DOKK / manpages / debian 13 / python3-nvchecker / nvcmp.1.en
NVCHECKER(1) General Commands Manual NVCHECKER(1)

nvchecker - New version checker for software releases

nvchecker (short for new version checker) is for checking if a new version of some software has been released.

This is the version 2.0 branch. For the old version 1.x, please switch to the v1.x branch.

  • Python 3.8+
  • Python library: structlog, platformdirs, tomli (on Python < 3.11)
  • One of these Python library combinations (ordered by preference):
  • tornado + pycurl
  • aiohttp
  • httpx with http2 support (experimental; only latest version is supported)
  • tornado

All commands used in your software version configuration files

To install:

pip3 install nvchecker


To use the latest code, you can also clone this repository and run:

python3 setup.py install


To see available options:

nvchecker --help


Run with one or more software version files:

nvchecker -c config_file.toml


A simple config file may look like:

[nvchecker]
source = "github"
github = "lilydjwg/nvchecker"
[python-toml]
source = "pypi"
pypi = "toml"


You normally will like to specify some "version record files"; see below.

With --logger=json or --logger=both, you can get a structured logging for programmatically consuming. You can use --json-log-fd=FD to specify the file descriptor to send logs to (take care to do line buffering). The logging level option (-l or --logging) doesn't take effect with this.

The JSON log is one JSON string per line. The following documented events and fields are stable, undocumented ones may change without notice.

An update is detected. Fields name, old_version and version are available. old_version maybe null.
There is no update. Fields name and version are available.
No version is detected. There may be an error. Fields name is available.
There is an error. Fields name and exc_info may be available to give further information.

There are several backward-incompatible changes from the previous 1.x version.

1.
Version 2.x requires Python 3.7+ to run.
2.
The command syntax changes a bit. You need to use a -c switch to specify your software version configuration file (or use the default).
3.
The configuration file format has been changed from ini to toml <https://toml.io/> . You can use the nvchecker-ini2toml script to convert your old configuration files. However, comments and formatting will be lost, and some options may not be converted correctly.
4.
Several options have been renamed. max_concurrent to max_concurrency, and all option names have their - be replaced with _.
5.
All software configuration tables need a source option to specify which source is to be used rather than being figured out from option names in use. This enables additional source plugins to be discovered.
6.
The version record files have been changed to use JSON format (the old format will be converted on writing).
7.
The vcs source is removed. (It's available inside <lilac> at the moment.) A git source is provided.
8.
include_tags_pattern and ignored_tags are removed. Use List Options instead.

Version record files record which version of the software you know or is available. They are a simple JSON object mapping software names to known versions.

The nvtake Command

This command helps to manage version record files. It reads both old and new version record files, and a list of names given on the commandline. It then update the versions of those names in the old version record file.

This helps when you have known (and processed) some of the updated software, but not all. You can tell nvchecker that via this command instead of editing the file by hand.

This command will help most if you specify where you version record files are in your config file. See below for how to use a config file.

The nvcmp Command

This command compares the newver file with the oldver one and prints out any differences as updates, e.g.:

$ nvcmp -c sample_source.toml
Sparkle Test App None -> 2.0
test 0.0 -> 0.1


The software version source files are in toml <https://toml.io/>
format. The key name is the name of the software. Following fields are used to tell nvchecker how to determine the current version of that software.

See sample_source.toml <https://github.com/lilydjwg/nvchecker/blob/master/sample_config.toml>
for an example.

A special table named __config__ provides some configuration options.

Relative path are relative to the source files, and ~ and environmental variables are expanded.

Currently supported options are:

Specify a version record file containing the old version info.
Specify a version record file to store the new version info.
The HTTP proxy to use. The format is proto://host:port, e.g. http://localhost:8087. Different backends have different level support for this, e.g. with pycurl you can use socks5h://host:port proxies.
Max number of concurrent jobs. Default: 20.
Time in seconds to wait for HTTP requests. Default: 20.
Specify a toml config file containing key (token) information. This file should contain a keys table, mapping key names to key values. See specific source for the key name(s) to use.

Sample keyfile.toml:

[keys]
# https://github.com/settings/tokens
# scope: repo -> public_repo
github = "ghp_<stripped>"



The following options apply to every check sources. You can use them in any item in your configuration file.

Strip the prefix string if the version string starts with it. Otherwise the version string is returned as-is.

If both prefix and from_pattern/to_pattern are used, prefix is applied first.

