Node Engine Not Specified (Diff output w/diff versions)

[CelticParser]

What Node engine npm-check is attended to be ran in? The engine is not specified in the nmp-check package.json?

e.g.:

{ "engines" : { "node" : ">=0.10.3 <0.12" } }

I happen to notice after switching to a different Node release, a known-outdated dependency was not being detected anymore. I ran tests using v0.10.3, v0.12.0 & v4.2.1 and with each node environment, npm-check outputted different results (see attached screenshot) as well with npm-check -u. If I ran the same test within the same Node environment, the results were consistent with that node version.

Also, I have known outdated dependencies at --depth=3 and --depth=7 and node-check misses them. I tested by randomly picking a module at various depths and:

npm uninstall <random-dependency>
npm i <random-dependency@DEPRECIATED_VERSION>
//and then ran:
npm-check

and it missed them.

Also, Thnx for spending the extra time implementing the interactive mode! The Team will love it once I know I can use it. -j

[dylang]

Wow, great find! I jump between node versions too and haven't seen this issue.

Are you using nvm or n to choose the node version?

With n the node_modules directory is shared across node versions which can cause weird problems.

Can you do a which npm-check and npm-check --version on each of them?

[dylang]

[dylang]

Also, I have known outdated dependencies at --depth=3 and --depth=7 and node-check misses them. I tested by randomly picking a module at various depths

The goal of npm-check is to see what in your package.json could be updated, it doesn't check the dependencies of the packages you depend on. I might add a recursive option, but it's going to take a long time to query the registry for hundreds of modules so I'm not sure how useful it will be.

[CelticParser]

Thnx for getting back quickly. I am using nvm. Which = /home/ubuntu/workspace/node_modules/.bin/npm-check with all three Node releases and 4.0.3 is the same as well.

Could it be a npm version issue? didn't think to test that 'til now. I am running on 2.14.7. Also run your test using $ npm-check. I see in your screen shots you used $ npm-check -u. It's prevalent if you drop the interactive mode.

[CelticParser]

The goal of npm-check is to see what in your package.json could be updated, it doesn't check the dependencies of the packages you depend on. I might add a recursive option, but it's going to take a long time to query the registry for hundreds of modules so I'm not sure how useful it will be.

I miss understood and I thought it was running too fast.

Adding a --recursive flag would be a huge enhancement being the sole purpose of us using this module is for security checking. I realize it would take a long while to run thru everything but it would flag obsolete modules. Them we can sift thru them and investigate if they may have had vulnerabilities. We have a tool for that too but it only works if its in the nps database (I'm an advocate for redundancy testing).

Also, adding a print to log while using --recursive would be going above and beyond. Then our TODO.md generator can sniff the log for use later.

Keep me posted and let me know if you want me to open another issue (enhancement request) related to this.

Thnx -j

[dylang]

with all three Node releases and 4.0.3 is the same as well

It sounds like you might have your prefix hardcoded in the npmrc, which was a common practice before nvm.

If you don't want to do that, you can try re-installing with each version of node to see if it fixes the problem, however I just tried your setup and didn't have your issue.

Can you tell me what registry you are using for each version of node?

npm config get registry

It's just strange that the error is that it can't get to the registry.

If you'd like to discuss the recursive option further can you open a new issue to keep them separated?

[dylang]

I'm going to close this as it doesn't seem like an issue with npm-check. Feel free to leave more feedback if you figure out what was not working.

[CelticParser]

I sent a PM to your public email.