Check and update dependencies across Cargo, npm, and pyproject projects
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
ruckup
One command to check and update dependencies across Cargo, Docker, GitHub Actions, npm, and Python — all at once.
ruckup auto-detects your project's manifest files and checks every dependency against its upstream registry. Run it in any repo — even polyglot monorepos — and get a unified view of what's outdated. Then apply updates interactively or all at once.
Installation
cargo
cargo install ruckup
npm / pnpm / yarn / bun
npm install -g ruckup
# or
pnpm add -g ruckup
# or
yarn global add ruckup
# or
bun add -g ruckup
pip / uv / pipx
pip install ruckup
# or
uv tool install ruckup
# or
pipx install ruckup
Pre-built binaries
Download the latest binary for your platform from the GitHub Releases page, extract it, and place it on your PATH.
| Platform | Archive |
|---|---|
| Linux x86_64 (glibc) | ruckup-linux-x64.tar.gz |
| Linux x86_64 (musl) | ruckup-linux-x64-musl.tar.gz |
| Linux arm64 (glibc) | ruckup-linux-arm64.tar.gz |
| Linux arm64 (musl) | ruckup-linux-arm64-musl.tar.gz |
| macOS arm64 (Apple Silicon) | ruckup-darwin-arm64.tar.gz |
| macOS x86_64 | ruckup-darwin-x64.tar.gz |
| Windows x86_64 | ruckup-win32-x64.zip |
| Windows arm64 | ruckup-win32-arm64.zip |
Build from source
git clone https://github.com/ruckc/ruckup.git
cd ruckup
cargo install --path .
Features
- Auto-detection — scans the current directory for all supported manifest files
- Multi-ecosystem — one tool for Cargo, Docker, GitHub Actions, npm, and Python
- Interactive updates — multi-select prompt lets you pick exactly what to bump
- Bulk updates —
--allflag skips prompts and applies everything - Flexible filtering — scope work to a specific ecosystem or package name
- Lockfile-aware — respects npm peer dependency constraints
- Configurable — per-project
.ruckuprcplus global config and env var overrides
Supported Manifests
| Ecosystem | Files |
|---|---|
| Cargo | Cargo.toml — [dependencies], [dev-dependencies], [build-dependencies] |
| Docker | Dockerfile, Dockerfile.*, docker-compose.yml, docker-compose.yaml, compose.yml, compose.yaml |
| GitHub Actions | .github/workflows/*.yml — uses: owner/repo@ref |
| npm / pnpm / yarn | package.json (lockfile-aware) |
| Python | pyproject.toml (uv, Poetry, PEP 621), requirements.txt |
Usage
Usage: ruckup [OPTIONS] [COMMAND]
Commands:
check Check for available dependency updates (default)
update Interactively select and apply dependency updates
list List detected dependency files and their dependencies
Options:
-o, --only <ONLY> Comma-separated list of ecosystems to check
(cargo, docker, github-actions, npm, pyproject, requirements)
-f, --filter <FILTER> Filter to specific dependency names
-h, --help Print help
-V, --version Print version
check is the default command, so ruckup and ruckup check are equivalent.
Examples
# Check everything in the current directory
ruckup
# Check only Cargo dependencies
ruckup --only cargo
# Check only GitHub Actions workflow pins
ruckup check --only github-actions
# Check npm packages and filter to a specific name
ruckup check --only npm --filter react
# Check multiple ecosystems at once
ruckup check --only cargo,npm --filter serde,clap
# List all detected dependencies without hitting registries
ruckup list
# Interactively choose which updates to apply
ruckup update
# Apply all available updates without prompts
ruckup update --all
Configuration
Configuration is resolved in this order (later entries win):
- Built-in defaults
~/.ruckuprc(global)./.ruckuprc(project)RUCKUP_*environment variables
Both TOML and JSON formats are supported for .ruckuprc.
Settings
| Setting | Env var | Default | Description |
|---|---|---|---|
preserve_range |
RUCKUP_PRESERVE_RANGE |
true |
Keep existing version range prefixes when updating |
cargo_concurrency |
RUCKUP_CARGO_CONCURRENCY |
4 |
Concurrent crates.io requests |
npm_concurrency |
RUCKUP_NPM_CONCURRENCY |
16 |
Concurrent npm registry requests |
pypi_concurrency |
RUCKUP_PYPI_CONCURRENCY |
10 |
Concurrent PyPI requests |
github_actions_concurrency |
RUCKUP_GITHUB_ACTIONS_CONCURRENCY |
8 |
Concurrent GitHub API requests |
docker_concurrency |
RUCKUP_DOCKER_CONCURRENCY |
8 |
Concurrent Docker Hub requests |
Example .ruckuprc
preserve_range = true
cargo_concurrency = 5
npm_concurrency = 16
pypi_concurrency = 10
github_actions_concurrency = 8
docker_concurrency = 8
Environment variable examples
RUCKUP_PRESERVE_RANGE=false ruckup update --all
RUCKUP_NPM_CONCURRENCY=8 ruckup check --only npm
RUCKUP_DOCKER_CONCURRENCY=4 ruckup check --only docker
Notes
- Docker support targets Docker Hub images with semver-like tags; unsupported registries and floating tags are listed but not upgraded.
- npm output includes peer dependency conflict reporting so you can see what is blocking an upgrade.
- GitHub Actions updates rewrite pinned
uses: owner/repo@refreferences; floating refs likestableare left alone. - Python detection only activates for
pyproject.tomlfiles that declare Python dependencies. requirements.txtpackaging directives (editable installs, direct URLs, pip flags) are intentionally ignored.
License
MIT — see LICENSE.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
No source distribution files available for this release.See tutorial on generating distribution archives.
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ruckup-0.6.3-py3-none-manylinux_2_39_x86_64.whl.
File metadata
- Download URL: ruckup-0.6.3-py3-none-manylinux_2_39_x86_64.whl
- Upload date:
- Size: 4.0 MB
- Tags: Python 3, manylinux: glibc 2.39+ x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2a8e50a6d9350c71f6cd8ae87bf0ab75ad44379d8e538cf72badd1cee4cbc44f
|
|
| MD5 |
310d899ebae7cff5f46aa9bc9796c862
|
|
| BLAKE2b-256 |
1ebcab8744ecfe1a91c94e1890fcb04c1143387d316bda4201f7757a440e6f66
|
Provenance
The following attestation bundles were made for ruckup-0.6.3-py3-none-manylinux_2_39_x86_64.whl:
Publisher:
release.yml on ruckc/ruckup
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ruckup-0.6.3-py3-none-manylinux_2_39_x86_64.whl -
Subject digest:
2a8e50a6d9350c71f6cd8ae87bf0ab75ad44379d8e538cf72badd1cee4cbc44f - Sigstore transparency entry: 1391831711
- Sigstore integration time:
-
Permalink:
ruckc/ruckup@d63d57c169458bd0b8eef5773c38f2a0836e2acd -
Branch / Tag:
refs/heads/main - Owner: https://github.com/ruckc
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@d63d57c169458bd0b8eef5773c38f2a0836e2acd -
Trigger Event:
workflow_dispatch
-
Statement type:
