vix outdated

vix outdated checks whether project dependencies are behind the latest versions available in the local Vix Registry index.

Use it when you want to inspect dependency updates without changing your project files.

vix outdated

Overview

vix outdated compares the versions pinned in:

vix.lock

with the latest versions known by the local registry index.

It does not update anything. It does not install anything. It does not rewrite vix.json. It does not rewrite vix.lock. It only reports dependency status.

Use it before deciding whether to run:

vix update

Usage

vix outdated
vix outdated [@]namespace/name
vix outdated [@]namespace/name [@]namespace/name
vix outdated [options]

Basic examples

# Check all locked dependencies
vix outdated

# Check one dependency
vix outdated gk/jwt

# Scoped-style syntax is accepted
vix outdated @gk/jwt

# Check several dependencies
vix outdated gk/jwt gk/pdf

# Machine-readable output
vix outdated --json

# Strict mode for CI
vix outdated --strict

What it does

vix outdated performs this flow:

read vix.lock
read local registry index
collect locked dependencies
read latest registry version for each dependency
compare locked version with latest version
print current, latest, and status

The comparison is based on locked dependencies, not dependency ranges.

That means the source of truth is:

vix.lock

not:

vix.json

Registry requirement

vix outdated needs the local registry index.

If the registry is not synced, Vix reports:

registry not synced
Run: vix registry sync

Fix it with:

vix registry sync
vix outdated

Lockfile requirement

vix outdated reads:

vix.lock

If the file is missing, the command fails.

Typical fix:

vix registry sync
vix add gk/json@^1.0.0
vix install
vix outdated

or:

vix update
vix outdated

Check all dependencies

Run:

vix outdated

Vix checks every dependency listed in:

vix.lock

Example output shape:

Outdated
Package   Current  Latest  Status
gk/json   1.0.0    1.1.0   outdated
gk/jwt    1.2.0    1.2.0   current

✔ checked 2 package(s), outdated 1

Check one dependency

Run:

vix outdated gk/jwt

The package must exist in vix.lock.

If it does not, Vix reports:

dependency not found in vix.lock: gk/jwt

This is intentional.

vix outdated checks project dependencies.

It does not check arbitrary registry packages unless they are locked by the current project.

Check several dependencies

Run:

vix outdated gk/jwt gk/pdf

Vix checks only those dependencies.

Each dependency must exist in vix.lock.

Scoped-style package syntax

Both forms are accepted:

vix outdated gk/jwt
vix outdated @gk/jwt

Both refer to:

gk/jwt

Version suffixes are parsed, but outdated status is still based on the version pinned in vix.lock.

Example:

vix outdated @gk/jwt@1.x.x

This still checks the locked dependency:

gk/jwt

Output table

The default output is a table.

Columns:

Column	Meaning
Package	Dependency id from vix.lock.
Current	Locked version from vix.lock.
Latest	Latest version found in the local registry index.
Status	current, outdated, or missing.

Status values

Status	Meaning
current	Locked version equals the latest registry version.
outdated	Locked version differs from the latest registry version.
missing	Package was found in vix.lock, but not in the local registry index.

Missing packages

If a dependency exists in vix.lock but cannot be found in the local registry index, Vix marks it as:

missing

Example:

Package   Current  Latest  Status
gk/json   1.0.0    -       missing

Then it prints a warning:

1 package(s) missing from local registry index

Common fix:

vix registry sync
vix outdated

If it is still missing after sync, the package may not exist in the registry index anymore or the lockfile may point to an old package id.

JSON output

Use:

vix outdated --json

Example output shape:

{
  "command": "outdated",
  "packages": [
    {
      "spec": "gk/json",
      "id": "gk/json",
      "current": "1.0.0",
      "latest": "1.1.0",
      "outdated": true,
      "found_in_registry": true
    },
    {
      "spec": "gk/jwt",
      "id": "gk/jwt",
      "current": "1.2.0",
      "latest": "1.2.0",
      "outdated": false,
      "found_in_registry": true
    }
  ]
}

Use JSON output for:

• CI
• scripts
• dashboards
• maintenance reports
• dependency monitoring

JSON with selected packages

vix outdated gk/json gk/jwt --json

The spec field keeps the user-provided package spec.

The id field is the normalized dependency id.

Strict mode

Use:

vix outdated --strict

Strict mode changes the exit code.

Result	Exit code
no outdated or missing packages	0
at least one outdated package	1
at least one missing package	1

This is useful in CI when you want stale dependencies to fail a maintenance job.

Strict JSON mode

You can combine strict mode with JSON:

vix outdated --json --strict

This prints machine-readable output and still returns 1 if any dependency is outdated or missing.

Exit codes

Exit code	Meaning
0	Command succeeded and strict mode did not find outdated or missing packages.
1	Registry missing, lockfile missing, invalid package spec, dependency missing from lockfile, outdated package in strict mode, missing package in strict mode, or another error.

Without --strict, outdated dependencies do not make the command fail.

Latest version source

Vix reads the latest version from the local registry entry.

It first checks:

latest

If that field is not available, it reads all available versions and selects the latest semver version.

That means the result depends on the local registry index.

Refresh it with:

vix registry sync

Important limitation

vix outdated does not resolve version ranges.

