feat(pacquet): implement the outdated command#12112
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (12)
✅ Files skipped from review due to trivial changes (2)
🚧 Files skipped from review as they are similar to previous changes (9)
📜 Recent review details⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
🧰 Additional context used📓 Path-based instructions (1)pacquet/**/Cargo.toml📄 CodeRabbit inference engine (pacquet/AGENTS.md)
Files:
🔇 Additional comments (1)
📝 WalkthroughWalkthroughImplements ChangesOutdated subcommand and homepage metadata
Sequence DiagramsequenceDiagram
participant CLI
participant OutdatedArgs
participant collect_outdated
participant ThrottledClient
participant Registry
participant Lockfile
CLI->>OutdatedArgs: run()
OutdatedArgs->>Lockfile: read root importer versions
OutdatedArgs->>collect_outdated: collect_outdated(...)
collect_outdated->>ThrottledClient: fetch packuments concurrently
ThrottledClient->>Registry: HTTP requests
Registry-->>ThrottledClient: packuments
collect_outdated->>collect_outdated: resolve_target, filter newer/deprecated
collect_outdated-->>OutdatedArgs: Vec<OutdatedPackage>
OutdatedArgs->>CLI: render (table/list/json)
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #12112 +/- ##
==========================================
+ Coverage 87.17% 87.34% +0.17%
==========================================
Files 254 255 +1
Lines 28426 28703 +277
==========================================
+ Hits 24779 25072 +293
+ Misses 3647 3631 -16 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Micro-Benchmark ResultsLinux |
Integrated-Benchmark Report (Linux)Scenario: Isolated linker: fresh restore, cold cache + cold store
BENCHMARK_REPORT.json{
"results": [
{
"command": "pacquet@HEAD",
"mean": 2.15008847214,
"stddev": 0.09040705335963342,
"median": 2.11027879504,
"user": 2.7342133599999996,
"system": 3.514403599999999,
"min": 2.05918090504,
"max": 2.31761110304,
"times": [
2.06240476704,
2.05918090504,
2.09331690904,
2.23930631204,
2.0733968520399997,
2.10018102904,
2.12037656104,
2.31761110304,
2.21633520504,
2.2187750780399997
]
},
{
"command": "pacquet@main",
"mean": 2.1368505555399997,
"stddev": 0.04478877259710517,
"median": 2.1313691225399998,
"user": 2.71175406,
"system": 3.454026999999999,
"min": 2.0762586060399997,
"max": 2.20873432504,
"times": [
2.13711503704,
2.14241051004,
2.09858343204,
2.0934390280399997,
2.0762586060399997,
2.11181626204,
2.12562320804,
2.20873432504,
2.18693250604,
2.1875926410399997
]
}
]
}Scenario: Isolated linker: fresh restore, hot cache + hot store
BENCHMARK_REPORT.json{
"results": [
{
"command": "pacquet@HEAD",
"mean": 0.67174581224,
"stddev": 0.031071914836157382,
"median": 0.6646347167400001,
"user": 0.38101576000000004,
"system": 1.3454966999999998,
"min": 0.65273868574,
"max": 0.7587942067400001,
"times": [
0.7587942067400001,
0.6649183997400001,
0.66435103374,
0.66886856374,
0.6666676367400001,
0.6594999907400001,
0.6550479047400001,
0.65273868574,
0.65863847074,
0.66793322974
]
},
{
"command": "pacquet@main",
"mean": 0.6742771764400001,
"stddev": 0.021003273281374232,
"median": 0.66868507574,
"user": 0.37657295999999996,
"system": 1.3561182999999999,
"min": 0.6496446427400001,
"max": 0.7194066517400001,
"times": [
0.7194066517400001,
0.6709285797400001,
0.66504513174,
0.6496446427400001,
0.6571770797400001,
0.67672867274,
0.6622909357400001,
0.6664415717400001,
0.67387376574,
0.70123473274
]
}
]
}Scenario: Isolated linker: fresh install, cold cache + cold store
BENCHMARK_REPORT.json{
"results": [
{
"command": "pacquet@HEAD",
"mean": 2.4358166167800004,
"stddev": 0.046332862088036254,
"median": 2.4415221765800004,
"user": 3.9207568000000004,
