Categories
node.js npm

How to update each dependency in package.json to the latest version?

2425

I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don’t mind fixing something if it breaks.

What’s the easiest way to do this?

The best way I know is to run npm info express version then update each dependency in package.json manually. There must be a better way.

{
  "name": "myproject",
  "description": "my node project",
  "version": "1.0.0",
  "engines": {
    "node": "0.8.4",
    "npm": "1.1.65"
  },
  "private": true,
  "dependencies": {
    "express": "~3.0.3", // how do I get these bumped to latest?
    "mongodb": "~1.2.5",
    "underscore": "~1.4.2",
    "rjs": "~2.9.0",
    "jade": "~0.27.2",
    "async": "~0.1.22"
  }
}

For Yarn specific solutions refer to this Stack Overflow thread.

9

  • 3

    Great to see another approach to this problem. I really like Salita’s output. Some nice features that the tool I contribute to now, github.com/tjunnone/npm-check-updates, are preservation of versioning semantics (like 1.x or >2.1.0) and filtering by name/regex/devDeps-only.

    Feb 16, 2015 at 17:46

  • 1

    There NEEDS to be some better answers here. Obviously with dependency resolution, you can’t always have the latest version of everything. Maximizing the greatest number of latest versions of modules is just that, some sort of optimization problem. But NPM doesn’t know which modules you want to be most recent more than others. It would be cool if there was something like this: npm update –latest x y z, where x y z are the modules you want to be as recent as possible and all other modules will follow with their most recent compatible version.

    Oct 26, 2016 at 17:18

  • 2

    npm will correctly handle version conflicts between shared dependencies by downloading the correct one for each. So, if Dep A depends on Dep C v1.0.0 and Dep B depends on Dep C v2.0.0, they will each be installed and used appropriately. Therefore, you are free to install the latest of any packages you would like.

    Oct 26, 2016 at 20:59

  • Try this to force upgrade: npm outdated | sed '1d; s/ .*/@latest/' | xargs npm i --save

    – miorey

    Aug 23, 2019 at 14:53

  • I’m always checking this answer. But I see that it has slipped in the Google results. Hopefully this comment will help push it’s relevance back up!!

    Sep 9, 2019 at 5:42

2894

Looks like npm-check-updates is the only way to make this happen now.

npm i -g npm-check-updates
ncu -u
npm install

On npm <3.11:

Simply change every dependency’s version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).

Before:

  "dependencies": {
    "express": "*",
    "mongodb": "*",
    "underscore": "*",
    "rjs": "*",
    "jade": "*",
    "async": "*"
  }

After:

  "dependencies": {
    "express": "~3.2.0",
    "mongodb": "~1.2.14",
    "underscore": "~1.4.4",
    "rjs": "~2.10.0",
    "jade": "~0.29.0",
    "async": "~0.2.7"
  }

Of course, this is the blunt hammer of updating dependencies. It’s fine if—as you said—the project is empty and nothing can break.

On the other hand, if you’re working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

For Yarn specific solution, refer to this StackOverflow answer.

30

  • 14

    @thefourtheye: You generally shouldn’t leave * in package.json since you might end up automatically installing a new module version with breaking changes that break your app. Since we’re using --save here, the * is replaced with each package’s current version.

    – josh3736

    Aug 1, 2013 at 14:15

  • 51

    I’m not able to get this to work. Has something changed with npm since this answer was posted? When I use the wildcard and then npm install --save the wildcard is left in my package.json.

    Dec 9, 2013 at 22:05

  • 15

    Unfortunately, using update doesn’t work either, for me. I’m still left with the wildcards. Is there any documentation about this that you know of, or any other resources I might look at?

    Dec 30, 2013 at 21:03

  • 128

    A bit old but that might help other people: github.com/tjunnone/npm-check-updates | Use npm install -g npm-check-updates to install, then npm-check-updates to check if your dependencies have updates, and npm-check-updates -u to update your package.json versions. Then it’s just npm install and it will download new versions.

    Jan 15, 2014 at 13:44

  • 7

    Your problem is probably coming from the fact that you try to update dev packages by typing npm update --save instead of npm update --save-dev.

    Aug 19, 2014 at 21:44

1191

npm-check-updates is a utility that automatically adjusts a package.json with the
latest version of all dependencies

see https://www.npmjs.org/package/npm-check-updates

$ npm install -g npm-check-updates
$ ncu -u
$ npm install 

[EDIT] A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm is:

$ npx npm-check-updates -u
$ npm install 

16

  • 171

    This should be available natively through npm command itself, indeed best solution so far to update the dependencies.

    May 17, 2014 at 11:04

  • 7

    Should be part of npm natively, fully agree. However, it is not and this solution comes in like a breeze. Thank you.

    – Stefan

    Jun 23, 2014 at 20:19

  • 3

    i assume you fellows are pushing [HARD] to get this into the core npm?

    – enorl76

    Jan 28, 2015 at 22:02

  • 3

    @Batman Yes if you didn’t install before. Otherwise use npm update. ncu just updates package.json. It doesn’t install or update ‘node_modules’.

    – Muzaffer

    Dec 17, 2015 at 13:19

  • 1

    useless package, updating only part of packages with ncu -a, not updating package.json also.

    May 19, 2018 at 8:40

430

Updated for npm v2+

npm 2+ (Node 0.12+):


npm outdated
npm update
git commit package-lock.json

Ancient npm (circa 2014):

npm install -g npm-check-updates
npm-check-updates
npm shrinkwrap
git commit package-lock.json

Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn’t run because my deps were all out of date/updated/a mess. If I’d shrinkwrapped, npm would have installed exactly what I needed.


Details

For the curious who make it this far, here is what I recommend:

Use npm-check-updates or npm outdated to suggest the latest versions.

# `outdated` is part of newer npm versions (2+)
$ npm outdated
# If you agree, update.  
$ npm update

#       OR

# Install and use the `npm-check-updates` package.
$ npm install -g npm-check-updates
# Then check your project
$ npm-check-updates
# If you agree, update package.json.
$ npm-check-updates -u

###Then do a clean install (w/o the rm I got some dependency warnings)

$ rm -rf node_modules
$ npm install 

Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap

$ rm npm-shrinkwrap.json
$ npm shrinkwrap

Now, npm install will now use exact versions in npm-shrinkwrap.json

If you check npm-shrinkwrap.json into git, all installs will use the exact same versions.

This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).

p.s. Yarn is sending your package list to Facebook.

3

  • 1

    For sure. If you create and npm-shrinkwrap.json into source, and commit whenever you update, you can always ‘go back to where you were’. I overlooked shrinkwrap feature when I started.

    Dec 31, 2015 at 16:01

  • 26

    this does not answer the question. The question is how to update the latest version. npm update only updates to the semver version, not the latest.

    – gman

    Sep 27, 2016 at 12:53

  • Would be great if npm update actually updated package.json. Per github.com/npm/npm/issues/13555 this is a bug which is not fixed after 2 years. npmjs.com/package/npm-check-updates is the current way to go

    – John B

    Jun 4, 2018 at 0:51