On larger projects upgrading npm dependencies usually involves automatic patching of critical vulnerabilities in your CICD and thorough testing of any major/minor changes before releasing. But on smaller or hobby projects you probably just want to upgrade your package.json and be done with it, which is not as easy as you would think. Typically it involves a dance between npm outdated and npm upgrade, but there is a faster way.
npm-check-updates to the rescue
npm-check-updates (ncu) is a utility that simplifies the process of updating your project's dependencies. It analyzes your package.json file and compares the installed versions of dependencies with the latest versions available on the npm registry. The tool then provides an updated package.json file with the latest versions of all outdated dependencies, making it easy for you to upgrade your packages.
npm-check-updates can be installed globally or locally in your project. To install it globally, run the following command:
npm install -g npm-check-updates
To start using npm-check-updates, navigate to your project directory and run the following command:
ncu
This command will list all outdated packages, showing the current version installed and the latest version available.
To update your package.json file with the latest versions, run:
ncu -u
This command will replace the outdated versions in your package.json file with the latest ones. To actually install the updated packages, just run npm or yarn:
npm i
Alternatively you can run it through npx straight away:
npx npm-check-updates --upgrade
Advanced usage
npm-check-updates provides several options to customize its behavior. Some of the most commonly used options include:
--filter or -f: Filters the packages to be checked based on a regular expression. For example, to check only packages starting with "express", run ncu -f /^express/.
--global or -g: Checks for outdated global packages instead of local ones.
--peer or -p: Includes peer dependencies in the check.
--greatest or -t: Updates to the greatest version instead of the latest stable version. This option is useful for updating packages that have moved beyond the semver range specified in your package.json file.
--jsonUpgraded or -j: Outputs an updated package.json file as a JSON string, making it easier to automate the update process.
npm-check-updates is a powerful tool that simplifies the process of keeping your Node.js projects up-to-date. With its easy-to-use commands and extensive options, you can ensure that your project stays secure and compatible with the latest dependencies. Make it a habit to periodically check for updates and maintain your projects in tip-top shape, or even better automate it in your CICD.
Top comments (0)