Skip to content
Syncpack
This documentation is for v14 and up, the docs for v13 are archived.

What's New

Range Only version group 15.3.0

semverRangeOnly enforces a consistent semver range prefix (^, ~, exact) across instances without syncing the version numbers themselves.

Update summary lists only accepted updates 15.3.0

The summary printed after choosing updates to apply using syncpack update --interactive now lists only the updates you actually applied, rather than every candidate found.

Optionally override autofix per status code 15.2.0

The severity map on a version group lets you disable autofixing on a per-status code basis, and instead error or warn.

.syncpackrc.json
{
  "versionGroups": [
    {
      "dependencies": ["lodash"],
      "isBanned": true,
      "severity": { "IsBanned": "warn" },
    },
  ],
}

Extend source patterns instead of replacing 15.2.0

A new sourceMode option (and --source-mode flag) can override the default of "replace" to use "extend" to append your package.json glob patterns to those discovered from workspaces / pnpm-workspace.yaml / lerna.json.

Non-package.json files as sources 15.2.0

A fairly niche feature request, but the source option now accepts other .json filenames than package.json when explicitly listed. Some bugs with Glob and gitignore matching were also fixed in this release.

Update Groups 15.1.1

updateGroups control how and whether various parts of your monorepo should be updated from the npm registry. See Targeted and Ignored.

.syncpackrc.json
{
  "updateGroups": [
    { "dependencies": ["storybook", "@storybook/**"], "target": "patch" },
    { "dependencyTypes": ["dev"], "target": "minor" },
    { "dependencyTypes": ["peer"], "isIgnored": true },
  ],
}

When both the CLI's --target and a group's target apply, the stricter of the two wins.

Interactive update picker 15.1.1

syncpack update --interactive opens a keyboard-driven picker so you choose which updates to apply. Use space to toggle, a to toggle all, enter to confirm.

Registry response caching 15.1.1

Registry responses are cached on disk for 30 minutes by default to avoid repeat network calls. Pass --no-cache to bypass for the current run.

pnpm and Bun catalogs 15.0.0

Full support for the catalog: protocol. Define a dependency's version once and have every package consume it via catalog: or catalog:{name}.

  • New Catalog version group enforces that matched dependencies live in a catalog and are consumed via the protocol.
  • Syncpack writes catalog entries to pnpm-workspace.yaml (pnpm) or the root package.json (Bun), creating the implicit default catalog at fix time when one does not yet exist.
  • Filter updates by catalog: syncpack update --dependency-types pnpmCatalog, or by named catalog: pnpmCatalog:react18.

minimumReleaseAge 15.0.0

minimumReleaseAge excludes versions published more recently than the configured window, reducing supply-chain attack risk. Defaults to 1440 minutes (one day). Inherits from pnpm-workspace.yaml when unset; set 0 to disable.

pnpmOverrides reads from pnpm-workspace.yaml 15.0.0

Breaking change. The default pnpmOverrides dependency type now reads overrides from pnpm-workspace.yaml instead of pnpm.overrides in package.json. See the v15 migration guide for how to restore the legacy behaviour with pnpmOverridesLegacy.