Workflow: node-upgrade-workflow
This skill guides you through the process of safely upgrading Node.js dependencies. It supports multiple package managers by detecting the project's lockfile.
Prerequisites
Before starting, ensure:
- • Node.js is installed.
- • A
package.jsonfile exists in the project root. - • One of the following lockfiles exists:
- •
pnpm-lock.yaml(pnpm) - •
yarn.lock(yarn) - •
bun.lockb(bun) - •
package-lock.json(npm)
- •
- • The current test suite is passing.
Steps
1. Detection & Preparation
- •Identify Package Manager:
- •Check for lockfiles in this priority:
pnpm-lock.yaml,yarn.lock,bun.lockb,package-lock.json. - •Set the
PM_COMMANDbased on the detected manager (e.g.,npm,pnpm,yarn,bun).
- •Check for lockfiles in this priority:
- •Health Check:
- •Run the audit command:
- •npm:
npm audit - •pnpm:
pnpm audit - •yarn:
yarn audit(v1) oryarn npm audit(v2+) - •bun:
bun audit
- •npm:
- •Run the test suite:
${PM_COMMAND} test. - •Verification: If tests fail, do not proceed until the baseline is fixed.
- •Run the audit command:
- •Back up Files:
- •
cp package.json package.json.bak - •Backup the lockfile (e.g.,
cp pnpm-lock.yaml pnpm-lock.yaml.bak). - •Verification: Check that backup files exist.
- •
2. Execution
Choose one of the following upgrade paths based on the detected manager:
| Manager | Path | Command |
|---|---|---|
| npm | Full (Semver) | npm update |
| Targeted (Latest) | npm install <package>@latest | |
| pnpm | Full (Semver) | pnpm update |
| Full (Latest) | pnpm update --latest | |
| Targeted | pnpm update <package> | |
| yarn | Full (Semver) | yarn upgrade (v1) |
| Full (Latest) | yarn upgrade --latest (v1) or yarn up (v2+) | |
| Targeted | yarn upgrade <package> (v1) or yarn up <package> (v2+) | |
| bun | Full (Semver) | bun update |
| Full (Latest) | bun update --latest | |
| Targeted | bun add <package>@latest |
Note: For yarn v2+, use yarn up -i for interactive upgrades if possible.
3. Validation
- •Verify Updates:
- •Check the lockfile for changes.
- •Run Tests:
- •Run the test suite:
${PM_COMMAND} test. - •Verification: Ensure all tests pass with the upgraded dependencies.
- •Run the test suite:
4. Finalization
- •Cleanup:
- •If validations pass, remove backups:
rm package.json.bak <lockfile>.bak.
- •If validations pass, remove backups:
- •Commit Changes:
- •Commit
package.jsonand the lockfile.
- •Commit
Rollback / Failure Handling
If any step fails:
- •Restore Files:
- •
mv package.json.bak package.json - •
mv <lockfile>.bak <lockfile>
- •
- •Re-install:
- •Run
${PM_COMMAND} installto ensure the environment matches the restored state.
- •Run
- •Report Failure:
- •Provide failure logs and list the packages that were being upgraded.