A command-line tool to synchronize package dependencies in your package.json to their latest versions, a specific target version, or versions matching a pattern.
Run depset using your preferred package manager:
npx depset@latest [args...]
pnpm dlx depset@latest [args...]
yarn dlx depset@latest [args...]
bunx depset@latest [args...]
depset [package-specifier] [target-version] [options]
[package-specifier] (Optional)
The package name or pattern to target. If omitted (and --yes is not used), you will be prompted.
lodash, @babel/core@myorg (targets packages like @myorg/component-a, @myorg/utils)eslint-* (targets packages like eslint-plugin-react, eslint-config-next)[target-version] (Optional)
The maximum version to synchronize to (e.g., "1", "1.2", "1.2.3"). If omitted (and neither --latest nor --yes are used), you will be prompted. If --latest is used, this is ignored.
Usage: depset [options] [package-specifier] [target-version]
Synchronize package dependencies to their latest or a specific version.
Arguments:
package-specifier Package name or pattern (e.g., "@scope/foo*", "my-package", "@myorg").
Prompts if not provided (unless -y is used).
target-version Target version (e.g., "1.2.3"). Prompts if not provided (unless -L or -y is used).
Defaults to latest if left blank in prompt or if -L is used.
Options:
-L, --latest Use the latest version, skip version prompt. (default: false)
-i, --install Automatically run install after updating package.json. (default: false)
-y, --yes Skip all confirmation prompts. (default: false)
-c, --cwd <path> Set the current working directory. (default: current directory)
-s, --silent Silence all output except for errors. (default: false)
-v, --version Display the version number.
-h, --help Display help for command.
Sync lodash to its latest version (prompts for version if not specified with --latest):
npx depset@latest lodash
Sync all packages in the @babel scope to their absolute latest versions, and install, skipping all prompts:
npx depset@latest @babel --latest --install --yes
Sync packages starting with eslint- up to version 8.50.0:
npx depset@latest "eslint-*" 8.50.0
(You will be prompted to confirm changes and installation unless -y is used)
Run interactively, prompting for all inputs:
npx depset@latest
FAQs
Synchronize dependencies in package.json
We found that depset demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
Security News
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
Security News
Rust’s crates.io team is advancing an RFC to add a Security tab that surfaces RustSec vulnerability and unsoundness advisories directly on crate pages.