fix(upgrade): improve CLI usability for monorepos and CI

[jacekradko]

Summary

Improves @clerk/upgrade CLI for monorepo and CI environments:

• Parent directory traversal for package manager detection: detectPackageManager() now walks up the directory tree to find lockfiles and the packageManager field in package.json (Corepack), fixing detection in monorepo subdirectories
• pnpm workspace -w flag: getInstallCommand() and getUninstallCommand() automatically add -w when the target directory is inside a pnpm workspace, preventing "Running this command will add the dependency to the workspace root" errors
• Resolve catalog: protocol versions: getSdkVersion() now resolves both default (catalog:) and named (catalog:mycat) version specifiers by parsing pnpm-workspace.yaml catalogs
• Actionable non-interactive error messages: SDK detection and version detection failures now include complete example commands showing the exact flags needed
• Codemod error reporting: Passes verbose: 0 to jscodeshift so error-level logging (file paths + error messages) is printed; uses spinner.error() when errors occur
• Scan false positive reduction: Excludes .md and .tsbuildinfo files from breaking-change scans (matching existing codemod behavior for .md)

Testing

Tested across 4 monorepo scenarios:

Scenario	Command	Result
No flags from root	npx @clerk/upgrade --dry-run	Picks up @clerk/backend from root — expected for root-level detection
--dir subdirectory	npx @clerk/upgrade --dry-run --dir=./apps/web	Auto-detected @clerk/nextjs, resolved catalog: version, ran 12 codemods
--sdk from root	npx @clerk/upgrade --dry-run --sdk=nextjs	Can't resolve version (not in root package.json), but shows actionable error with example command
--sdk + --release from root	npx @clerk/upgrade --dry-run --sdk=nextjs --release=core-3	Full scan of 992 files, 12 codemods, 7 issues found

Test plan

• All 246 tests pass (15 new tests added)
• pnpm build succeeds
• Manual test: --dir=./apps/web detects package manager from parent, resolves catalog: version
• Manual test: --sdk=nextjs from root shows actionable error when version can't be resolved
• Manual test: --sdk=nextjs --release=core-3 from root runs full scan successfully

[changeset-bot]

🦋 Changeset detected

Latest commit: 5e79db7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/upgrade	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
clerk-js-sandbox	Skipped		Feb 20, 2026 5:24pm

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7874

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7874

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7874

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7874

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7874

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7874

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7874

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7874

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7874

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7874

@clerk/hono

npm i https://pkg.pr.new/@clerk/hono@7874

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7874

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7874

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7874

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7874

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7874

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7874

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7874

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7874

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7874

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7874

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7874

commit: ce11b96

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds Next.js test fixtures and workspace YAMLs for catalog-based dependency resolution. Expands integration tests to cover catalog version resolution, workspace traversal, lockfile/packageManager precedence, and CLI SDK-detection messaging in non-interactive mode. Introduces resolveCatalogVersion to read pnpm-workspace.yaml while traversing parent directories and updates getSdkVersion to consult catalog resolutions. Enhances package-manager detection to traverse upward, adds isInPnpmWorkspace, and updates install/uninstall/upgrade/remove commands to accept cwd and append pnpm -w when inside a workspace. Improves CLI non-interactive error output and refines codemod verbosity and result reporting.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main focus of the PR: improving CLI usability for monorepos and CI environments through better package manager detection, workspace support, and error messaging.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/upgrade/src/util/detect-sdk.js`:
- Around line 52-77: Add a JSDoc block above the exported function
resolveCatalogVersion(packageName, dir) that documents it as a public API:
describe both parameters (packageName: string — package identifier to search
for; dir: string — starting directory to traverse upward), explain traversal
behavior (walks parent directories until the filesystem root looking for
pnpm-workspace.yaml), explain parsing behavior (reads the file, matches catalog
entries using the existing regex to extract the version for the given package
name), and state the return value and semantics (returns the matched version
string or null if not found or on read/parse errors). Also include
`@export/`@returns/@param tags and mention that errors are swallowed and result in
null.
- Around line 52-67: resolveCatalogVersion currently searches the entire
pnpm-workspace.yaml for the package name and returns the first match, which
returns wrong versions for named catalogs; update getSdkVersion to extract the
catalog name from the incoming version string (e.g., "catalog:peer-react" →
"peer-react") and pass that catalogName into resolveCatalogVersion, and then
change resolveCatalogVersion to first locate the specific catalog section (e.g.,
a YAML mapping like "catalog.<name>:" or "catalog:\n  <name>:") and restrict the
package-version regex search to only that section before matching the
packageName, ensuring the returned version comes from the requested catalog;
reference the functions getSdkVersion and resolveCatalogVersion and the
variables packageName and version string when wiring this change.

