feature: match on module type (npm)

[boneskull]

Type of discussion.

I'm proposing an idea

Tell us more.

We are frequently getting failed (major) version bump PRs because a package has switched from CJS to ESM-only.

Closing the PR won't be sticky enough, because we will again get a new PR on the next release of the dep. To avoid this, I'm currently maintaining a list of ESM-only packages that we're using, and disallowing major updates of those packages. There's overhead here, of course, but it isn't too bad.

It'd be nice to be able to match packages based on module type.

The package.json of any dependency can be analyzed to determine whether it supports CJS, ESM, both, or neither (I guess). As an example, Algolia's npm-search is able to determine this information. I'd consider using that myself, except a) it seems like overkill, b) it does not index on module type, and c) I'd have to maintain a static list of non-CJS packages exported from the tool and automate building a renovate config file from it, since there's no way (to my knowledge) to tell Renovate to run an arbitrary matching function (though that'd be neat).

I could also try to write some tool to automate the list-building myself, of course. Or--you know--just don't use those packages in the first place. 😄

Anyone else have this issue?

[rarkins]

Closing the PR won't be sticky enough, because we will again get a new PR on the next release of the dep.

You may have a misunderstanding here. If v4.0.0 comes out, and you close to ignore it, you won't get a new PR if any new v4 release comes out such as v4.0.1 - all v4 will be ignored. You would only get a new PR if v5 comes out