"system": 3.2140056800000005,
"min": 2.35404357708,
"max": 2.50605716608,
"times": [
2.37570119508,
2.46220603208,
2.35404357708,
2.4124185020800004,
2.48111095008,
2.45334300408,
2.45548056308,
2.42970134908,
2.4281038290800003,
2.50605716608
]
},
{
"command": "pacquet@main",
"mean": 2.41144689688,
"stddev": 0.03594347547777449,
"median": 2.4135026600800003,
"user": 3.9371422000000003,
"system": 3.20774598,
"min": 2.34533075108,
"max": 2.4499523460800003,
"times": [
2.41079253508,
2.44698909808,
2.43099233608,
2.4162127850800004,
2.36195213408,
2.4499523460800003,
2.39451714108,
2.4093476330800003,
2.44838220908,
2.34533075108
]
}
]
}Scenario: Isolated linker: fresh install, hot cache + hot store
BENCHMARK_REPORT.json{
"results": [
{
"command": "pacquet@HEAD",
"mean": 1.5903830150199998,
"stddev": 0.027810369503833768,
"median": 1.58875919172,
"user": 1.8060878799999998,
"system": 1.8789392999999996,
"min": 1.54081222472,
"max": 1.6434831527199998,
"times": [
1.5786715537199998,
1.59302600772,
1.5844923757199998,
1.6434831527199998,
1.6080762097199999,
1.56745628372,
1.60956232772,
1.60127661772,
1.54081222472,
1.57697339672
]
},
{
"command": "pacquet@main",
"mean": 1.58798941722,
"stddev": 0.045686957887831676,
"median": 1.5685175122200001,
"user": 1.78369818,
"system": 1.8914244,
"min": 1.5443661337199999,
"max": 1.6638713007200001,
"times": [
1.60645459772,
1.6618572807199998,
1.55019348472,
1.6638713007200001,
1.61074582772,
1.5443661337199999,
1.5466340427199998,
1.56320198872,
1.55873647972,
1.57383303572
]
}
]
} |
|
| Branch | pr/12112 |
| Testbed | pacquet |
Click to view all benchmark results
| Benchmark | Latency | Benchmark Result milliseconds (ms) (Result Δ%) | Upper Boundary milliseconds (ms) (Limit %) |
|---|---|---|---|
| isolated-linker.fresh-install.cold-cache.cold-store | 📈 view plot 🚷 view threshold | 2,435.82 ms(+3.23%)Baseline: 2,359.56 ms | 2,831.47 ms (86.03%) |
| isolated-linker.fresh-install.hot-cache.hot-store | 📈 view plot 🚷 view threshold | 1,590.38 ms(+4.38%)Baseline: 1,523.71 ms | 1,828.45 ms (86.98%) |
| isolated-linker.fresh-restore.cold-cache.cold-store | 📈 view plot 🚷 view threshold | 2,150.09 ms(+2.86%)Baseline: 2,090.30 ms | 2,508.35 ms (85.72%) |
| isolated-linker.fresh-restore.hot-cache.hot-store | 📈 view plot 🚷 view threshold | 671.75 ms(+0.65%)Baseline: 667.43 ms | 800.91 ms (83.87%) |
8ed9ace to
7d40fe7
Compare
Review Summary by QodoImplement
WalkthroughsDescription• Implement pacquet outdated command to report direct dependencies with newer versions available • Share outdated detection core with update --interactive via collect_outdated and TargetVersion enum • Support --compatible, --long, --format table|list|json, -P/--prod, -D/--dev, --no-optional, --sort-by name flags • Add table/list/JSON rendering with color support; exit code 1 when outdated dependencies found • Port 10 unit tests and 14 integration tests from pnpm's outdated command Diagramflowchart LR
manifest["Package Manifest"]
lockfile["Lockfile"]
registry["Registry"]
manifest -- "dependencies" --> collect["collect_outdated"]
lockfile -- "current versions" --> collect
registry -- "target versions" --> collect
collect -- "OutdatedPackage list" --> render["Render Output"]
render -- "table|list|json" --> stdout["stdout"]
update_interactive["update --interactive"] -.->|reuses| collect
outdated_cmd["outdated command"] -.->|uses| collect
File Changes1. pacquet/crates/cli/src/cli_args.rs
|
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Implements pacquet outdated, porting pnpm’s behavior to report direct dependencies that have newer (or deprecated) registry versions and exit with code 1 when any are found.
