NPM Outdated Check

• Features
  • Planned
• Inputs
  • Permissions
• Outputs
• Comment Options
• Comment Examples
• Examples
• Tags
• Support
• Contributing

Action to report npm outdated packages on a pull request and add a customizable comment, also includes output of npm-check-updates and npm update --dry-run.

This action will comment on a PR if packages are outdated. As packages are updated, the comment is updated. No comment is added on pulls when everything is up-to-date to reduce spam.

You can customize the heading, column visibility, column order, and reporting on wanted or latest. Check out the Comment Examples to see more.

Note

This action is under active development.
Please request any features you would like to see and report any issues you find.

Warning

This action no longer works on the master branch.
The latest tag is also being sunset very soon.
If you need a rolling tag use the @release branch.

Features

• Automatically report npm outdated packages on a PR and add a comment.
• Report wanted and latest with option to only report wanted.
• Option to exclude packages by name from being reported.
• Option to customize columns visibility and columns order.
• Option to display results expanded or collapsed.
• Option to display npx npm-check-updates output.
• Option to display npm update --dry-run output.
• Outputs outdated, ncu, update, and markdown results.

Planned

• Custom Column Alignment
• Custom Column Titles
• Custom Section Text

Want to show package changes on release notes? Check out: cssnr/package-changelog-action
Want to automatically updated tags on release? Check out: cssnr/update-version-tags-action

If you would like to see a new feature, please submit a feature request.

Inputs

Input	Req.	Default Value	Input Description
columns	-	n,c,w,l	Customize Table Columns ⤵️
latest	-	true	Report if Latest > Wanted ⤵️
heading	-	### NPM Outdated Check	Comment Heading ⤵️
open	-	true	Details Open by Default ⤵️
ncu	-	true	Show npm-check-updates Output ⤵️
update	-	true	Show npm update --dry-run Output ⤵️
link	-	true	Use Hyperlink for Names ⤵️
exclude	-	-	CSV of Package Names to Exclude ⤵️
fail	-	false	Fail Job if Updates are Found ⤵️
summary	-	true	Add Workflow Job Summary *
token	-	github.token	For use with a PAT

summary: Will add result details to the job summary on the workflow run.

👀 View Example Job Summary

---

PR Comment: #4

PR Comment will Appear Here

Config

columns: ["n","c","w","l"]
latest: true
heading: "### NPM Outdated Check"
open: true
ncu: true
update: true
link: true
summary: true

---

At a minimum, you need to checkout the repository. The workspace should also be somewhat "clean". The action will run a npm clean-install npm ci. If this fails it will report the errors and skip the checks.

- name: 'Checkout'
  uses: actions/checkout@v4

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  continue-on-error: true

Note: continue-on-error: true is used to prevent the workflow from failing if the action fails.

If you want the job to fail, remove continue-on-error and set fail: true.

See the Comment Options for more details on inputs.

You can also view more Examples below.

Permissions

This action requires the following permissions to add pull request comments:

permissions:
  pull-requests: write

Permissions documentation for Workflows and Actions.

Outputs

Output	Empty	Output Description
outdated	{}	Outdated JSON Object
ncu		NPM Check Updates Output
update		NPM Update Dry Run Output
markdown	-	Results Markdown Output

This outputs the outdated JSON object string, ncu output, npm update output, and the markdown results.

- name: 'NPM Outdated Check'
  id: outdated
  uses: cssnr/npm-outdated-action@master

- name: 'Echo Output'
  env:
    OUTDATED: ${{ steps.outdated.outputs.outdated }}
    NCU: ${{ steps.outdated.outputs.ncu }}
    UPDATE: ${{ steps.outdated.outputs.update }}
    MARKDOWN: ${{ steps.outdated.outputs.markdown }}
  run: |
    echo "outdated: '${{ env.OUTDATED }}'"
    echo "ncu: '${{ env.NCU }}'"
    echo "update: '${{ env.UPDATE }}'"
    echo "markdown: '${{ env.MARKDOWN }}'"

Note: due to the way ${{}} expressions are evaluated, multi-line output gets executed in a run block.

JSON Schema

{
  "@package/name": {
    "current": "1.0.0",
    "wanted": "1.0.1",
    "latest": "2.0.0",
    "dependent": "npm-outdated-action",
    "location": "node_modules/name"
  }
}

More Output Examples Coming Soon...

Comment Options

latest: To disable reporting of latest and ONLY show wanted, set this to false.

heading: You can customize the heading or set to an empty string to remove it.

open: Set to false for sections to be closed (collapsed/not open) by default.

ncu: Set this to false to disable reporting the output of npx npm-check-updates.

update: Set this to false to disable reporting the output of npm update --dry-run.

link: Set this to false to use plain text for package names instead of hyperlinks.

exclude: Packages to ignore/omit when running checks; example @eslint/js,tsparticles.

fail: Set this to true to fail if updates are found to enforce this through status checks.

columns: Customize column visibility and order.
This must be a perfectly formatted CSV with any combination of these keys:

Default value: n,c,w,l

Key	Column	Description
n	Package Name	Name of Package
c	Current	Current Version
w	Wanted	Wanted Version
l	Latest	Latest Version
d	Dependent	Dependent Package
p	Location	Path of Package

👀 View the Column Map

const maps = {
  n: { align: 'l', col: 'Package Name' },
  c: { align: 'c', col: 'Current' },
  w: { align: 'c', col: 'Wanted' },
  l: { align: 'c', col: 'Latest' },
  d: { align: 'l', col: 'Dependent' },
  p: { align: 'l', col: 'Location' },
}

Comment Examples

Note: the examples are generated with no heading and default options.