It compares:

current locked version

against:

latest registry version

So if your vix.json says:

{
  "deps": ["gk/json@^1.0.0"]
}

and your vix.lock pins:

gk/json 1.0.0

while the registry latest is:

1.1.0

vix outdated reports:

outdated

It does not decide whether the range allows the update.

Use:

vix update

to resolve and rewrite the lockfile.

Difference between vix outdated and vix update

Command	Purpose
vix outdated	Show whether locked dependencies are behind the registry latest.
vix update	Resolve newer versions and rewrite vix.lock.

Use vix outdated to inspect.

Use vix update to change the project.

Difference between vix outdated and vix install

Command	Purpose
vix outdated	Compare locked versions with registry latest versions.
vix install	Install exact versions already pinned in vix.lock.

vix install is for reproducible installation.

vix outdated is for dependency maintenance visibility.

Difference between vix outdated and vix registry sync

Command	Purpose
vix registry sync	Refresh the local registry index.
vix outdated	Compare vix.lock with the local registry index.

A good maintenance workflow is:

vix registry sync
vix outdated

Full maintenance workflow

Check current state:

vix registry sync
vix outdated

If something is outdated:

vix update
vix install
vix build --build-target all
vix tests

Or, when supported by your update workflow:

vix update --install
vix build --build-target all
vix tests

CI usage

A CI job that only reports dependency status:

vix registry sync
vix outdated --json

A CI job that fails when dependencies are stale:

vix registry sync
vix outdated --strict

A CI job that produces JSON and fails when stale:

vix registry sync
vix outdated --json --strict

Options

Option	Description
--json	Print machine-readable JSON output.
--strict	Return exit code 1 if any package is outdated or missing.
-h, --help	Show command help.

Commands reference

Command	Description
vix outdated	Check all locked dependencies.
vix outdated <pkg>	Check one locked dependency.
vix outdated <pkg> <pkg>	Check several locked dependencies.
vix outdated --json	Print JSON output.
vix outdated --strict	Fail if any dependency is outdated or missing.

Common workflows

Check all dependencies

vix outdated

Refresh registry, then check

vix registry sync
vix outdated

Check one dependency

vix outdated gk/jwt

Check several dependencies

vix outdated gk/jwt gk/pdf

Use scoped syntax

vix outdated @gk/jwt

Generate JSON report

vix outdated --json

Strict CI check

vix outdated --strict

Strict JSON CI check

vix outdated --json --strict

Check before updating

vix registry sync
vix outdated
vix update
vix install

Common mistakes

Expecting vix outdated to update packages

Wrong expectation:

vix outdated should update vix.lock

Correct model:

vix outdated only reports status

To update:

vix update
vix install

Forgetting to sync the registry

If results look old, refresh the registry:

vix registry sync
vix outdated

Running without vix.lock

vix outdated needs locked project dependencies.

If vix.lock is missing, first add or update dependencies:

vix add gk/json@^1.0.0
vix install

Checking a dependency not in the project

Wrong:

vix outdated gk/unknown

if gk/unknown is not in vix.lock.

Correct:

vix add gk/unknown
vix install
vix outdated gk/unknown

Expecting range-aware update decisions

vix outdated compares locked version to registry latest.

It does not resolve ranges.

Use:

vix update

when you want version resolution.

Confusing missing registry package with missing install

missing means the package was not found in the local registry index.

It does not necessarily mean the package is missing from .vix/deps.

Run:

vix registry sync

then check again.

Troubleshooting

Registry not synced

Run:

vix registry sync

Then:

vix outdated

vix.lock not found

Create or update the lockfile:

vix add gk/json@^1.0.0
vix install

or:

vix update

Invalid package spec

Valid package specs look like:

namespace/name
@namespace/name
namespace/name@version
@namespace/name@version

Example:

vix outdated gk/jwt
vix outdated @gk/jwt@1.x.x

Invalid:

vix outdated jwt
vix outdated gk
vix outdated @/jwt

Dependency not found in lockfile

If Vix reports:

dependency not found in vix.lock: gk/jwt

the current project does not have that dependency pinned.

Check all dependencies:

vix list

or inspect:

vix.lock

Then add the dependency if needed:

vix add gk/jwt
vix install

Package missing from local registry index

Run:

vix registry sync
vix outdated

If it is still missing, the package may not exist in the current registry index.

JSON output is empty

If the project has no dependencies, JSON output is:

{
  "command": "outdated",
  "packages": []
}

This is valid.

Best practices

Run vix registry sync before dependency maintenance checks.

Use vix outdated before updating dependencies.

Use vix outdated --json for reports.

Use vix outdated --strict in CI only when you intentionally want stale dependencies to fail the job.

Commit vix.lock.

Do not manually edit vix.lock.

Use vix update to refresh locked versions.

Use vix install after updating the lockfile.

Run tests after updating dependencies.

Related commands

Command	Purpose
vix update	Resolve newer versions and rewrite vix.lock.
vix install	Install exact locked dependencies.
vix add	Add a new dependency.
vix remove	Remove a dependency.
vix list	List locked or installed dependencies.
vix registry sync	Refresh the local registry index.
vix reset	Clean and reinstall project dependency state.
vix build	Build after dependency changes.
vix tests	Run tests after dependency changes.

Next step

Update dependency versions intentionally.

Open the vix update guide