In any NodeJS project, you would want to update your pacakge dependencies often. The process is very simple and can be done with minimal efforts. It is important to verify any updates with some QA and hopefully some automated tests (maybe using a test framework and/or a CI tool) can come in handy for live environments.
Let’s start with the most simple command to update all out-of-date packages according to package.json and is the default way to update packages.
Before you would be updating the packages, you might want to know which packages have been outdated. To get this information use below command
A much preferred way for me is to use the npm-check-updates (ncu) module. This package allows to easily upgrade package.json dependencies to latest versions of the module regardless of version constraints.
How ncu updates these packages?
ncu, updates the version number in package.json file based on the latest information sourced from npm. Then using npm install or npm update command will upgrade the installed packages.
In order, to proceed using this method, below are few commands to help in the upgrade process.
Let’s start with installing the package globally and later can be accessed using ncu:
npm install -g npm-check-updates #if using ubuntu sudo npm install -g npm-check-updates
Next, let us understand what are the possibilities in using this command
ncu --help Usage: ncu [options] [filter] [filter] is a list or regex of package names to check (all others will be ignored). Options: -h, --help output usage information -V, --version output the version number -d, --dev check only devDependencies -e, --error-level <n> set the error-level. 1: exits with error code 0 if no errors occur. 2: exits with error code 0 if no packages need updating (useful for continuous integration). Default is 1. -g, --global check global packages instead of in the current project -j, --jsonAll output new package file instead of human-readable message --jsonUpgraded output upgraded dependencies in json -l, --loglevel <n> what level of logs to report: silent, error, warn, info, verbose, silly (default: warn) -m, --packageManager <name> npm (default) or bower -o, --optional check only optionalDependencies --packageData include stringified package file (use stdin instead) --packageFile <filename> package file location (default: ./package.json) -p, --prod check only dependencies (not devDependencies) -r, --registry <url> specify third-party npm registry -s, --silent dont output anything (--loglevel silent) -t, --greatest find the highest versions available instead of the latest stable versions -u, --upgrade overwrite package file -a, --upgradeAll include even those dependencies whose latest version satisfies the declared semver dependency
Now let’s see how these commands compare
1. Checking for Possible Updates
If we want to check for packages that have updates
Detecting with npm
$ npm outdated # Output of command Package Current Wanted Latest Location axios 0.19.0 0.19.2 0.19.2 cra-test react 16.12.0 16.13.1 16.13.1 cra-test
Detecting with ncu
$ ncu # Output of command axios ^0.19.0 → ^0.19.2 react-dom ^16.12.0 → ^16.13.1
2. Strict vs. Non-Strict versioned updates
Semantic Versioning, otherwise known as semver has become a core part of Node.js software development. Thanks to npm, semver is embedded in the way we publish and link packages together to form simple libraries or complex applications.
We can either allow for strict versioned updates (based on the npm semver constraints) or non-strict versioned updates (to update regardless of semver constraints)
Strict versioned updates with npm
$ npm update # Output of command Package Current Wanted Latest Location axios 0.19.2 0.19.2 0.19.2 cra-test react 16.13.1 16.13.1 16.13.1 cra-test
Non-Strict versioned updates using ncu
$ ncu --upgrade axios # Output of command axios ^0.19.0 → ^0.19.2
Note: This command with update package.json semver for the axios package. Also, it is important to note here that the ncu tool does maintain your existing semantic versioning policies e.g. “allow only minor upgrades”, when updating the package.json. Therefore above you can see the patch update and will extend upto 0.x.x.
Below is an example that will denote the semantic versioning polity set for ncu tool.
$ npm outdated # Output of command Package Current Wanted Latest Location react 15.5.0 16.13.1 16.13.1 cra-test
using the non-strict version to update and with our versioning policy will limit update of react-dom to only the minor version (as seen below) compared to the latest version (as seen above)
$ ncu --upgrade react-dom # Output of command react-dom ^15.5.0 → ^15.6.2
Bonus – Additional helpful commands
1. To upgrade all packages within the app
$ ncu --upgradeAll $ npm install
$ ncu --upgrade /^react-/
3. To check only “dependencies” package and not “devDependencies” packages
$ ncu -p
1. To check issue with package dependency
$ npm audit
2. To fix package dependency if possible
$ npm audit fix