dep-up-surgeon 1.6.2 → 1.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +41 -0
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1,7 +1,41 @@
1
1
  # dep-up-surgeon
2
2
 
3
+ [![npm version](https://img.shields.io/npm/v/dep-up-surgeon.svg)](https://www.npmjs.com/package/dep-up-surgeon)
4
+ [![npm downloads](https://img.shields.io/npm/dm/dep-up-surgeon.svg)](https://www.npmjs.com/package/dep-up-surgeon)
5
+ [![npm license](https://img.shields.io/npm/l/dep-up-surgeon.svg)](https://www.npmjs.com/package/dep-up-surgeon)
6
+ [![npm unpacked size](https://img.shields.io/npm/unpacked-size/dep-up-surgeon.svg)](https://www.npmjs.com/package/dep-up-surgeon)
7
+ [![Node.js engines](https://img.shields.io/node/v/dep-up-surgeon.svg)](https://github.com/alexlibe95/dep-up-surgeon/blob/main/package.json)
8
+ [![TypeScript](https://img.shields.io/badge/TypeScript-6.x-3178c6?logo=typescript&logoColor=white)](https://github.com/alexlibe95/dep-up-surgeon)
9
+ [![GitHub stars](https://img.shields.io/github/stars/alexlibe95/dep-up-surgeon?style=social)](https://github.com/alexlibe95/dep-up-surgeon)
10
+ [![GitHub forks](https://img.shields.io/github/forks/alexlibe95/dep-up-surgeon?style=social)](https://github.com/alexlibe95/dep-up-surgeon)
11
+ [![GitHub issues](https://img.shields.io/github/issues/alexlibe95/dep-up-surgeon.svg)](https://github.com/alexlibe95/dep-up-surgeon/issues)
12
+ [![GitHub pull requests](https://img.shields.io/github/issues-pr/alexlibe95/dep-up-surgeon.svg)](https://github.com/alexlibe95/dep-up-surgeon/pulls)
13
+ [![GitHub contributors](https://img.shields.io/github/contributors/alexlibe95/dep-up-surgeon.svg)](https://github.com/alexlibe95/dep-up-surgeon/graphs/contributors)
14
+ [![Last commit](https://img.shields.io/github/last-commit/alexlibe95/dep-up-surgeon/main.svg)](https://github.com/alexlibe95/dep-up-surgeon/commits/main)
15
+ [![Commit activity](https://img.shields.io/github/commit-activity/m/alexlibe95/dep-up-surgeon.svg)](https://github.com/alexlibe95/dep-up-surgeon/graphs/commit-activity)
16
+ [![Libraries.io release](https://img.shields.io/librariesio/release/npm/dep-up-surgeon.svg)](https://libraries.io/npm/dep-up-surgeon)
17
+ [![Libraries.io dependents](https://img.shields.io/librariesio/dependents/npm/dep-up-surgeon.svg)](https://libraries.io/npm/dep-up-surgeon)
18
+ [![Snyk vulnerabilities](https://snyk.io/test/npm/dep-up-surgeon/badge.svg)](https://snyk.io/test/npm/dep-up-surgeon)
19
+
20
+ **Quick links:** [npm package](https://www.npmjs.com/package/dep-up-surgeon) · [GitHub repository](https://github.com/alexlibe95/dep-up-surgeon) · [Issues](https://github.com/alexlibe95/dep-up-surgeon/issues) · [Pull requests](https://github.com/alexlibe95/dep-up-surgeon/pulls) · [Socket (supply chain & maintenance)](https://socket.dev/npm/package/dep-up-surgeon) · [deps.dev (Open Source Insights)](https://deps.dev/npm/dep-up-surgeon) · [Snyk Advisor](https://snyk.io/advisor/npm-package/dep-up-surgeon) · [Libraries.io](https://libraries.io/npm/dep-up-surgeon) · [npms score](https://npms.io/search?q=dep-up-surgeon) · [Bundlephobia](https://bundlephobia.com/package/dep-up-surgeon) · [OpenSSF Scorecard (repo)](https://scorecard.dev/viewer/?uri=github.com/alexlibe95/dep-up-surgeon)
21
+
3
22
  Production-oriented CLI that upgrades **npm** dependencies with **`npm install` + validation** after each change, and **rolls back** on failure. It is **framework-agnostic**: grouping and conflict handling come from **registry metadata** and **parsed npm output**, not hardcoded stacks (React, Angular, etc.).
4
23
 
