Skip to content
inup

v1.6.8 · interactive dependency upgrader

The upgrade-interactive
npm never shipped.

One command for npm, yarn, pnpm & bun. Pick upgrades in an interactive terminal UI — see vulnerabilities and changelogs before you commit. Zero config, monorepo-ready.

Read the docs

or install: npm i -g inup · pnpm add -g inup · yarn global add inup · bun add -g inup

real session, recorded with vhs — not a mockup
0
tests passing
0%
coverage
0
package managers
0
telemetry · MIT

the picker

The picker knows more than outdated does

Every feature is a keystroke away — no flags to remember, no re-runs.

monorepos

pnpm catalogs, without ceremony

inup discovers every workspace in one pass. Dependencies declared ascatalog: are resolved from pnpm-workspace.yamland upgraded right there — comments and formatting preserved, not rewritten.

Private registries work exactly like npm's own resolution: scoped registries and credentials from your project, user and global.npmrc, including ${ENV_VAR} expansion.

pnpm-workspace.yaml
# comments survive the upgrade
catalog:
  # pinned for the design system
  react: "18.3.1" → "19.1.0"
  vue:   "^3.5.13"
ci.yaml
# gate the build on outdated deps
inup --check
✗ 3 packages behind · 1 advisory

# structured report for dashboards
inup --json | jq '.summary'

# apply safe in-range bumps + install
inup --apply --target minor

automation

Headless in CI, by default

When stdout isn't a TTY or $CI is set, inup never opens the UI — it reports. --check and --json are read-only, and JSON output carries a schemaVersion so agents can pin to a known shape.

The GitHub Action runs on a schedule and maintains one rolling PR with safe upgrades applied — re-runs update the same PR.

comparison

How inup compares

Honest marks — including the rows where the others win. Verified against each tool's docs on 2026-07-09.

inupncutazePM built-ins
One tool for npm, yarn, pnpm & bun
Monorepos & workspaces
Vulnerability audit in the picker
Changelogs in the terminal
Search & dep-type toggles in the UI
pnpm catalogs, comments preserved
CI gate + JSON report
Doctor mode (test each upgrade)
Per-package upgrade rules

"PM built-ins" = yarn upgrade-interactive,pnpm update -i, bun update -i,deno outdated -i — each works with its own package manager only. Detailed head-to-heads: inup vs npm-check-updates, taze, npm-check, npm-upgrade, updates, PM built-ins, Renovate and Dependabot.

no telemetry

Try it on your messiest repo

No tracking, no data collection. Metadata comes straight from the npm registry and changelogs from GitHub. MIT licensed — read the source.