Both are Python-compatible regular expressions. If from_pattern is found in the version string, it will be replaced with to_pattern.

If from_pattern is not found, the version string remains unchanged and no error is emitted.

Suppress warnings and errors if a version checking module finds nothing. Not all sources support it.
The HTTP proxy to use. The format is proto://host:port, e.g. http://localhost:8087. Different backends have different level support for this, e.g. with pycurl you can use socks5h://host:port proxies.

Set it to "" (empty string) to override the global setting.

This only works when the source implementation uses the builtin HTTP client, and doesn't work with the aur source because it's batched (however the global proxy config still applies).

The user agent string to use for HTTP requests.
Try specified times when a network error occurs. Default is 1.

This only works when the source implementation uses the builtin HTTP client.

A personal authorization token used to fetch the url with the Authorization header. The type of token depends on the authorization required.
  • For Bearer token set : Bearer <Your_bearer_token>
  • For Basic token set : Basic <Your_base64_encoded_token>

In the keyfile add httptoken_{name} token.

Whether to verify the HTTPS certificate or not. Default is true.

The following options apply to sources that return a list. See individual source tables to determine whether they are supported.

Only consider version strings that match the given regex. The whole string should match the regex. Be sure to use .* when you mean it!
Don't consider version strings that match the given regex. The whole string should match the regex. Be sure to use .* when you mean it! This option has higher precedence that include_regex; that is, if matched by this one, it's excluded even it's also matched by include_regex.
Sort the version string using this key function. Choose among parse_version, vercmp and awesomeversion. Default value is parse_version. parse_version uses an old version of pkg_resources.parse_version. vercmp uses pyalpm.vercmp. awesomeversion uses <awesomeversion> .
Version strings that are explicitly ignored, separated by whitespace. This can be useful to avoid some known mis-named versions, so newer ones won't be "overridden" by the old broken ones.

source = "regex"


Search through a specific webpage for the version string. This type of version finding has these fields:

The URL of the webpage to fetch.
(Optional) The character encoding of the webpage, if latin1 is not appropriate.
A regular expression used to find the version string.

It can have zero or one capture group. The capture group or the whole match is the version string.

When multiple version strings are found, the maximum of those is chosen.

(Optional) When present, a POST request (instead of a GET) will be used. The value should be a string containing the full body of the request. The encoding of the string can be specified using the post_data_type option.
(Optional) Specifies the Content-Type of the request body (post_data). By default, this is application/x-www-form-urlencoded.

This source supports List Options.

source = "httpheader"


Send an HTTP request and search through a specific header.

The URL of the HTTP request.
(Optional) The header to look at. Default is Location. Another useful header is Content-Disposition.
A regular expression used to find the version string.

It can have zero or one capture group. The capture group or the whole match is the version string.

When multiple version strings are found, the maximum of those is chosen.

(Optional) The HTTP method to use. Default is HEAD.
(Optional) Whether to follow 3xx HTTP redirects. Default is false. If you are looking at a Location header, you shouldn't change this.

source = "htmlparser"


Send an HTTP request and search through the body a specific xpath.

The URL of the HTTP request.
An xpath expression used to find the version string.
(Optional) When present, a POST request (instead of a GET) will be used. The value should be a string containing the full body of the request. The encoding of the string can be specified using the post_data_type option.
(Optional) Specifies the Content-Type of the request body (post_data). By default, this is application/x-www-form-urlencoded.

NOTE:

An additional dependency "lxml" is required. You can use pip install 'nvchecker[htmlparser]'.


Title underline too short.

