Lib.rs

#lock-files #package #pixi #conda #pypi #command-line-tool #package-json #version-info #json-output

bin+lib pixi-outdated

A CLI tool to find outdated packages in pixi environments

Owned by Ben Moss.

1 unstable release

0.1.0 Oct 24, 2025

#8 in #version-info

MIT license

65KB
930 lines

pixi-outdated

A CLI tool to check for outdated dependencies in pixi projects.

Features

  • Multi-platform analysis - Check all platforms in your lockfile simultaneously
  • Smart caching - Queries each package only once across all platforms
  • Conda packages - Query channel repodata with rattler for accurate version info
  • PyPI packages - Check Python packages via the PyPI JSON API
  • No parsing needed - Leverages pixi list --json for package information
  • Flexible filtering - Check explicit dependencies only or specific packages
  • Multi-environment - Support for different pixi environments
  • Progress tracking - Visual progress bars for multi-platform queries
  • JSON output - Machine-readable output for automation

Installation

cargo install --path .

Usage

Check all packages (including transitive dependencies)

pixi-outdated

Check only explicit dependencies from pixi.toml

pixi-outdated --explicit

Check specific packages

# Single package
pixi-outdated datasette

# Multiple packages
pixi-outdated datasette cowsay sqlite

Check packages in a specific environment

pixi-outdated --environment prod

Check packages for a specific platform

# Single platform
pixi-outdated --platform linux-64

# Check all platforms in lockfile (default behavior)
pixi-outdated

Note: When no platform is specified, pixi-outdated automatically checks all platforms defined in your pixi.lock file and shows:

  • Updates common to all platforms
  • Platform-specific updates

Additional options

pixi-outdated --help

Arguments:
  [PACKAGES]...       Specific package names to check (if not provided, checks all packages)

Options:
  -x, --explicit                 Only check packages explicitly listed in pixi.toml
  -e, --environment <ENV>        The environment to check (defaults to the default environment)
  -p, --platform <PLATFORM>      The platform to check (if not specified, checks all platforms in lockfile)
  -j, --json                     Output in JSON format
  -v, --verbose                  Verbose output with debug logging
  -f, --manifest <MANIFEST>      Path to the pixi.toml file
  -h, --help                     Print help
  -V, --version                  Print version

Example Output

$ pixi-outdated
Checking platforms: linux-64, osx-arm64

=== All Platforms ===
cowsay: 5.0 -> 6.1
libffi: 3.4.6 -> 3.5.2

=== Platform: osx-arm64 ===
icu: 73.2 -> 75.1
python: 3.12.12 -> 3.14.0

=== Platform: linux-64 ===
libsqlite: 3.50.1 -> 3.50.4
python: 3.12.11 -> 3.14.0

Analysis complete!

Development Status

Production Ready! This tool is fully functional and well-tested.

Completed Features:

  • Multi-platform analysis - Automatically checks all platforms in lockfile
  • Smart query optimization - Each package queried only once across platforms (50% reduction in API calls)
  • CLI argument parsing with support for:
    • Multiple package names
    • Explicit dependencies only (--explicit)
    • Environment selection (--environment)
    • Platform selection (--platform)
    • JSON output (--json)
    • Verbose output with structured logging (--verbose)
  • Integration with pixi - Uses pixi list --json for package info
  • Conda support - Repodata querying with rattler
    • Shared Gateway instance for performance (7s first query, <7ms cached)
    • Multi-platform queries in single API call
    • NoArch and platform-specific packages
  • PyPI support - PyPI JSON API integration with automatic caching
  • Progress tracking - Visual progress bars for long operations
  • Comprehensive tests - 25 tests covering all functionality
    • Unit tests for all modules
    • Integration tests with real lockfiles
    • Error handling and edge cases
  • Result coalescing - Intelligently groups updates by platform

Performance:

  • ~50% reduction in API calls through intelligent caching
  • PyPI packages queried once regardless of platform count
  • Parallel platform analysis with single progress bar

Architecture

Design Principles

Instead of parsing pixi.toml and pixi.lock directly, we leverage existing tools:

  • Use pixi list --json - Avoids reinventing package resolution logic
  • Use rattler_lock - Read lockfiles for platform information
  • Smart caching - Query each unique package once across all platforms
  • Parallel analysis - Process all platforms simultaneously

Module Structure

src/
├── main.rs         # CLI entry point and multi-platform orchestration
├── lib.rs          # Library exports (lockfile, conda, pixi, pypi)
├── lockfile.rs     # Read platforms from pixi.lock using rattler_lock
├── pixi.rs         # Shell out to `pixi list --json` for package info
├── conda.rs        # Query conda channels for latest versions (with multi-platform support)
└── pypi.rs         # Query PyPI JSON API for latest versions

tests/
└── integration_test.rs  # End-to-end tests with real lockfiles

Key Optimizations

  1. PackageKey Deduplication: Unique packages identified by (name, channel, kind) tuple
  2. Version Cache: All version queries cached before building per-platform results
  3. Multi-platform Queries: Conda packages queried across all platforms in one API call
  4. PyPI Caching: Automatically cached since they have no channel (platform-independent)

Testing

Run the test suite:

# All tests
cargo test

# With output
cargo test -- --nocapture

# Specific test
cargo test test_get_platforms_from_lockfile

# Integration tests only
cargo test --test integration_test

Run clippy:

pixi run cargo-clippy

Test Coverage

  • 17 unit tests - Testing individual modules (conda, pixi, lockfile)
  • 6 integration tests - End-to-end testing with real lockfiles
  • 2 binary tests - Testing main application logic

License

MIT

Dependencies

~40–65MB
~1M SLoC