24
+ ### Package listings and security tools
25
+
26
+ | Where | What you get |
27
+ |--------|----------------|
28
+ | **[npm](https://www.npmjs.com/package/dep-up-surgeon)** | Current version, **readme**, **dependencies**, dist tags, publish time, tarball **integrity** (`sha512`), download counts, maintainers, and npm’s own **Security** / advisory context for the ecosystem. |
29
+ | **[GitHub](https://github.com/alexlibe95/dep-up-surgeon)** | **Stars**, **forks**, **issues**, **pull requests**, **commits**, **contributors**, source tree, and (if enabled) **Dependabot** / **Security** advisories for the repo. |
30
+ | **[Socket](https://socket.dev/npm/package/dep-up-surgeon)** | Supply-chain style view: **maintenance**, **license**, **dependencies**, and related signals npm users often open in dedicated security UIs. |
31
+ | **[deps.dev](https://deps.dev/npm/dep-up-surgeon)** | Google **Open Source Insights**: dependency graph, versions, licenses, and cross-ecosystem metadata. |
32
+ | **[Snyk](https://snyk.io/test/npm/dep-up-surgeon)** | Known **vulnerability** reports for the published package (always re-check with `npm audit` in *your* project). |
33
+ | **[Libraries.io](https://libraries.io/npm/dep-up-surgeon)** | Release history, **reverse dependencies** (who depends on this package), and ecosystem metadata. |
34
+ | **[npms](https://npms.io/search?q=dep-up-surgeon)** | Search **quality score** (maintenance, popularity, dependencies) used by many npm search front-ends. |
35
+ | **[OpenSSF Scorecard](https://scorecard.dev/viewer/?uri=github.com/alexlibe95/dep-up-surgeon)** | Automated **security health** checks for the GitHub repository (when the project is indexed). |
36
+
37
+ **Note:** Badges above pull live data from **npm**, **GitHub**, **Libraries.io**, and **Snyk**; numbers change as the package and repo evolve. For **your** app’s risk after installing any tool, always run **`npm audit`** (and your own policy) in the project directory.
38
+
5
39
  With **`--link-groups auto`** (default) it **clusters** upgrades using a **dependency graph** built from the npm registry (see below) plus optional **`.dep-up-surgeonrc`** `linkedGroups`. Use **`--link-groups none`** for strict one-package-at-a-time behavior.
6
40
 
7
41
  ## Install
@@ -108,9 +142,16 @@ Use this for CI or tooling that needs structured results.
108
142
 
109
143
  ## Safety
110
144
 
145
+ **Runtime behavior (this CLI)**
146
+
111
147
  - Before the first real change, the tool copies `package.json` to `package.json.dep-up-surgeon.bak`.
112
148
  - On uncaught errors, it tries to restore `package.json` from that backup. If that happens, run `npm install` again to sync `node_modules`.
113
149
 
150
+ **Supply chain & registry trust**
151
+
152
+ - Use the **[Package listings and security tools](#package-listings-and-security-tools)** table above for links to **Socket**, **deps.dev**, **Snyk**, **npm**, and **GitHub** signals (stars, issues, dependents).
153
+ - After installing or upgrading dependencies—including this tool—run **`npm audit`** in your project and follow your organization’s policy for **allowlists** and **lockfile** review.
154
+
114
155
  ## Output example
115
156
 
116
157
  ```
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "dep-up-surgeon",
3
- "version": "1.6.2",
3
+ "version": "1.6.4",
4
4
  "description": "Upgrade npm dependencies one-by-one with validation, rollback, and conflict reporting.",
5
5
  "main": "dist/cli.js",
6
6
  "bin": {