Automate your node dependency updates

A reasonably large Node application will have 100's of dependencies. Keeping them all updated is a chore a developer needs to perform at some point. Either you ignore the dependency updates until you are stuck with a very old set of dependencies hindering your progress with security vulnerabilities or you spend your valuable application development time manually testing out the updates on a reasonable cadence.

Let's see how to automate this process in an enterprise environment assuming you have some kind of CI/CD environment and a private GitHub repo.

Ingredients

1. Solid unit tests for your code. Bonus points if you have end to end tests and snapshot tests for UI components
2. next-updateAn npm package which tests whether your dependencies can be updated without breaking the tests.
3. hub CLIThis is a command-line application from Git"Hub" which can interact with your GitHub repo. hub is exactly similar to git CLI and a drop-in replacement but has added features to interact with GitHub. Handy to open a Pull Request after the update operation.

Recipe

• npm install next-update --save-dev
  Install next-update as a dev-dependency.

• Configure an npm script dep:update in your package.json scripts section

    // package.json    {      "name": "a-sample-node-project",      "version": "0.0.1",      "description": "A sample node project",      "scripts": {        "test": "jest",        "start": "node app.js",        "dep:update": "next-update" // Configure an npm script      },      "devDependencies": {        "next-update": "^3.6.0"      },      "dependencies": {      },    }

• npm run dep:update
  Run the script. next-update will go ahead and find all new packages. Updates them in sequence and keep the update if your tests pass.

• Download and install the hub cli

    # download-hub.sh    HUB_CLI=/opt/hub-linux/bin/hub    if [[ ! -f $HUB_CLI ]]; then       wget https://github.com/github/hub/releases/download/v2.12.2/hub-linux-amd64-2.12.2.tgz        tar zxvf hub-linux-amd64-2.12.2.tgz        rm -rf hub-linux-amd64-2.12.2.tgz /opt/hub-linux       mv hub-linux-amd64-2.12.2 /opt/hub-linux    fi

• Configure hub

    git config --global --replace-all hub.host github.yourdomain.com    git config --global --replace-all hub.protocol git

• Instruct the bot to open a Pull Request

    $HUB_CLI add package.json package-lock.json    $HUB_CLI commit -m " [BOT] Automated dependency update"    $HUB_CLI pull-request \        --push \        -m "Pull Request Subject" \        -m "Pull Request Description" \        --no-edit \        --reviewer user-id1,user-id2

• Hook up this script in your CI/CD environment to run daily

Wrapping up

We saw how to check and update the node dependencies and automate the process of opening a PR. If your project is open-source, you may use a service like Greenkeeper.

Cheers

Please find my previous writings on Medium:

1. One side rounded rectangle using SVG
2. Visual Studio Code Debug Mode
3. I want TypeScript to succeed.
4. Whats in my laptop?
5. CoffeeScripts most loved feature soon in JavaScript