## Background
Addressing feedback from
https://github.com/openai/codex/pull/333#discussion_r2050893224, this PR
adds support for Bun alongside npm, pnpm while keeping the code simple.
## Summary
The update‑check flow is refactored to use a direct registry lookup
(`fast-npm-meta` + `semver`) instead of shelling out to `npm outdated`,
and adds a lightweight installer‑detection mechanism that:
1. Checks if the invoked script lives under a known global‑bin directory
(npm, pnpm, or bun)
2. If not, falls back to local detection via `getUserAgent()` (the
`package‑manager‑detector` library)
## What’s Changed
- **Registry‑based version check**
- Replace `execFile("npm", ["outdated"])` with `getLatestVersion()` and
`semver.gt()`
- **Multi‑manager support**
- New `renderUpdateCommand` handles update commands for `npm`, `pnpm`,
and `bun`.
- Detect global installer first via `detectInstallerByPath()`
- Fallback to local detection via `getUserAgent()`
- **Module cleanup**
- Extract `detectInstallerByPath` into
`utils/package-manager-detector.ts`
- Remove legacy `checkOutdated`, `getNPMCommandPath`, and child‑process
JSON parsing
- **Flow improvements in `checkForUpdates`**
1. Short‑circuit by `UPDATE_CHECK_FREQUENCY`
3. Fetch & compare versions
4. Persist new timestamp immediately
5. Render & display styled box only when an update exists
- **Maintain simplicity**
- All multi‑manager logic lives in one small helper and a concise lookup
rather than a complex adapter hierarchy
- Core `checkForUpdates` remains a single, easy‑to‑follow async function
- **Dependencies added**
- `fast-npm-meta`, `semver`, `package-manager-detector`, `@types/semver`
## Considerations
If we decide to drop the interactive update‑message (`npm install -g
@openai/codex`) rendering altogether, we could remove most of the
installer‑detection code and dependencies, which would simplify the
codebase further but result in a less friendly UX.
## Preview
* npm
* bun
## Simple Flow Chart
```mermaid
flowchart TD
A(Start) --> B[Read state]
B --> C{Recent check?}
C -- Yes --> Z[End]
C -- No --> D[Fetch latest version]
D --> E[Save check time]
E --> F{Version data OK?}
F -- No --> Z
F -- Yes --> G{Update available?}
G -- No --> Z
G -- Yes --> H{Global install?}
H -- Yes --> I[Select global manager]
H -- No --> K{Local install?}
K -- No --> Z
K -- Yes --> L[Select local manager]
I & L --> M[Render update message]
M --> N[Format with boxen]
N --> O[Print update]
O --> Z
```
**Summary**
This change introduces a new startup check that notifies users if a
newer `@openai/codex` version is available. To avoid spamming, it writes
a small state file recording the last check time and will only re‑check
once every 24 hours.
**What’s Changed**
- **New file** `src/utils/check-updates.ts`
- Runs `npm outdated --global @openai/codex`
- Reads/writes `codex-state.json` under `CONFIG_DIR`
- Limits checks to once per day (`UPDATE_CHECK_FREQUENCY = 24h`)
- Uses `boxen` for a styled alert and `which` to locate the npm binary
- **Hooked into** `src/cli.tsx` entrypoint:
```ts
import { checkForUpdates } from "./utils/check-updates";
// …
// after loading config
await checkForUpdates().catch();
```
- **Dependencies**
- Added `boxen@^8.0.1`, `which@^5.0.0`, `@types/which@^3.0.4`
- **Tests**
- Vitest suite under `tests/check-updates.test.ts`
- Snapshot in `__snapshots__/check-updates.test.ts.snap`
**Motivation**
Addresses issue #244. Users running a stale global install will now see
a friendly reminder—at most once per day—to upgrade and enjoy the latest
features.
**Test Plan**
- `getNPMCommandPath()` resolves npm correctly
- `checkOutdated()` parses `npm outdated` JSON
- State file prevents repeat alerts within 24h
- Boxen snapshot matches expected output
- No console output when state indicates a recent check
**Related Issue**
try resolves#244
**Preview**
Prompt a pnpm‑style alert when outdated
Let me know if you’d tweak any of the messaging, throttle frequency,
placement in the startup flow, or anything else.
---------
Co-authored-by: Thibault Sottiaux <tibo@openai.com>
