inup 1.5.0 → 1.5.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Donfear
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,49 +1,45 @@
-# 🚀 inup
+# inup — Interactive Dependency Upgrader
 
 [![npm version](https://img.shields.io/npm/v/inup?logo=npm&logoColor=%23CB3837&style=for-the-badge&color=crimson)](https://www.npmjs.com/package/inup)
 [![Downloads](https://img.shields.io/npm/dm/inup?style=for-the-badge&color=646CFF&logoColor=white)](https://www.npmjs.com/package/inup)
 [![Total downloads](https://img.shields.io/npm/dt/inup?style=for-the-badge&color=informational)](https://www.npmjs.com/package/inup)
+[![CI](https://img.shields.io/github/actions/workflow/status/donfear/inup/ci.yml?branch=main&style=for-the-badge&label=CI)](https://github.com/donfear/inup/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg?style=for-the-badge)](https://github.com/donfear/inup/blob/main/LICENSE)
 
-Upgrade your dependencies interactively. Works with npm, yarn, pnpm, and bun.
+Interactively upgrade outdated dependencies across npm, yarn, pnpm, and bun. Auto-detects your package manager, works in monorepos and workspaces, and requires zero configuration.
 
 ![Interactive Upgrade Demo](docs/demo/interactive-upgrade.gif)
 
-## 🚀 Usage
+## Quick Start
 
 ```bash
 npx inup
 ```
 
-Or install globally:
+Or install globally with your preferred package manager:
 
 ```bash
 npm install -g inup
+pnpm add -g inup
+yarn global add inup
+bun add -g inup
 ```
 
-That's it. The tool scans your project, finds outdated packages, and lets you pick what to upgrade.
+Run `inup` in any project — it scans for outdated packages and lets you pick what to upgrade.
 
-## 💡 Why inup?
+## Why inup?
 
-- **Inclusive by Default**: We load Dev, Peer, and Optional dependencies automatically. No more restarting the tool because you forgot a `--peer` flag.
-- **Live Toggles**: Toggle dependency types (`d`, `p`, `o`) on the fly without exiting.
-- **Zero Config**: Auto-detects your package manager.
-- **Monorepo Ready**: Seamlessly handles workspaces.
-- **Modern UX**: Search with `/`, view package details with `i`, and swap themes with `t`.
+- **All Dependencies at Once** — Dev, peer, and optional dependencies load automatically. No more re-running with `--peer` or `--dev` flags.
+- **Live Toggles** — Filter dependency types (`d`, `p`, `o`) on the fly without restarting.
+- **Zero Config** — Auto-detects npm, yarn, pnpm, or bun from your lockfile.
+- **Monorepo Ready** — Discovers and upgrades across workspaces seamlessly.
+- **Vulnerability Audit** — Flags known security vulnerabilities right in the package list so you know what's risky before upgrading.
+- **Changelog Viewer** — Read release notes and changelogs inline without leaving the terminal.
+- **Built-in Search** — Press `/` to filter packages instantly.
+- **Package Details** — Press `i` to view package info, download stats, and more.
+- **Themes** — Press `t` to switch between color themes.
 
-## ⌨️ Keyboard Shortcuts
-
-- `↑/↓` - Navigate packages
-- `←/→` - Select version (current, patch, minor, major)
-- `Space` - Toggle selection
-- `m` - Select all minor updates
-- `l` - Select all latest updates
-- `u` - Unselect all
-- `/` - Search packages
-- `t` - Change theme
-- `i` - View package info
-- `Enter` - Confirm and upgrade
-
-## ⚙️ Options
+## Options
 
 ```bash
 inup [options]
@@ -56,12 +52,25 @@ inup [options]
 --debug                       Write verbose debug logs
 ```
 
-## 🔒 Privacy
+## Keyboard Shortcuts
+
+| Key | Action |
+|-----|--------|
+| `↑` `↓` | Navigate packages |
+| `←` `→` | Select version (current, patch, minor, major) |
+| `Space` | Toggle selection |
+| `m` | Select all minor updates |
+| `l` | Select all latest updates |
+| `u` | Unselect all |
+| `/` | Search packages |
+| `i` | View package info |
+| `t` | Change theme |
+| `Enter` | Confirm and upgrade |
 
-We don't track anything. Ever.
+## Privacy
 
-Version checks and package metadata are fetched from the npm registry. When needed for immutable exact-version manifests, inup may also fetch a pinned `package.json` from jsDelivr. Weekly download counts come from the npm downloads API.
+No tracking, no telemetry, no data collection. Package metadata is fetched directly from the npm registry. Download counts come from the npm downloads API. When needed for exact-version manifests, inup may fetch a pinned `package.json` from jsDelivr.
 