Search with an JSON Parser (jq)
~~~~~~~~~~~~~~~~~~~~~~~~~~



source = "jq"


Send an HTTP request and search through the body with a specific jq filter.

The URL of the HTTP request.
An jq filter used to find the version string.
(Optional) When present, a POST request (instead of a GET) will be used. The value should be a string containing the full body of the request. The encoding of the string can be specified using the post_data_type option.
(Optional) Specifies the Content-Type of the request body (post_data). By default, this is application/json.

This source supports List Options.

NOTE:

An additional dependency "jq" is required.


source = "cmd"


Use a shell command line to get the version. The output is striped first, so trailing newlines do not bother.

The command line to use. This will run with the system's standard shell (i.e. /bin/sh).

source = "aur"


Check Arch User Repository <https://aur.archlinux.org/>
for updates. Per-item proxy setting doesn't work for this because several items will be batched into one request.

The package name in AUR. If empty, use the name of software (the table name).
Strip the release part.
Append last modified time to the version.

source = "github"


Check GitHub <https://github.com/>
for updates. The version returned is in date format %Y%m%d.%H%M%S, e.g. 20130701.012212, unless use_latest_release or use_max_tag is used. See below.

The github repository, with author, e.g. lilydjwg/nvchecker.
Which branch to track? Default: the repository's default.
Only commits containing this file path will be returned.
Hostname for self-hosted GitHub instance.
Set this to true to check for the latest release on GitHub.

GitHub releases are not the same with git tags. You'll see big version names and descriptions in the release page for such releases, e.g. zfsonlinux/zfs's <https://github.com/zfsonlinux/zfs/releases> , and those small ones like nvchecker's <https://github.com/lilydjwg/nvchecker/releases>

are only git tags that should use use_max_tag below.

Will return the release's tag name instead of date. (For historical reasons it doesn't return the release name. See below to change.)

When use_latest_release is true, setting this to true will cause nvchecker to return the release name instead of the tag name.
When use_latest_release is true, set this to true to take prereleases into account.

This returns the release names (not the tag names).

This requires a token because it's using the v4 GraphQL API.

Set this to true to check for the latest tag on GitHub.

This requires a token because it's using the v4 GraphQL API.

When use_latest_tag is true, this sets a query for the tag. The exact matching method is not documented by GitHub.
Set this to true to check for the max tag on GitHub. Unlike use_latest_release, this option includes both annotated tags and lightweight ones, and return the largest one sorted by the sort_version_key option. Will return the tag name instead of date.
A personal authorization token used to call the API.

An authorization token may be needed in order to use use_latest_tag, include_prereleases or to request more frequently than anonymously.

To set an authorization token, you can set:

  • the token option
  • an entry in the keyfile for the host (e.g. github.com)
  • an entry in your netrc file for the host

This source supports List Options when use_max_tag is set.

source = "gitea"


Check Gitea <https://gitea.com/>
for updates. The version returned is in date format %Y%m%d, e.g. 20130701, unless use_max_tag is used. See below.

The gitea repository, with author, e.g. gitea/tea.
Which branch to track? Default: the repository's default.
Set this to true to check for the max tag on Gitea. Will return the biggest one sorted by old pkg_resources.parse_version. Will return the tag name instead of date.
Hostname for self-hosted Gitea instance.
Gitea authorization token used to call the API.

To set an authorization token, you can set:

  • the token option
  • an entry in the keyfile for the host (e.g. gitea.com)
  • an entry in your netrc file for the host

This source supports List Options when use_max_tag is set.

source = "bitbucket"


Check BitBucket <https://bitbucket.org/>
for updates. The version returned is in date format %Y%m%d, e.g. 20130701, unless use_max_tag is used. See below.

The bitbucket repository, with author, e.g. lilydjwg/dotvim.
Which branch to track? Default: the repository's default.
Set this to true to check for the max tag on BitBucket. Will return the biggest one sorted by old pkg_resources.parse_version. Will return the tag name instead of date.
If true, tags are queried and sorted according to the query and sort keys. Will return the tag name instead of the date.
A query string use to filter tags when use_sorted_tags set (see here <https://developer.atlassian.com/cloud/bitbucket/rest/intro/#querying>

for examples). The string does not need to be escaped.

A field used to sort the tags when use_sorted_tags is set (see here <https://developer.atlassian.com/cloud/bitbucket/rest/intro/#filtering>

for examples). Defaults to -target.date (sorts tags in descending order by date).

How many pages do we search for the max tag? Default is 3. This works when use_max_tag is set.

This source supports List Options when use_max_tag or use_sorted_tags is set.

source = "gitlab"


Check GitLab <https://gitlab.com/>
