Gitpulse
Merged
Size
M
Change Breakdown
Bug Fix70%
Performance30%
#28335fix(core): Skip npm outdated check for verified-only community packages

Update CTA fixed for verified community nodes

BE
BerniWittmann
·Apr 14, 2026

Verified community node users will no longer see spurious update prompts immediately after installation — the system now correctly skips npm registry checks when only verified packages are allowed.

When n8n's community nodes run in verified-only mode, nodes are pinned to versions approved by Strapi's CMS. But the backend was still checking npm for newer versions on every package list, causing the frontend to surface an "update available" banner — even though the installed version was exactly what it should be. A node at version 0.2.2 (the Strapi-pinned version) would trigger this false positive because npm saw 0.2.4 waiting on the registry.

The fix splits responsibility between two layers. The backend lifecycle service now skips the npm outdated check entirely when unverified packages are disabled — update availability is determined by Strapi CMS versions in that mode, not npm. Meanwhile, the frontend installation flow only pins to the Strapi version when in verified-only mode, letting unverified mode install whatever the registry offers.

Users installing verified community nodes should now see accurate update status. No more alarming banners for versions that are exactly what was intended.

View Original GitHub Description

Summary

In verified-only mode, npm outdated was running on every listInstalledPackages call, causing the UI to show an update CTA immediately after installing a verified node that had a published version newer than the latest verified version (e.g. ElevenLabs: verified 0.2.2, but 0.2.4 exists on npm). This happened because npm saw a newer registry version than the Strapi-pinned version that was installed.

This fix skips the npm outdated check when unverifiedEnabled is false, since update availability in that mode is determined by Strapi CMS versions on the frontend. The frontend install flow is also updated to only pin to the Strapi version when in verified-only mode.

Testing

  1. Set N8N_UNVERIFIED_PACKAGES_ENABLED=false (verified-only mode)
  2. In A Workflow go to Add Node, search for ElevenLabs and install the ElevenLabs node
  3. Verify the node installs at the Strapi-pinned version (currently 0.2.2)
  4. Verify no update CTA is shown immediately after installation
  5. Set N8N_UNVERIFIED_PACKAGES_ENABLED=true (unverified mode)
  6. Go to Settings and uninstall the ElevenLabs Community Node
  7. Install the ElevenLabs node again (similar to Step 3)
  8. Verify it installs at the latest npm version (no version pinning) (currently 0.2.4)
  9. Verify the update CTA behaves as expected (shows only if npm outdated reports a newer version) (right now should not show)

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/NODE-4652

Review / Merge checklist

  • I have seen this code, I have run this code, and I take responsibility for this code.
  • PR title and summary are descriptive. (conventions)
  • Docs updated or follow-up ticket created.
  • Tests included.
  • PR Labeled with Backport to Beta, Backport to Stable, or Backport to v1 (if the PR is an urgent fix that needs to be backported)
© 2026 · via Gitpulse