Changes:
- Adds
outdatedsubcommand with shared collection logic reused byupdate --interactive. - Introduces rendering in table/list/json formats plus dependency-group filtering and pattern matching.
- Extends registry
Packagemetadata with optionalhomepagefor--longdetails and adds integration/unit tests.
Reviewed changes
Copilot reviewed 12 out of 13 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| pacquet/crates/registry/src/package.rs | Adds optional homepage field to Package for outdated --long details. |
| pacquet/crates/resolving-npm-resolver/src/pick_package_from_meta.rs | Propagates homepage when filtering/cloning package metadata. |
| pacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rs | Preserves homepage when projecting trusted Package metadata. |
| pacquet/crates/resolving-npm-resolver/src/pick_package_from_meta/tests.rs | Updates test package constructor to include homepage: None. |
| pacquet/crates/registry/src/package/tests.rs | Updates test package constructor to include homepage: None. |
| pacquet/crates/cli/src/cli_args/outdated.rs | Adds outdated command implementation, formatting, sorting, and shared collector. |
| pacquet/crates/cli/src/cli_args/outdated/tests.rs | Adds unit tests for sorting/classification/rendering/JSON shape. |
| pacquet/crates/cli/src/cli_args/update_interactive.rs | Refactors interactive update to reuse shared collect_outdated logic. |
| pacquet/crates/cli/src/cli_args.rs | Wires new Outdated subcommand into CLI dispatch. |
| pacquet/crates/cli/tests/outdated.rs | Adds integration tests for pacquet outdated against mocked registry. |
| pacquet/crates/cli/Cargo.toml | Adds owo-colors and tabled dependencies for output rendering. |
| Cargo.toml | Adds workspace dependencies for owo-colors and tabled. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
pacquet/crates/cli/src/cli_args/outdated.rs (1)
429-442: 💤 Low valueConsider semantic version comparison for the tertiary sort key.
Line 439 compares versions as strings, which gives lexicographic ordering (
"1.9.0" > "1.10.0"). While this tiebreaker rarely triggers in practice (same name + same change priority would require duplicate manifest entries), usingVersion'sOrdimpl would be semantically correct.♻️ Suggested fix
None => outdated.sort_by(|left, right| { let by_change = change_priority(classify(&left.current, &left.target)) .cmp(&change_priority(classify(&right.current, &right.target))); by_change .then_with(|| left.package_name.cmp(&right.package_name)) - .then_with(|| left.current.to_string().cmp(&right.current.to_string())) + .then_with(|| left.current.cmp(&right.current)) }),🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@pacquet/crates/cli/src/cli_args/outdated.rs` around lines 429 - 442, The tertiary sort currently compares versions as strings in sort_outdated (function) which yields lexicographic ordering; change the tertiary comparator to use the Version Ord impl by comparing left.current and right.current directly (e.g., replace the left.current.to_string().cmp(&right.current.to_string()) comparison with left.current.cmp(&right.current)) so semantic version ordering is used; keep the rest of the chain (change_priority/classify and package_name) unchanged.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@pacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rs`:
- Line 866: The project_trust_meta projection currently includes the homepage
field (the line homepage: meta.homepage.clone()), which is unnecessary for trust
verification and increases memory usage; remove that field from the projection
in the project_trust_meta function so the returned trust-meta only contains the
fields used by fail_if_trust_downgraded (name, per-version time map, and trust
evidence), then run tests/compile to ensure no other code depends on
meta.homepage in that projection.
