Is it possible to tie packageManager updates to nvm?

[benedfit]

How are you running Renovate?

A Mend.io-hosted app

Which platform you running Renovate on?

GitHub.com

Which version of Renovate are you using?

42.74.5

Please tell us more about your question or problem

I currently have a number of repositories that use .nvmrc for managing node versions. In the past I have relied on the default version of npm that is installed via the nvm image. Recently I have a number of project that are using the packageManager field in package.json and Renovate has started offering upgrades to the version of npm. However, this now means that when folks run nvm install|use, they are likely on an older version of npm than the one Renovate is using, resulting in thrashing of the package-lock.json file.

So I'm interested to know if there is a recommended way to link the two tools? Either by limiting the upgrade of npm versions to only supported by the images, or forcing nvm to install/use a particular version of npm?

Thanks in advance for any help

Minimal reproduction

Logs (if relevant)

Logs

Replace this text with your logs, between the starting and ending triple backticks

[jamietanna]

If you have both a .nvmrc and your package.json notes the packageManager, you should be able to create a packageRules entry to link them

If you have a minimal example to share we can give a hand :)

[jamietanna]

@RahulGautamSingh do you know if we have a feature request (likely as an Issue) that'll make it possible to expose the npm version that a given Node version bundles?

Then we'd be able to tie these together

[jamietanna]

For "desired", did you mean it to be:

• node: 22.22.0
• npm: 10.9.4

?

(That appears to be the version of npm that Node 22.22.0 ships with)

[jamietanna]

Right now, Renovate doesn't know that the Node version bump will lead to an npm version bump

One thing that will ever so slightly help here is i.e.

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:recommended"],
  "packageRules": [
    {
      "matchPackageNames": [
        "node",
        "npm"
      ],
      "groupName": "node-npm"
    }
  ]
}

Which will make sure they're updated together.

As the npm CLI publishes dist-tags (npm dist-tags npm), you could use followTag:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:recommended"],
  "packageRules": [
    {
      "description": "...",
      "matchPackageNames": [
        "npm"
      ],
      "followTag": "10-latest"
    },
    {
      "matchPackageNames": [
        "node",
        "npm"
      ],
      "groupName": "node-npm",
      "prBodyNotes": "Until https://github.com/renovatebot/renovate/discussions/40421 is resolved, update `renovate.json` to specify the allowed npm version"
    }
  ]
}

[benedfit]

For "desired", did you mean it to be:

• node: 22.22.0
• npm: 10.9.4

?

(That appears to be the version of npm that Node 22.22.0 ships with)

On the repository in question I want to upgrade to Node 24, and the relevant npm version

[RahulGautamSingh]

@RahulGautamSingh do you know if we have a feature request (likely as an Issue) that'll make it possible to expose the npm version that a given Node version bundles?

Then we'd be able to tie these together

I don't think there's an issue for it.

There was an issue, which discussed about installing npm bundled with node instead of installing latest.

[github-actions[bot]]

Hi there,

Please help this Discussion progress by creating a minimal reproduction. This means a repository dedicated to reproducing this issue with the minimal dependencies and config possible.

Before we start working on your issue we need to know exactly what's causing the current behavior. A minimal reproduction helps us with this. Discussions without reproductions are less likely to be converted to Issues.

Please follow these steps:

1. Read our guide on creating a minimal reproduction.
2. Go to our minimal reproduction template repository.
3. Select the Use this template button to create a new repository based on the template.
4. Work on the reproduction in your own repository. Ensure it's actually minimal (no unnecesary dependencies or config), or it will be rejected by maintainers.
5. Install the Renovate app to verify that what you say happens (or doesn't happen) reproduces.
6. Fill out the information in your repository's README.md. What you describe there should reflect what you see in this repo, with the hosted app, and not what you saw in your original repo/environment.
7. Add the link to your reproduction to the first post of your Discussion. If you are not the original author, you can post a new comment with the link.
8. Add a Discussion comment mentioning that the reproduction repo is now available and linked.

If you need help with running Renovate on your minimal reproduction repository, please refer to our Running Renovate guide.
Good luck,

The Renovate team

[jamietanna]

It might also be possible to use constraints to limit things to specific version(s)

[benedfit]

Until this is a feature, I've managed to work out how to achieve this using customDatasources:

{
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "extends": ["config:recommended"],
  "customDatasources": {
    "node-npm-version":{
      "defaultRegistryUrlTemplate": "https://nodejs.org/dist/index.json",
      "format": "json",
      "transformTemplates": ["{ \"releases\": $each(${npm:$^(lts != false ? 0 : 1, >date)[0]}, function($v) { { \"version\": $v.npm, \"releaseTimestamp\": $v.date, \"isStable\": $v.lts != false } }) }"]
    }
  },
  "packageRules": [
    {
      "matchDatasources": ["npm"],
      "matchPackageNames": ["npm"],
      "overrideDatasource": "custom.node-npm-version"
    }
  ]
}

See benedfit/renovate-nvm-npm#4 for validation of desired updates