-## 📄 License
+## License
 
-MIT
+[MIT](LICENSE)

package/dist/cli.js

@@ -4,6 +4,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.runCli = runCli;
 const commander_1 = require("commander");
 const chalk_1 = __importDefault(require("chalk"));
 const fs_1 = require("fs");
@@ -12,23 +13,23 @@ const index_1 = require("./index");
 const services_1 = require("./services");
 const config_1 = require("./config");
 const utils_1 = require("./utils");
+const git_1 = require("./utils/git");
+const terminal_input_1 = require("./ui/utils/terminal-input");
 const packageJson = JSON.parse((0, fs_1.readFileSync)((0, path_1.join)(__dirname, '../package.json'), 'utf-8'));
 const program = new commander_1.Command();
-program
-    .name('inup')
-    .description('Interactive upgrade tool for package managers. Auto-detects and works with npm, yarn, pnpm, and bun.')
-    .version(packageJson.version)
-    .option('-d, --dir <directory>', 'specify directory to run in', process.cwd())
-    .option('-e, --exclude <patterns>', 'exclude paths matching regex patterns (comma-separated)', '')
-    .option('-i, --ignore <packages>', 'ignore packages (comma-separated, supports glob patterns like @babel/*)')
-    .option('--max-depth <number>', 'maximum directory depth for package.json discovery', '10')
-    .option('--package-manager <name>', 'manually specify package manager (npm, yarn, pnpm, bun)')
-    .option('--debug', 'write verbose debug log to /tmp/inup-debug-YYYY-MM-DD.log')
-    .action(async (options) => {
+async function runCli(options) {
     const cwd = (0, path_1.resolve)(options.dir);
     if (options.debug || process.env.INUP_DEBUG === '1') {
         (0, utils_1.enableDebugLogging)();
     }
+    const gitState = (0, git_1.getGitWorkingTreeState)(cwd);
+    if (gitState.isRepo && gitState.isDirty) {
+        const shouldProceed = await terminal_input_1.TerminalInput.promptForImmediateConfirmation(`${chalk_1.default.yellow('Warning:')} dirty working tree. Proceed anyway? ${chalk_1.default.dim('[y/N]')} `, false);
+        if (!shouldProceed) {
+            console.log(chalk_1.default.yellow('Upgrade cancelled.'));
+            return;
+        }
+    }
     // Load project config from .inuprc
     const projectConfig = (0, config_1.loadProjectConfig)(cwd);
     // Merge CLI exclude patterns with config
@@ -99,7 +100,18 @@ program
         console.log(chalk_1.default.yellow('└' + '─'.repeat(78) + '┘'));
         console.log('');
     }
-});
+}
+program
+    .name('inup')
+    .description('Interactive upgrade tool for package managers. Auto-detects and works with npm, yarn, pnpm, and bun.')
+    .version(packageJson.version)
+    .option('-d, --dir <directory>', 'specify directory to run in', process.cwd())
+    .option('-e, --exclude <patterns>', 'exclude paths matching regex patterns (comma-separated)', '')
+    .option('-i, --ignore <packages>', 'ignore packages (comma-separated, supports glob patterns like @babel/*)')
+    .option('--max-depth <number>', 'maximum directory depth for package.json discovery', '10')
+    .option('--package-manager <name>', 'manually specify package manager (npm, yarn, pnpm, bun)')
+    .option('--debug', 'write verbose debug log to /tmp/inup-debug-YYYY-MM-DD.log')
+    .action(runCli);
 // Handle uncaught errors gracefully
 process.on('uncaughtException', (error) => {
     console.error(chalk_1.default.red('Uncaught Exception:'), error.message);
@@ -128,5 +140,7 @@ process.on('SIGTERM', () => {
     console.log(chalk_1.default.yellow('\n\nOperation cancelled.'));
     process.exit(0);
 });
-program.parse();
+if (require.main === module) {
+    program.parse();
+}
 //# sourceMappingURL=cli.js.map