🔷 Full Example Closed

---

npm outdated

Package Name	Current	Wanted	Latest
axios	1.8.3	1.8.4	-

npm-check-updates

 @eslint/js  ^9.20.0  →  ^9.22.0
 axios        ^1.8.3  →   ^1.8.4

npm update --dry-run

change undici 5.28.5 => 5.29.0
change axios 1.8.3 => 1.8.4
change @pkgr/core 0.1.1 => 0.1.2
change @octokit/types 13.8.0 => 13.10.0
change @octokit/openapi-types 23.0.1 => 24.2.0
change @octokit/core 5.2.0 => 5.2.1

changed 6 packages in 4s

32 packages are looking for funding
  run `npm fund` for details

---

🔷 Full Example Open

---

npm outdated

Package Name	Current	Wanted	Latest
axios	1.8.3	1.8.4	-

npm-check-updates

 @eslint/js  ^9.20.0  →  ^9.22.0
 axios        ^1.8.3  →   ^1.8.4

npm update --dry-run

change undici 5.28.5 => 5.29.0
change axios 1.8.3 => 1.8.4
change @pkgr/core 0.1.1 => 0.1.2
change @octokit/types 13.8.0 => 13.10.0
change @octokit/openapi-types 23.0.1 => 24.2.0
change @octokit/core 5.2.0 => 5.2.1

changed 6 packages in 4s

32 packages are looking for funding
  run `npm fund` for details

---

🔷 Only One Outdated Package

---

npm outdated

Package Name	Current	Wanted	Latest
npm-check-updates	17.1.15	17.1.16	-

npm-check-updates

 npm-check-updates  ^17.1.15  →  ^17.1.16

npm update --dry-run

change npm-check-updates 17.1.15 => 17.1.16

changed 1 package

---

🔷 After Everything Updated

---

✅ All packages are up-to-date.

---

Note: this only appears if a previous comment is edited and does not show up on a new PR with no outdated packages.

More Comment Examples Coming Soon...

Examples

💡 Click on an example heading to expand or collapse the example.

Custom Heading

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  continue-on-error: true
  with:
    heading: '**NPM Changelog**'

Remove Heading

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  continue-on-error: true
  with:
    heading: ''

This puts latest before current and adds dependent.

Fail Status Check if Outdated

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  with:
    fail: true

Custom Column Order

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  continue-on-error: true
  with:
    columns: 'n,l,c,w,d'

This puts latest before current and adds dependent.

Disable NCU Check

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  continue-on-error: true
  with:
    ncu: false

This puts latest before current and adds dependent.

Disable Update Check

- name: 'NPM Outdated Check'
  uses: cssnr/npm-outdated-action@master
  continue-on-error: true
  with:
    update: false

This puts latest before current and adds dependent.

Full Workflow Example

If you don't have a pull_request workflow already you can use this one.
Simply create a file called pull.yaml in the .github/workflows directory: .github/workflows/pull.yaml
Then add the below content to the file, save, commit, and create a PR...

name: 'Pull'

on:
  pull_request:

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  pull:
    name: 'Pull'
    runs-on: ubuntu-latest
    timeout-minutes: 5
    permissions:
      pull-requests: write

    steps:
      - name: 'Checkout'
        uses: actions/checkout@v4

      - name: 'NPM Outdated Check'
        uses: cssnr/npm-outdated-action@master

More Examples Coming Soon...

Tags

The following rolling tags are maintained.

Version Tag	Rolling	Bugs	Feat.	Name	Target	Example
	✅	✅	✅	Major	vN.x.x	vN
	✅	✅	❌	Minor	vN.N.x	vN.N
	❌	❌	❌	Micro	vN.N.N	vN.N.N

You can view the release notes for each version on the releases page.

The Major tag is recommended. It is the most up-to-date and always backwards compatible. Breaking changes would result in a Major version bump. At a minimum you should use a Minor tag.

Support

If you run into any issues or need help getting started, please do one of the following:

• Report an Issue
• Q&A Discussion
• Request a Feature
• Chat with us on Discord

Contributing

If you would like to submit a PR, please review the CONTRIBUTING.md.

Please consider making a donation to support the development of this project and additional open source projects.

Additionally, you can support other GitHub Actions I have published:

• Stack Deploy Action
• Portainer Stack Deploy Action
• Docker Context Action
• AI Issue Action
• Actions Up Action
• Webstore Publish Action
• Rhysd Actionlint Action
• Zensical Action
• VirusTotal Action
• Homebrew Action
• Mirror Repository Action
• Update Version Tags Action
• Docker Tags Action
• TOML Action
• Update JSON Value Action
• JSON Key Value Check Action
• Parse Issue Form Action
• Cloudflare Purge Cache Action
• Mozilla Addon Update Action
• Package Changelog Action
• NPM Outdated Check Action
• Label Creator Action
• Algolia Crawler Action
• Create Pull Action
• Upload Release Action
• Check Build Action
• Web Request Action
• Get Commit Action

❔ Unpublished Actions

These actions are not published on the Marketplace, but may be useful.

• cssnr/create-files-action - Create various files from templates.
• cssnr/draft-release-action - Keep a draft release ready to publish.
• cssnr/env-json-action - Convert env file to json or vice versa.
• cssnr/push-artifacts-action - Sync files to a remote host with rsync.
• smashedr/update-release-notes-action - Update release notes.
• smashedr/combine-release-notes-action - Combine release notes.
• smashedr/openai-translate-action - OpenAI translate action.

---

📝 Template Actions

These are basic action templates that I use for creating new actions.

• javascript-action - JavaScript
• typescript-action - TypeScript
• py-test-action - Dockerfile Python
• test-action-uv - Dockerfile Python UV
• docker-test-action - Docker Image Python

Note: The docker-test-action builds, runs and pushes images to GitHub Container Registry.

---

For a full list of current projects visit: https://cssnr.github.io/