Automate your node dependency updates

A reasonably large Node application will have 100’s of dependencies. Keeping them all updated is a 🧹chore a developer needs to perform at some point. Either you ignore the dependency updates until you are stuck with a very old set of dependencies hindering your progress with 🦹‍♂️ security vulnerabilities or you spend your valuable application development time manually testing out the updates on a reasonable cadence.
Let’s see how to automate this process in an enterprise environment assuming you have some kind of CI/CD environment and a private GitHub repo.

🥒 Ingredients

Solid unit tests for your code. Bonus points if you have end to end tests and snapshot tests for UI components

next-update
An npm package which tests whether your dependencies can be updated without breaking the tests.

hub CLI
This is a command-line application from Git”Hub" which can interact with your GitHub repo. hub is exactly similar to git CLI and a drop-in replacement but has added features to interact with GitHub. Handy to open a Pull Request after the update operation.

📝 Recipe

npm install next-update –save-dev
Install next-update as a dev-dependency.
Configure an npm script dep:update in your package.json scripts section

// package.json
{
"name": "a-sample-node-project",
"version": "0.0.1",
"description": "A sample node project",
"scripts": {
"test": "jest",
"start": "node app.js",
"dep:update": "next-update" // Configure an npm script
},
"devDependencies": {
"next-update": "^3.6.0"
},
"dependencies": {
},
}

npm run dep:update
Run the script. next-update will go ahead and find all new packages. Updates them in sequence and keep the update if your tests pass.
Download and install the hub cli

# download-hub.sh
HUB_CLI=/opt/hub-linux/bin/hub

if [[ ! -f $HUB_CLI ]]; then
wget https://github.com/github/hub/releases/download/v2.12.2/hub-linux-amd64-2.12.2.tgz
tar zxvf hub-linux-amd64-2.12.2.tgz
rm -rf hub-linux-amd64-2.12.2.tgz /opt/hub-linux
mv hub-linux-amd64-2.12.2 /opt/hub-linux
fi

Configure hub

git config –global –replace-all hub.host github.yourdomain.com
git config –global –replace-all hub.protocol git

Instruct the 🤖 bot to open a Pull Request

$HUB_CLI add package.json package-lock.json
$HUB_CLI commit -m "🤖 [BOT] Automated dependency update"
$HUB_CLI pull-request \
–push \
-m "Pull Request Subject" \
-m "Pull Request Description" \
–no-edit \
–reviewer user-id1,user-id2

Hook up this script in your CI/CD environment to run daily

Wrapping up

We saw how to check and update the node dependencies and automate the process of opening a PR. If your project is open-source, you may use a service like Greenkeeper.
Cheers

Please find my previous writings on Medium:

One side rounded rectangle using SVG
Visual Studio Code — Debug Mode
I want TypeScript to succeed.
What’s in my laptop?
CoffeeScript’s most loved feature soon in JavaScript

Link: https://dev.to/dennismphil/automate-your-node-dependency-updates-4aga