package/dist/ui/utils/terminal-input.js

@@ -60,7 +60,7 @@ exports.TerminalInput = {
             },
         };
     },
-    promptForConfirmation(prompt) {
+    promptForConfirmation(prompt, defaultValue = true) {
         return new Promise((resolve) => {
             const rl = readline.createInterface({
                 input: process.stdin,
@@ -73,10 +73,53 @@ exports.TerminalInput = {
             };
             rl.question(prompt, (answer) => {
                 const normalizedAnswer = answer.trim().toLowerCase();
-                finish(normalizedAnswer === '' || normalizedAnswer === 'y' || normalizedAnswer === 'yes');
+                if (normalizedAnswer === '') {
+                    finish(defaultValue);
+                    return;
+                }
+                finish(normalizedAnswer === 'y' || normalizedAnswer === 'yes');
             });
             rl.on('SIGINT', () => finish(false));
         });
     },
+    promptForImmediateConfirmation(prompt, defaultValue = true) {
+        return new Promise((resolve) => {
+            process.stdout.write(prompt);
+            let cleanup = () => { };
+            const finish = (value) => {
+                cleanup();
+                process.stdout.write('\n');
+                resolve(value);
+            };
+            try {
+                const session = exports.TerminalInput.startKeypressSession((str, key) => {
+                    const normalized = str.trim().toLowerCase();
+                    if (key.name === 'return' || key.name === 'enter') {
+                        finish(defaultValue);
+                        return;
+                    }
+                    if (normalized === 'y') {
+                        finish(true);
+                        return;
+                    }
+                    if (normalized === 'n') {
+                        finish(false);
+                        return;
+                    }
+                    if (key.ctrl && key.name === 'c') {
+                        finish(false);
+                    }
+                });
+                cleanup = () => {
+                    session.close();
+                };
+            }
+            catch {
+                exports.TerminalInput.promptForConfirmation(prompt, defaultValue)
+                    .then(resolve)
+                    .catch(() => resolve(false));
+            }
+        });
+    },
 };
 //# sourceMappingURL=terminal-input.js.map

package/dist/utils/git.js

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getGitWorkingTreeState = getGitWorkingTreeState;
+const child_process_1 = require("child_process");
+/**
+ * Detect whether cwd is a git work tree and whether it has local changes.
+ * Fail soft if git is unavailable or cwd is not a repository.
+ */
+function getGitWorkingTreeState(cwd) {
+    try {
+        const isInsideWorkTree = (0, child_process_1.execSync)('git rev-parse --is-inside-work-tree', {
+            cwd,
+            encoding: 'utf-8',
+            stdio: ['ignore', 'pipe', 'ignore'],
+        }).trim();
+        if (isInsideWorkTree !== 'true') {
+            return { isRepo: false, isDirty: false };
+        }
+        const status = (0, child_process_1.execSync)('git status --porcelain', {
+            cwd,
+            encoding: 'utf-8',
+            stdio: ['ignore', 'pipe', 'ignore'],
+        });
+        return {
+            isRepo: true,
+            isDirty: status.trim().length > 0,
+        };
+    }
+    catch {
+        return { isRepo: false, isDirty: false };
+    }
+}
+//# sourceMappingURL=git.js.map

package/dist/utils/index.js

@@ -20,6 +20,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.collectAllDependenciesAsync = exports.readPackageJsonAsync = void 0;
 __exportStar(require("./filesystem"), exports);
 __exportStar(require("./exec"), exports);
+__exportStar(require("./git"), exports);
 __exportStar(require("./version"), exports);
 __exportStar(require("./debug-logger"), exports);
 // Re-export async functions for convenience

package/package.json

@@ -1,26 +1,33 @@
 {
   "name": "inup",
-  "version": "1.5.0",
-  "description": "Interactive CLI tool for upgrading dependencies with ease. Auto-detects and works with npm, yarn, pnpm, and bun. Inspired by yarn upgrade-interactive. Supports monorepos, workspaces, and batch upgrades.",
+  "version": "1.5.1",
+  "description": "Interactive dependency upgrader for npm, yarn, pnpm & bun. Zero-config, monorepo-ready. Upgrade-interactive for every package manager.",
   "main": "dist/index.js",
   "bin": {
     "inup": "./dist/cli.js"
   },
   "author": "Donfear",
   "keywords": [
+    "upgrade-interactive",
+    "interactive",
+    "dependency-management",
+    "outdated",
+    "upgrade",
+    "update",
     "npm",
     "yarn",
     "pnpm",
     "bun",
-    "upgrade",
-    "interactive",
-    "cli",
-    "package-manager",
-    "dependency-management",
-    "yarn-upgrade-interactive",
     "monorepo",
     "workspace",
-    "batch-upgrade"
+    "cli",
+    "vulnerability",
+    "audit",
+    "changelog",
+    "package-manager",
+    "dependencies",
+    "semver",
+    "ncu"
   ],
   "license": "MIT",
   "homepage": "https://github.com/donfear/inup#readme",