apm outdated
Compare locked dependencies against their remotes to see what has new versions available. Read-only: this command does not modify apm.lock.yaml or touch apm_modules/.
Synopsis
Section titled “Synopsis”apm outdated [OPTIONS]Description
Section titled “Description”apm outdated reads apm.lock.yaml and queries each remote to detect staleness:
- Tag-pinned deps (e.g.
v1.2.3): semver compare against the latest available remote tag. - Branch-pinned deps (e.g.
main): compare the locked commit SHA against the remote branch tip. - Default-branch deps (no ref): compare against
main/mastertip. - Marketplace deps: compare the installed ref against the marketplace entry’s current
source.ref. - Registry deps (experimental
registriesfeature): compare the lockfile’s exactversionagainst the highest semver on the registry that satisfies the manifest range (same resolution semantics asapm install). Manifest ranges come from the rootapm.ymland from installed packages’apm.ymlfiles (transitive deps). When a registry lockfile entry has no manifest range,apm outdatedcompares against the highest published version and labels the source(lockfile).
Local dependencies and Artifactory-hosted deps are skipped. Legacy apm.lock files are migrated to apm.lock.yaml automatically on read.
To apply the suggested updates, run apm install --update (see Related).
Options
Section titled “Options”| Option | Description |
|---|---|
-g, --global | Check user-scope dependencies in ~/.apm/ instead of the current project. |
-v, --verbose | For outdated tag-pinned or registry deps, also list up to 10 newer available versions/tags. |
-j, --parallel-checks N | Max concurrent remote checks. Default 4. 0 forces sequential. |
Examples
Section titled “Examples”Check project dependencies:
apm outdatedSample output:
Dependency Status Package Current Latest Status Source ----------------------------- --------- ------------- ----------- --------------- acme/agent-skills v1.2.0 v1.4.1 outdated git tags acme/prompt-pack main 9c1ab2f0 outdated git branch acme/lint-rules v0.3.0 v0.3.0 up-to-date git tags nadavy/e2e-demo 1.0.1 1.1.1 outdated registry: corp microsoft/apm-review-panel 0.1.1 0.1.2 outdated registry: corp (lockfile) pirate-skill@apm-marketplace v0.2.1 v0.3.0 (...) outdated marketplace: apm-marketplace
[!] 2 outdated dependencies foundCheck user-scope deps installed under ~/.apm/:
apm outdated --globalShow available tags for outdated packages:
apm outdated --verboseUse 8 parallel checks for large dependency sets:
apm outdated -j 8Status values
Section titled “Status values”| Status | Meaning |
|---|---|
up-to-date | Locked ref matches the remote. |
outdated | A newer tag, branch tip SHA, or registry version in the manifest range is available. |
unknown | The remote could not be queried, or the ref could not be resolved. For registry deps, also check auth (APM_REGISTRY_TOKEN_{NAME}) and that the registry URL is configured. |
Registry Source values:
| Source pattern | Meaning |
|---|---|
registry: NAME | Compared using the manifest semver range from apm.yml (root or an installed package). |
registry: NAME (lockfile) | No manifest range found; compared against the highest published version on the registry. |
Exit codes
Section titled “Exit codes”| Code | Condition |
|---|---|
0 | Check completed (including when outdated deps are reported). |
1 | No lockfile found in the selected scope. |
apm outdated is a reporting command. Finding outdated deps is not an error and does not change the exit code; wire apm audit into CI instead if you want gating.
Related
Section titled “Related”apm install— pass--updateto upgrade outdated deps and rewrite the lockfile.apm view— inspect a single package’s metadata or available versions.apm audit— security scan over installed primitives, suitable for CI gating.- Registries guide — declare registries, publish flat archives, and consume registry-sourced deps.