Seems like https://greenkeeper.io/ is a similar idea with more polish (and with paid options). No affiliation, I've just seen GreenKeeper in action on the Kube Dashboard repo.
I run 'npm-check -u' [1] every morning on my develop branch and then I run my tests. I never thought about automating that part of my workflow. Sadly I don't host on GitHub.
How do you mean? There's some simple native support for checking if packages are outdated (npm outdated), and there's additional tooling that ties into various exposed APIs. If this is a comment on npm not just doing everything for everyone as part of the native package then... https://en.wikipedia.org/wiki/Unix_philosophy
One of my frustrations is updating submodule deps. The above link seems interesting, but most projects I work on are small enough that hovering over the dep in pckg.json file in vscode lets me know what is the latest. At the top level, I don't have much trouble managing updatea, however what about deps of deps and so on? It is hard to update these, and sometimes it breaks/is manual. Then it is overwritten when a new npm install ia run.
A good thought. It sends an email on each upgrade, however in my experience it doesn't happen SO often, tops two-three times a day, depends of course on the volume of packages you use. But it's a good idea to have a daily digest, thanks for that.
My only request is that the email "digest" be configurable. Being able to set this up to notify me once per week, or even once per month would be awesome. I could spend that one time to upgrade my deps, then lock them back down again until the next one.
Love this idea, but can't connect a private repo to grant access to all our code. Any plans to allow uploading a package.json to achieve the same thing (understanding that it's my responsibility to keep it up to date)?