for updates. The version returned is in date format %Y%m%d, e.g. 20130701, unless use_max_tag is used. See below.

The gitlab repository, with author, e.g. Deepin/deepin-music.
Which branch to track?
Set this to true to check for the max tag on GitLab. Will return the biggest one sorted by old pkg_resources.parse_version. Will return the tag name instead of date.
Hostname for self-hosted GitLab instance.
GitLab authorization token used to call the API.

To set an authorization token, you can set:

  • the token option
  • an entry in the keyfile for the host (e.g. gitlab.com)
  • an entry in your netrc file for the host

This source supports List Options when use_max_tag is set.

source = "pypi"


Check PyPI <https://pypi.python.org/>
for updates.

The name used on PyPI, e.g. PySide.
Whether to accept pre release. Default is false.

This source supports List Options.

NOTE:

An additional dependency "packaging" is required. You can use pip install 'nvchecker[pypi]'.


source = "gems"


Check RubyGems <https://rubygems.org/>
for updates.

The name used on RubyGems, e.g. sass.

This source supports List Options.

source = "npm"


Check NPM Registry <https://registry.npmjs.org/>
for updates.

The name used on NPM Registry, e.g. coffee-script.

To configure which registry to query, a source plugin option is available. You can specify like this:

[__config__.source.npm]
registry = "https://registry.npm.taobao.org"



source = "hackage"


Check Hackage <https://hackage.haskell.org/>
for updates.

The name used on Hackage, e.g. pandoc.

source = "cpan"


Check MetaCPAN <https://metacpan.org/>
for updates.

The name used on CPAN, e.g. YAML.

source = "cran"


Check CRAN <https://cran.r-project.org/web/packages/>
for updates.

The name used on CRAN, e.g. xml2.

source = "packagist"


Check Packagist <https://packagist.org/>
for updates.

The name used on Packagist, e.g. monolog/monolog.

source = "cratesio"


Check crates.io <https://crates.io/>
for updates.

The crate name on crates.io, e.g. tokio.
Whether to accept pre release. Default is false.

This source supports List Options.

source = "pacman"


This is used when you run nvchecker on an Arch Linux system and the program always keeps up with a package in your configured repositories for <Pacman> .

The package name to reference to.
Strip the release part.

source = "archpkg"


This enables you to track the update of Arch Linux official packages <https://www.archlinux.org/packages/> , without needing of pacman and an updated local Pacman databases.

Name of the Arch Linux package.
Strip the release part, only return part before -.
Instead of the package version, return the version this package provides. Its value is what the package provides, and strip_release takes effect too. This is best used with libraries.

source = "debianpkg"


This enables you to track the update of Debian Linux official packages <https://packages.debian.org> , without needing of apt and an updated local APT database.

Name of the Debian Linux source package.
Name of the Debian release (jessie, wheezy, etc, defaults to sid)
Strip the release part.

source = "ubuntupkg"


This enables you to track the update of Ubuntu Linux official packages <https://packages.ubuntu.com/> , without needing of apt and an updated local APT database.

Name of the Ubuntu Linux source package.
Name of the Ubuntu release (xenial, zesty, etc, defaults to None, which means no limit on suite)
Strip the release part.

source = "repology"


This enables you to track updates from Repology <https://repology.org/>
(repology.org).

Name of the project to check.
Check the version in this repo. This field is required.
Check the version in this subrepo. This field is optional. When omitted all subrepos are queried.

This source supports List Options.

source = "anitya"


This enables you to track updates from Anitya <https://release-monitoring.org/>
(release-monitoring.org).

distro/package, where distro can be a lot of things like "fedora", "arch linux", "gentoo", etc. package is the package name of the chosen distribution.
The identifier of the project/package in anitya.

Note that either anitya or anitya_id needs to be specified, anitya_id is preferred when both specified.

source = "android_sdk"


This enables you to track updates of Android SDK packages listed in sdkmanager --list.

The package path prefix. This value is matched against the path attribute in all <remotePackage> nodes in an SDK manifest XML. The first match is used for version comparisons.
Should be one of addon or package. Packages in addon2-1.xml use addon and packages in repository2-1.xml use package.
Choose the target channel from one of stable, beta, dev or canary. This option also accepts a comma-separated list to pick from multiple channels. For example, the latest unstable version is picked with beta,dev,canary. The default is stable.
Choose the target OS for the tracked package from one of linux, macosx, windows. The default is linux. For OS-independent packages (e.g., Java JARs), this field is ignored.

This source supports List Options.

source = "sparkle"


This enables you to track updates of macOS applications which using Sparkle framework <https://sparkle-project.org/> .

The url of the sparkle appcast.
The language of release notes to return when localized release notes are available (defaults to en for English, the unlocalized release notes are used as a fallback)