---
Nitpick comments:
In `@pacquet/crates/cli/src/cli_args/outdated.rs`:
- Around line 429-442: The tertiary sort currently compares versions as strings
in sort_outdated (function) which yields lexicographic ordering; change the
tertiary comparator to use the Version Ord impl by comparing left.current and
right.current directly (e.g., replace the
left.current.to_string().cmp(&right.current.to_string()) comparison with
left.current.cmp(&right.current)) so semantic version ordering is used; keep the
rest of the chain (change_priority/classify and package_name) unchanged.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 5a7744c8-76fb-4f47-88eb-919209d72296
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (12)
Cargo.tomlpacquet/crates/cli/Cargo.tomlpacquet/crates/cli/src/cli_args.rspacquet/crates/cli/src/cli_args/outdated.rspacquet/crates/cli/src/cli_args/outdated/tests.rspacquet/crates/cli/src/cli_args/update_interactive.rspacquet/crates/cli/tests/outdated.rspacquet/crates/registry/src/package.rspacquet/crates/registry/src/package/tests.rspacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rspacquet/crates/resolving-npm-resolver/src/pick_package_from_meta.rspacquet/crates/resolving-npm-resolver/src/pick_package_from_meta/tests.rs
✅ Files skipped from review due to trivial changes (1)
- pacquet/crates/resolving-npm-resolver/src/pick_package_from_meta/tests.rs
🚧 Files skipped from review as they are similar to previous changes (9)
- pacquet/crates/registry/src/package/tests.rs
- pacquet/crates/resolving-npm-resolver/src/pick_package_from_meta.rs
- pacquet/crates/registry/src/package.rs
- pacquet/crates/cli/src/cli_args.rs
- Cargo.toml
- pacquet/crates/cli/src/cli_args/update_interactive.rs
- pacquet/crates/cli/src/cli_args/outdated/tests.rs
- pacquet/crates/cli/Cargo.toml
- pacquet/crates/cli/tests/outdated.rs
📜 Review details
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)
- GitHub Check: Lint and Test (macos-latest)
- GitHub Check: Lint and Test (ubuntu-latest)
- GitHub Check: Lint and Test (windows-latest)
- GitHub Check: Dylint
- GitHub Check: Run benchmark on ubuntu-latest
- GitHub Check: Analyze (javascript)
- GitHub Check: Code Coverage
- GitHub Check: Run benchmark on ubuntu-latest
- GitHub Check: Compile & Lint
🧰 Additional context used
📓 Path-based instructions (1)
pacquet/**/*.rs
📄 CodeRabbit inference engine (pacquet/AGENTS.md)
pacquet/**/*.rs: Log emissions are part of matching pnpm — when porting a function that firespnpm:<channel>events throughglobalLogger,logger.debug(...), orstreamParser.write(...), mirror the call site, payload, and ordering so@pnpm/cli.default-reporterparses pacquet's NDJSON the same way
Declare a newtype wrapper for branded string types instead of collapsing the brand into a plainStringor&strin Rust
If upstream TypeScript always validates before construction of a branded string, validate in the Rust wrapper too viaTryFrom<String>and/orFromStrand do not provide an infallible public constructor
If upstream TypeScript never validates a branded string, just brand for type-safety in Rust by exposing an infallibleFrom<String>constructor
If upstream TypeScript occasionally constructs a branded string without validation, exposefrom_str_uncheckedin Rust as an escape hatch alongside the validating constructor
Match upstream serde behavior for branded strings crossing JSON, YAML, or INI boundaries by using#[serde(try_from = "String")]for deserialization and#[serde(into = "String")]for serialization
Derive simple conversions for branded strings using#[derive(derive_more::From)]and#[derive(derive_more::Into)]instead of handwritingimplblocks; use manualimplonly when conversion needs custom logic
Model TypeScript string literal unions (like'auto' | 'always' | 'never') as Rustenums instead of newtype wrappers, since the set of valid values is closed
Treat TypeScript string template literal types (like`${string}@${string}`) the same as branded string types in Rust, using a newtype wrapper with validation
Follow the code style guide inCODE_STYLE_GUIDE.md— imports, modules, naming, ownership and borrowing, parameter type selection, trait bounds, pattern matching,pipe-trait, error handling, test layout, and cloning ofArcandRc
Choose owned vs. borrowed parameters to minimize copies; widen to t...
