Is this logic considered best practice for new installation of NR, specific to package handling?
install NR (via official script)
npm install (load from package.json)
npm list --depth 0 (just packages)
npm outdated (itemize updates available)
npm install npm@latest
npm outdated (not required but provides QA check)
My thinking is npm rebuild is not needed, since this is a clean image as the starting point for NR install, i.e. the NR install script just ran.
The odd thing is, npm install npm@latest did not seem to update any of the individual packages listed as outdated? So I missed something? I tried npm update npm@latest as well, but still no joy. However npm install package@latest did work. So how to do an inclusive update of all installed packages to latest as listed by outdated?
I write a simple bash script to parse the outdated list and explicitly install latest for each package, but was thinking there was a more elegant method native to npm?
npm installs and updates take into account the version specification in the package.json file. Typically this means that an npm update command will update everything to the latest minor version within a specific major version. npm outdated indicates what it will and won't update using colour.
This is because a major version change is likely to have breaking changes and therefore it is potentially dangerous to do blind. But if you are totally sure it is OK, you can change the package.json file so that the version specs all contain *. Though you would need to do that whenever a new node was installed as well.
Would only update npm itself of course, nothing else.
As Nick says, this will always work as it ignores the version spec in package.json.
Again, the reason it will never do this is because you need to apply some intelligence when upgrading past major version boundaries.
If you want to force this without changes to package.json, it would be easier to write a JavaScript script to read the package.json, extract the package names and loop through them to issue install commands. Best to run npm in an OS shell though, I don't recommend trying to use the npm API as it isn't stable. Once written, add a script to the package.json file to run it using node.js.
I also saw references to ncu... but was thinking I did not want to add yet another tool or so, to my environment... nothing against ncu or npm-check-updates for that matter... just figured my script works.
That is of course your prerogative but for the record, 254,307 downloads per week, updated 5 days ago, 266 versions would give me some confidence its not a fly by night & is fairly battle hardened
Doing such in JavaScript is not a bad idea... I happen to script it in Python because it was quick and easy, I just grab the outdated list, parse it, and then loop calling install. Since this is used to 'seed' the packages on a clean image, pretty much a known animal. Since only create new baseline images once in a while, I do find a few things outdated. Really this is, just so when I drop the flows file into place on the clean image, they work without issue... baring any updates break, which I test anyway for. If I was updating an existing environment, definitely would need some intelligence to the process for sure. At some point, I will do the package deployment via Ansible.
One of the reasons for suggesting the use of Node.js is that it integrates with npm and lets you use the script cross-platform and run it direct from npm. Also, JS handles JSON data well - but of course, Python will work as well in environments where it is in use