source = "pagure"


This enables you to check updates from Pagure <https://pagure.io> .

The project name, optionally with a namespace.
Hostname of alternative instance like src.fedoraproject.org.

This source returns tags and supports List Options.

source = "apt"


This enables you to track the update of an arbitrary APT repository, without needing of apt and an updated local APT database.

Name of the APT binary package.
Name of the APT source package.
URL of the repository.
Name of the APT repository release (jessie, wheezy, etc)
Name of the APT repository (main, contrib, etc, defaults to main)
Architecture of the repository (i386, amd64, etc, defaults to amd64)
Strip the release part.

Note that either pkg or srcpkg needs to be specified (but not both) or the item name will be used as pkg.

source = "git"


This enables you to check tags or branch commits of an arbitrary git repository, also useful for scenarios like a github project having too many tags.

URL of the Git repository.
Return a commit hash instead of tags.
When use_commit is true, return the commit on the specified branch instead of the default one.

When this source returns tags (use_commit is not true) it supports List Options.

source = "mercurial"


This enables you to check tags of an arbitrary mercurial (hg) repository.

URL of the Mercurial repository.

This source returns tags and supports List Options.

source = "container"


This enables you to check tags of images on a container registry like Docker.

The path (and tag) for the container image. For official Docker images, use namespace library/ (e.g. library/python).

If no tag is given, it checks latest available tag (sort by tag name), otherwise, it checks the tag's update time.

The container registry host. Default: docker.io

registry and container are the host and the path used in the pull command. Note that the docker command allows omitting some parts of the container name while this plugin requires the full name. If the host part is omitted, use docker.io, and if there is no slash in the path, prepend library/ to the path. Here are some examples:

Pull command registry container
docker pull quay.io/prometheus/node-exporter quay.io prometheus/node-exporter
docker pull quay.io/prometheus/node-exporter:master quay.io prometheus/node-exporter:master
docker pull openeuler/openeuler docker.io openeuler/openeuler
docker pull openeuler/openeuler:20.03-lts docker.io openeuler/openeuler:20.03-lts
docker pull python docker.io library/python
docker pull python:3.11 docker.io library/python:3.11

If no tag is given, this source returns tags and supports List Options.

source = "alpm"


Check package updates in a local ALPM database.

Name of the package.
Name of the package repository in which the package resides. If not provided, nvchecker will use repos value, see below.
An array of possible repositories in which the package may reside in, nvchecker will use the first repository which contains the package. If not provided, core, extra and multilib will be used, in that order.
Path to the ALPM database directory. Default: /var/lib/pacman. You need to update the database yourself.
Strip the release part, only return the part before -.
Instead of the package version, return the version this package provides. Its value is what the package provides, and strip_release takes effect too. This is best used with libraries.

NOTE:

An additional dependency "pyalpm" is required.


source = "alpmfiles"


Search package files in a local ALPM files database. The package does not need to be installed. This can be useful for checking shared library versions if a package does not list them in its provides.

Name of the package.
Regular expression for the file path. If it contains one matching group, that group is returned. Otherwise return the whole file path. Paths do not have an initial slash. For example, usr/lib/libuv\\.so\\.([^.]+) matches the major shared library version of libuv.
Name of the package repository in which the package resides. If not provided, search all repositories.
Strip directory from the path before matching. Defaults to false.
Path to the ALPM database directory. Default: /var/lib/pacman. You need to update the database yourself with pacman -Fy.

source = "openvsx"


Check Open Vsx <https://open-vsx.org/>
for updates.

The extension's Unique Identifier on open-vsx.org, e.g. ritwickdey.LiveServer.

source = "vsmarketplace"


Check Visual Studio Code Marketplace <https://marketplace.visualstudio.com/vscode/>
for updates.

The extension's Unique Identifier on marketplace.visualstudio.com/vscode, e.g. ritwickdey.LiveServer.

source = "go"


Check Go packages and modules <https://pkg.go.dev/>
for updates.

The name of Go package or module, e.g. github.com/caddyserver/caddy/v2/cmd.

source = "combiner"


This source can combine results from other entries.

A list of entry names to wait results for.
A format string to combine the results into the final string.

Example:

[entry-1]
source = "cmd"
cmd = "echo 1"
[entry-2]
source = "cmd"
cmd = "echo 2"
[entry-3]
source = "combiner"
from = ["entry-1", "entry-2"]
format = "$1-$2"



source = "manual"


This enables you to manually specify the version (maybe because you want to approve each release before it gets to the script).

The version string.

It's possible to extend the supported sources by writing plugins. See plugin for documentation.

2024-12-12 2.16