Files:
pacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rspacquet/crates/cli/src/cli_args/outdated.rs
🧠 Learnings (3)
📚 Learning: 2026-05-20T19:40:55.051Z
Learnt from: zkochan
Repo: pnpm/pnpm PR: 11774
File: pacquet/crates/resolving-deps-resolver/src/resolve_peers.rs:0-0
Timestamp: 2026-05-20T19:40:55.051Z
Learning: In the pacquet Rust code, ensure the semver implementation uses the `node-semver` crate (not `nodejs-semver`). `node-semver`’s public API does not include a `satisfies_with_prerelease`-style method; prerelease-tolerant matching should be implemented inline by first calling `Range::satisfies`, and when it rejects a prerelease version, retry matching against a stripped `MAJOR.MINOR.PATCH` base of the prerelease version.
Applied to files:
pacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rspacquet/crates/cli/src/cli_args/outdated.rs
📚 Learning: 2026-05-22T00:08:44.646Z
Learnt from: zkochan
Repo: pnpm/pnpm PR: 11837
File: pacquet/crates/resolving-npm-resolver/src/pick_package.rs:33-51
Timestamp: 2026-05-22T00:08:44.646Z
Learning: In the pnpm/pnpm repo’s pacquet Rust crates, do not flag Unicode ellipsis characters (U+2026, `…`) in Rust doc comments (`///` / `/** */`) as a lint violation. The pacquet crate’s `dylint.toml` only enables `perfectionist::derive_ordering`, and the Dylint `unicode-ellipsis` rule is not enabled for this project—so `…` in doc comments is an intentional, repo-consistent style.
Applied to files:
pacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rspacquet/crates/cli/src/cli_args/outdated.rs
📚 Learning: 2026-05-20T23:07:58.444Z
Learnt from: zkochan
Repo: pnpm/pnpm PR: 11784
File: pacquet/crates/resolving-deps-resolver/src/hoist_peers.rs:120-133
Timestamp: 2026-05-20T23:07:58.444Z
Learning: When reviewing code in this pacquet Rust port, follow the upstream pnpm compatibility rule: only match pnpm’s behavior exactly. Do not propose review changes that intentionally deviate from pnpm’s documented/observed behavior, even if pnpm appears buggy. If you identify a real bug in pnpm behavior, the review should prioritize fixing it upstream in pnpm first, and avoid implementing a pnpm-behavior workaround here unless the same fix has already landed upstream.
Applied to files:
pacquet/crates/resolving-npm-resolver/src/create_npm_resolution_verifier.rspacquet/crates/cli/src/cli_args/outdated.rs
🔇 Additional comments (8)
pacquet/crates/cli/src/cli_args/outdated.rs (8)
1-36: LGTM!
38-89: LGTM!
97-154: LGTM!
156-196: LGTM!
198-305: LGTM!
307-389: LGTM!
444-575: LGTM!
577-619: LGTM!
Port pnpm's `outdated` command to pacquet. It reports direct dependencies whose latest published version (or highest in-range version under `--compatible`) is newer than the lockfile-pinned version, and exits non-zero when any is found. The detection core is shared with `update --interactive` via `collect_outdated` / `OutdatedQuery` / `TargetVersion`; the two callers differ only in which registry version they compare against. Packuments are fetched concurrently (`futures::join_all`), mirroring pnpm's `Promise.all`, bounded by the HTTP client's concurrency limit. Supports `--compatible`, `--long`, `--format table|list|json` (with `--no-table` / `--json` shorthands), `-P/--prod`, `-D/--dev`, `--no-optional`, `--sort-by name`, and name-pattern arguments. `--global` and `--recursive` are rejected, matching `pacquet update`. A dependency-free manifest reports empty (exit 0) before the no-lockfile check, matching pnpm's `packageHasNoDeps` short-circuit. `OutdatedArgs::run` returns an outcome; the single process exit lives in the top-level CLI dispatch. The semver-change classifier matches `@pnpm/semver-diff`: equal versions are `None`, a prerelease-only difference is `unknown` (sorts last), and major/minor/patch differences are breaking/feature/fix. Table output uses `tabled` (Style::modern matches pnpm's full-grid borders) and `owo-colors` (auto-disables on non-TTY like chalk). Ports the translatable pnpm outdated tests (detection, render-latest, format/list/json, prod-dev filtering, npm alias, deprecation, no-deps/no-lockfile). minimumReleaseAge, ignoreDependencies, catalog protocol, global, recursive listing, and runtime deps are deferred with the surrounding features.