[jacekradko]

!snapshot

[clerk-cookie]

Hey @jacekradko - the snapshot version command generated the following package versions:

Package	Version
@clerk/agent-toolkit	0.3.0-snapshot.v20260220160119
@clerk/astro	3.0.0-snapshot.v20260220160119
@clerk/backend	3.0.0-snapshot.v20260220160119
@clerk/chrome-extension	3.0.0-snapshot.v20260220160119
@clerk/clerk-js	6.0.0-snapshot.v20260220160119
@clerk/dev-cli	1.0.0-snapshot.v20260220160119
@clerk/expo	3.0.0-snapshot.v20260220160119
@clerk/expo-passkeys	1.0.0-snapshot.v20260220160119
@clerk/express	2.0.0-snapshot.v20260220160119
@clerk/fastify	2.7.0-snapshot.v20260220160119
@clerk/localizations	4.0.0-snapshot.v20260220160119
@clerk/msw	0.0.1-snapshot.v20260220160119
@clerk/nextjs	7.0.0-snapshot.v20260220160119
@clerk/nuxt	2.0.0-snapshot.v20260220160119
@clerk/react	6.0.0-snapshot.v20260220160119
@clerk/react-router	3.0.0-snapshot.v20260220160119
@clerk/shared	4.0.0-snapshot.v20260220160119
@clerk/tanstack-react-start	1.0.0-snapshot.v20260220160119
@clerk/testing	2.0.0-snapshot.v20260220160119
@clerk/ui	1.0.0-snapshot.v20260220160119
@clerk/upgrade	2.0.0-snapshot.v20260220160119
@clerk/vue	2.0.0-snapshot.v20260220160119

Tip: Use the snippet copy button below to quickly install the required packages.
@clerk/agent-toolkit

npm i @clerk/agent-toolkit@0.3.0-snapshot.v20260220160119 --save-exact

@clerk/astro

npm i @clerk/astro@3.0.0-snapshot.v20260220160119 --save-exact

@clerk/backend

npm i @clerk/backend@3.0.0-snapshot.v20260220160119 --save-exact

@clerk/chrome-extension

npm i @clerk/chrome-extension@3.0.0-snapshot.v20260220160119 --save-exact

@clerk/clerk-js

npm i @clerk/clerk-js@6.0.0-snapshot.v20260220160119 --save-exact

@clerk/dev-cli

npm i @clerk/dev-cli@1.0.0-snapshot.v20260220160119 --save-exact

@clerk/expo

npm i @clerk/expo@3.0.0-snapshot.v20260220160119 --save-exact

@clerk/expo-passkeys

npm i @clerk/expo-passkeys@1.0.0-snapshot.v20260220160119 --save-exact

@clerk/express

npm i @clerk/express@2.0.0-snapshot.v20260220160119 --save-exact

@clerk/fastify

npm i @clerk/fastify@2.7.0-snapshot.v20260220160119 --save-exact

@clerk/localizations

npm i @clerk/localizations@4.0.0-snapshot.v20260220160119 --save-exact

@clerk/msw

npm i @clerk/msw@0.0.1-snapshot.v20260220160119 --save-exact

@clerk/nextjs

npm i @clerk/nextjs@7.0.0-snapshot.v20260220160119 --save-exact

@clerk/nuxt

npm i @clerk/nuxt@2.0.0-snapshot.v20260220160119 --save-exact

@clerk/react

npm i @clerk/react@6.0.0-snapshot.v20260220160119 --save-exact

@clerk/react-router

npm i @clerk/react-router@3.0.0-snapshot.v20260220160119 --save-exact

@clerk/shared

npm i @clerk/shared@4.0.0-snapshot.v20260220160119 --save-exact

@clerk/tanstack-react-start

npm i @clerk/tanstack-react-start@1.0.0-snapshot.v20260220160119 --save-exact

@clerk/testing

npm i @clerk/testing@2.0.0-snapshot.v20260220160119 --save-exact

@clerk/ui

npm i @clerk/ui@1.0.0-snapshot.v20260220160119 --save-exact

@clerk/upgrade

npm i @clerk/upgrade@2.0.0-snapshot.v20260220160119 --save-exact

@clerk/vue

npm i @clerk/vue@2.0.0-snapshot.v20260220160119 --save-exact