Some perils of `npm outdated ...`

perils.md

npm outdated with the -j option is just returning a single outdated info block out of a possible many, and it is not a stable selection from that possible set. See:

[16:00:50 trentm@pink:~/el/my-project/packages/foo]
% npm outdated @opentelemetry/resources
Package                   Current  Wanted  Latest  Location                               Depended by
@opentelemetry/resources   1.20.0  1.20.0  1.21.0  node_modules/@opentelemetry/resources  @opentelemetry/sdk-metrics
@opentelemetry/resources   1.20.0  1.21.0  1.21.0  node_modules/@opentelemetry/resources  foo@npm:@elastic/[email protected]

[16:00:54 trentm@pink:~/el/my-project/packages/foo]
% npm outdated @opentelemetry/resources
Package                   Current  Wanted  Latest  Location                               Depended by
@opentelemetry/resources   1.20.0  1.21.0  1.21.0  node_modules/@opentelemetry/resources  foo@npm:@elastic/[email protected]
@opentelemetry/resources   1.20.0  1.20.0  1.21.0  node_modules/@opentelemetry/resources  @opentelemetry/sdk-metrics

[16:00:59 trentm@pink:~/el/my-project/packages/foo]
% npm outdated @opentelemetry/resources -j
{
  "@opentelemetry/resources": {
    "current": "1.20.0",
    "wanted": "1.20.0",
    "latest": "1.21.0",
    "dependent": "@opentelemetry/sdk-metrics",
    "location": "/Users/trentm/el/my-project/node_modules/@opentelemetry/resources"
  }
}
[16:01:04 trentm@pink:~/el/my-project/packages/foo]
% npm outdated @opentelemetry/resources -j
{
  "@opentelemetry/resources": {
    "current": "1.20.0",
    "wanted": "1.21.0",
    "latest": "1.21.0",
    "dependent": "foo",
    "location": "/Users/trentm/el/my-project/node_modules/@opentelemetry/resources"
  }
}

Two calls, different results. Sigh. So... using -j for scripting is fraught. The "parseable" output with -p is a little painful:

% npm outdated @opentelemetry/resources -p
/Users/trentm/el/my-project/node_modules/@opentelemetry/resources:@opentelemetry/[email protected]:@opentelemetry/[email protected]:@opentelemetry/[email protected]:foo
/Users/trentm/el/my-project/node_modules/@opentelemetry/resources:@opentelemetry/[email protected]:@opentelemetry/[email protected]:@opentelemetry/[email protected]:@opentelemetry/sdk-metrics

What tells us that that first line ending with ...:foo is about the @myorg/foo package in this "packages/foo" directory, and not about some public npm package called "foo"?!

Resorting to parsing the regular output (i.e. without '-j' or '-p') is perhaps fraught. Future versions could change the columns and order of columns.

For the record, I've been using these versions for this:

% node --version
v18.18.2
% npm --version
9.8.1

I realize there is an npm@10 now. I haven't tried with npm@10.

Trying more recently with node 20 / npm 10:

% node-select 20
Now using node v20.16.0 (npm v10.8.1)

the npm outdated --json ... output now includes an array for each dep. For example:

1. with the older npm 9:

[10:51:16 trentm@peach:~/tm/opentelemetry-js-contrib2/packages/opentelemetry-test-utils (git:main rv:1)]
% npm outdated --json @opentelemetry/core @opentelemetry/exporter-jaeger @opentelemetry/instrumentation @opentelemetry/otlp-transformer @opentelemetry/resources @opentelemetry/sdk-metrics @opentelemetry/sdk-node @opentelemetry/sdk-trace-base @opentelemetry/sdk-trace-node @opentelemetry/semantic-conventions @opentelemetry/api
{
  "@opentelemetry/instrumentation": {
    "current": "0.54.0",
    "wanted": "0.54.0",
    "latest": "0.54.2",
    "dependent": "@opentelemetry/sdk-node",
    "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/instrumentation"
  },
  "@opentelemetry/otlp-transformer": {
    "current": "0.54.0",
    "wanted": "0.54.0",
    "latest": "0.54.2",
    "dependent": "@opentelemetry/otlp-exporter-base",
    "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
  },
  "@opentelemetry/sdk-node": {
    "current": "0.54.0",
    "wanted": "0.54.2",
    "latest": "0.54.2",
    "dependent": "opentelemetry-test-utils",
    "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/sdk-node"
  }
}

2. with the newer npm 10

% npm outdated --json @opentelemetry/core @opentelemetry/exporter-jaeger @opentelemetry/instrumentation @opentelemetry/otlp-transformer @opentelemetry/resources @opentelemetry/sdk-metrics @opentelemetry/sdk-node @opentelemetry/sdk-trace-base @opentelemetry/sdk-trace-node @opentelemetry/semantic-conventions @opentelemetry/api
{
  "@opentelemetry/instrumentation": [
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/sdk-node",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/instrumentation"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.2",
      "latest": "0.54.2",
      "dependent": "opentelemetry-test-utils",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/instrumentation"
    }
  ],
  "@opentelemetry/otlp-transformer": [
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/exporter-logs-otlp-grpc",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/exporter-logs-otlp-http",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/exporter-logs-otlp-proto",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/exporter-trace-otlp-grpc",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/exporter-trace-otlp-http",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/exporter-trace-otlp-proto",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/otlp-exporter-base",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.0",
      "latest": "0.54.2",
      "dependent": "@opentelemetry/otlp-grpc-exporter-base",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    },
    {
      "current": "0.54.0",
      "wanted": "0.54.2",
      "latest": "0.54.2",
      "dependent": "opentelemetry-test-utils",
      "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/otlp-transformer"
    }
  ],
  "@opentelemetry/sdk-node": {
    "current": "0.54.0",
    "wanted": "0.54.2",
    "latest": "0.54.2",
    "dependent": "opentelemetry-test-utils",
    "location": "/Users/trentm/tm/opentelemetry-js-contrib2/node_modules/@opentelemetry/sdk-node"
  }
}