What
Ports pnpm's
outdatedcommand to pacquet. It reports the direct dependencies whose newest published version (or highest in-range version under--compatible) is newer than the lockfile-pinned version, and exits with code1when any outdated dependency is found.This widens pacquet's command surface beyond
install/add/update/remove.How
collect_outdated/OutdatedQuery/TargetVersioninpacquet/crates/cli/src/cli_args/outdated.rs. This is shared withupdate --interactive, which already computed the same "what has a newer version" list inline; that code now calls the shared collector. The two callers differ only in theTargetVersionthey compare against (outdated→latesttag / highest in-range under--compatible;update→ the version a bump moves to). Packument fetches fan out concurrently viafutures::join_all, mirroring pnpm'sPromise.all(bounded by the HTTP client's per-registry concurrency limit).--compatible,--long,--format table|list|json(plus--no-table/--jsonshorthands),-P/--prod(--production),-D/--dev,--no-optional(following pnpm'sonly-normalization include-set),--sort-by name(default sort is by semver-change size then name), and positional name patterns (@pnpm/config.matcher).OutdatedArgs::runreturns anOutdatedOutcome; the singleprocess::exit(1)lives in the top-level CLI dispatch, keeping the command composable.--globaland--recursiveare rejected with a "not supported yet" message, matchingpacquet update(single-project scope).packageHasNoDepsbehavior so an empty, never-installed project doesn't error.tabled(Style::modern()reproduces pnpm's@zkochan/tablefull-grid borders) andowo-colors(auto-disables on non-TTY, like chalk, so piped/JSON output is escape-free). Both are MIT (allowed bydeny.toml). JSON output is keyed by package name withcurrent/latest/wanted/isDeprecated/dependencyType(+latestManifestunder--long), matching pnpm'srenderOutdatedJSON.homepagefield to the registryPackagefor the--longdetails column.Parity notes / scope
pacquet loads a single (wanted) lockfile, so
current == wantedand pnpm's "missing (wanted X)" state does not arise.OUTDATED_NO_LOCKFILEis raised when a manifest declares dependencies but no lockfile exists. Deprecated-but-current packages are still reported.Deferred with their surrounding features (not yet ported to pacquet), each tracked by an upstream test that does not yet translate:
--longhomepage needs full registry metadata; the abbreviated fetch omits it, so it appears only when the registry serves it (deprecation details work fully).minimumReleaseAge/minimumReleaseAgeExclude,pnpm.updateConfig.ignoreDependencies,catalog:protocol replacement,-g/global packages, recursive workspace listing, andruntime:(node/deno/bun) dependencies.Tests
Ported the translatable pnpm
outdatedtests (deps/inspection/outdated/test/*anddeps/inspection/commands/test/outdated/*):--prod/--dev/--no-optional), default sort order,renderLatest(deprecated / not), and JSON shape (with/without--long).--compatiblediscrimination, JSON, JSON-empty{}, list (--no-table) format, up-to-date → exit 0, name-pattern filter, prod/dev filtering, npm-alias real-name reporting, deprecated package,--longdeprecation details, no-deps/no-lockfile → empty exit 0, no-lockfile-with-deps error, and--recursiverejection.No changeset (pacquet-only change).
Written by an agent (Claude Code, claude-opus-4-8).
Summary by CodeRabbit
pacquet outdated(table, list, or JSON) with semver-diff colorization and deprecation/homepage details in long mode.pacquet update --interactivecan source outdated candidates for selection; supports name filtering and prod/dev scopes.