VersionEye and also create a new file ".versioneye-update.json" in the current working directory containing the project ID of the just created VersionEye project.
After creating the project it can always be updated by using this command:
$ versioneye-update --apikey <APIKEY> --globalinstalls
You probably want to automate the update task by creating a cron job (Linux) or a scheduled task in Windows, that periodically updates the VersionEye project.
If there is any update available for one of the globally installed npm modules VersionEye will send you a notification.


Creating new VersionEye projects

With version 1.4 of „versioneye-update“ you can not only update VersionEye projects but also create them by using the command line parameter "--createproject". The new VersionEye project will be created regardless if the same package manager file already exists in VersionEye!
(Notice: The possibility to create VersionEye projects via web API is subject to the chosen billing plan. Not all billing plans allow the creation of projects!)
With the creation of a VersionEye project „versioneye-update“ will also create ".versioneye-update.json" file containing configuration parameters, for instance the project ID of the just created project. For security reasons the API key will never be written to this file by „versioneye-update„.
You can add the created file to your version control system/repository; this is the recommended way since the project id is the same for all developers and should be saved with the project. By doing so it can be used easily in a Jenkins build job.
You can create new VersionEye projects for package manager files (specified by using the "--file" command line option) as well as for globally installed packages (by using the "--globalinstalls" command line parameter). In the „package manager file mode” the file will be saved tot he directory also containing the package manager file; in the „global mode” the file ".versioneye-update.json" will be saved to the current working directory.
Please note: It is considered an error if the file already exists when calling „versioneye-update“ with the "--createproject" command line parameter and if the file already contains a project id.


Configuration files

versioneye-update“ now also supports configuration files. Such a configuration file can either be created automatically upon creation of a VersionEye project or can be created manually. The configuration file uses the JSON form and contains command line parameters.

   "projectid": "12345abcdef12345abcdef12",
   "listoutdated": true,
   "dump": true,

First the ".versioneye-update.json" file in the user`s home directory will be used, if this file exists. Usually you would save the API key in this file and protect it by using the file system access rights.
In the „package manager file mode“ the file ".versioneye-update.json" will be used next, in the „global mode“ the file ".versioneye-update.json" in the current working directory will be used. Command line parameters specified in this file override the settings of the file in the home directory.
Any given parameter on the command line will finally override the settings from the read files.
This concept allows common settings to be specified in the home directory which is especially useful for the api key.
All project specific settings are done in the project specific settings file like the project ID or the setting if a license violation should break the Jenkins Build.
The npm module is open source and can be used freely. The source is available in the public GitHub account of Onwerk, the is also an installation guide.
All blog posts covering versioneye-update

geschrieben von onwerk am 30. September 2016 um 15:54

Nach oben
Zur Desktop-Version