Outdated package detection

[kentcdodds]

Refactor dependency installation check to use npm ls to accurately detect missing or invalid packages.

The previous custom logic for checking installed packages was flawed, leading to missed update notifications. Using npm ls provides a more robust and reliable way to determine if dependencies are correctly installed and satisfy their version ranges.

---

 

---

Note

Refactors dependency installation checks to rely on npm|pnpm ls --json via execa, improving detection of missing/invalid packages.

• Introduces parseNpmLsOutput and checkDependenciesWithNpmLs to parse ls output and map failing deps; removes filesystem-based node_modules scanning
• Deduplicates expected deps; optional deps no longer trigger install requirement; continues to compute a stable dependency hash
• Standardizes reasons by removing missing-node-modules and using missing-dependencies or up-to-date
• Updates tests to mock execa, assert ls invocation, and cover package manager detection, scoped/dev/optional deps, and multi-root workspaces

^{Written by Cursor Bugbot for commit 5c7996d. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 5c7996d

Command	Status	Duration	Result
nx run-many --target typecheck	✅ Succeeded	16s	View ↗
nx lint	✅ Succeeded	49s	View ↗
nx run-many --target build	✅ Succeeded	<1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-01-22 05:49:04 UTC

[cursor]

Bugbot Autofix resolved both bugs: package manager detection now uses pnpm instead of hardcoded npm, and optional dependencies no longer trigger install requirements.

• ✅ Fixed: Always uses npm regardless of detected package manager
  • Modified checkDependenciesWithNpmLs to accept and use the detected package manager parameter, using pnpm when detected instead of hardcoded npm.
• ✅ Fixed: Missing optional dependencies now incorrectly trigger install
  • Changed dependenciesNeedInstall to only consider missing regular and dev dependencies, excluding optional dependencies as intended by their semantic meaning.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is ON. A Cloud Agent has been kicked off to fix the reported issue.}

[cursor]

Bugbot Autofix resolved the bug found in the latest run.

• ✅ Fixed: Unused type value after refactor
  • Removed the unused 'missing-node-modules' value from the reason type union since it is never assigned in the current implementation.