VisCommandsvis check

vis check

Check for outdated dependencies, security vulnerabilities, and supply chain settings

vis check

Check for outdated dependencies, known security vulnerabilities, and supply-chain settings. On pnpm / bun workspaces it checks catalog dependencies; on npm / yarn it checks dependencies / devDependencies (scope with --dev / --prod).

Aliases: vis c, vis outdated

Usage

vis check [packages] [options]

Examples

vis check                              # Check all catalog dependencies
vis check react                        # Check specific packages
vis check --target minor               # Only show minor/patch updates
vis check --exclude '@types/*'         # Exclude packages by pattern
vis check --no-security                # Skip vulnerability scanning
vis check --security-config            # Audit supply-chain security settings
vis check --security-config --sync     # Sync security config to pnpm-workspace.yaml
vis check --format json                # Machine-readable output
vis check --exit-code                  # Exit 1 if outdated (for CI)

Options

OptionAliasDefaultDescription
--target-tlatestUpdate target: latest, minor, or patch
--includeGlob pattern to include packages (repeatable)
--excludeGlob pattern to exclude packages (repeatable)
--prereleasefalseInclude prerelease versions
--no-securityfalseSkip security vulnerability scanning
--security-configfalseAudit supply-chain security settings
--syncfalseSync security settings to pnpm-workspace.yaml (pnpm only, with --security-config)
--formattableOutput format: table, json, or minimal
--exit-codefalseExit with code 1 if outdated dependencies found (for CI)
--aifalseRun AI analysis on outdated packages
--ai-typeAI analysis type: impact, security, compatibility, or recommend
--dev-DfalseCheck only devDependencies (npm/yarn mode; conflicts with --prod)
--prod-PfalseCheck only dependencies (npm/yarn mode; conflicts with --dev)
--peerfalseInclude peerDependencies in outdated checks
--include-internalfalseAlso check workspace-owned package names against the registry

Output Formats

Table (default)

Displays a color-coded table showing package name, catalog, current version, target version, and update type (patch/minor/major).

JSON

Machine-readable JSON output including both outdated entries and any packages that failed to fetch:

{
    "failed": [],
    "outdated": [
        {
            "packageName": "typescript",
            "catalog": "default",
            "currentVersion": "5.3.0",
            "targetVersion": "5.7.0",
            "updateType": "minor"
        }
    ]
}

Minimal

Compact one-line-per-package output, suitable for scripting.

CI Usage

Use --exit-code to fail CI when outdated dependencies are found:

- name: Check dependencies
  run: vis check --exit-code --format json > deps-report.json
Support

Contribute to our work and keep us going

Community is the heart of open source. The success of our packages wouldn't be possible without the incredible contributions of users, testers, and developers who collaborate with us every day.Want to get involved? Here are some tips on how you can make a meaningful impact on our open source projects.

Ready to help us out?

Be sure to check out the package's contribution guidelines first. They'll walk you through the process on how to properly submit an issue or pull request to our repositories.

Submit a pull request

Found something to improve? Fork the repo, make your changes, and open a PR. We review every contribution and provide feedback to help you get merged.

Good first issues

Simple issues suited for people new to open source development, and often a good place to start working on a package.
View good first issues