If you want to keep your project secure, fast and enjoy the latest features of all your dependencies, it's important to keep them regularly up-to-date. since this is just a quick tip and not a full blog post, i won't go into details on why you should update your projects dependencies.
What are they used for? Do you really need them? Are they correctly ordered between
devDependencies? This may sound a bit obvious but if you're working on a project that you haven't initialized or where people were free to add dependencies, I'm pretty sure that you don't have a full control of what you're using.
To correctly update your dependencies and being able to adapt your code with the potential breaking changes, it's important that your dependencies contain a CHANGELOG file, some documentation or even better a migration guide.
Usually, a lot of dependencies have a
CHANGELOG.md file at the root of their repository. This file contains the list of the changes (bugfixes / features) released with each new version. If the updates follow the semantic versioning, it'll be easier to predict if an update will be easy or not.
There's no viable way of doing this is npm but installing a global package might help, you need to install a new global dependency by running
$ npm i -g npm-check-updates
The to check for an update run the following
$ ncu -n -u
-n finds the newest versions available instead of the latest stable versions while the
-u means overwrite package file
By default, Yarn allows you to upgrade your dependencies in an interactive way. You just have to run
yarn upgrade-interactive and you'll be prompted with all the possible updates (that follows the versions you've set in your package.json file) you can do.
$ yarn upgrade-interactive
That's all, hope you enjoyed this tip consider to share it with your friends :)