
Show HN: ZPDer – informs you when an NPM package you use is upgraded - shaharsol
http://zpder.herokuapp.com
======
colemickens
Seems like [https://greenkeeper.io/](https://greenkeeper.io/) is a similar
idea with more polish (and with paid options). No affiliation, I've just seen
GreenKeeper in action on the Kube Dashboard repo.

~~~
chrisfosterelli
+1 for this. We've been using Greenkeeper on a number of projects and it's
amazing!

------
simlevesque
I run 'npm-check -u' [1] every morning on my develop branch and then I run my
tests. I never thought about automating that part of my workflow. Sadly I
don't host on GitHub.

1\. [https://www.npmjs.com/package/npm-
check](https://www.npmjs.com/package/npm-check)

------
eliaspro
And the duct-taping of the NPM ecosystem goes on and on and on...

~~~
awinder
How do you mean? There's some simple native support for checking if packages
are outdated (npm outdated), and there's additional tooling that ties into
various exposed APIs. If this is a comment on npm not just doing everything
for everyone as part of the native package then...
[https://en.wikipedia.org/wiki/Unix_philosophy](https://en.wikipedia.org/wiki/Unix_philosophy)

------
vonklaus
One of my frustrations is updating submodule deps. The above link seems
interesting, but most projects I work on are small enough that hovering over
the dep in pckg.json file in vscode lets me know what is the latest. At the
top level, I don't have much trouble managing updatea, however what about deps
of deps and so on? It is hard to update these, and sometimes it breaks/is
manual. Then it is overwritten when a new npm install ia run.

------
Klathmon
How often does it send an email, and where is the changelog pulled from?

So if 10 things update tomorrow will it get 10 emails? Can it be setup to run
weekly or longer?

~~~
shaharsol
A good thought. It sends an email on each upgrade, however in my experience it
doesn't happen SO often, tops two-three times a day, depends of course on the
volume of packages you use. But it's a good idea to have a daily digest,
thanks for that.

~~~
Klathmon
My only request is that the email "digest" be configurable. Being able to set
this up to notify me once per week, or even once per month would be awesome. I
could spend that one time to upgrade my deps, then lock them back down again
until the next one.

------
orliesaurus
is this related to libraries.io by any chance?

~~~
shaharsol
not at all. didn't even know it existed...

------
petetnt
Here's the source code, might be worth linking to on the page too:
[https://github.com/TikalLab/zpder](https://github.com/TikalLab/zpder)

------
sillysaurus3
Good execution.

Does this scan private repos?

~~~
shaharsol
Yes it does. This is btw why we ask for the "repo" permission and not only for
"public-repo" permission.

~~~
rickhanlonii
Love this idea, but can't connect a private repo to grant access to all our
code. Any plans to allow uploading a package.json to achieve the same thing
(understanding that it's my responsibility to keep it up to date)?

~~~
shaharsol
no plans for that yet but now that you raised the point...

------
regularfry
Obligatory: dependencyci.com, which does the a very similar thing.

------
itsbits
is it only when a package is have wild cards like *, ^ in versions or all the
time?

~~~
shaharsol
All the time. Even if you use a specific version, wouldn't you like to be in
the know about the latest version, so you may consider upgrading?

