npm-check is a tool that helps you keep your npm package dependencies up to date. It provides a way to check for outdated, incorrect, and unused dependencies in your project.
Check for outdated dependencies
This command checks for outdated dependencies in your project and provides a list of packages that need to be updated.
npx npm-checkInteractive update
This command opens an interactive interface that allows you to update your dependencies one by one, making it easier to manage updates.
npx npm-check -uCheck for unused dependencies
This command checks for dependencies that are listed in your package.json but are not being used in your codebase.
npx npm-check --unusedCheck for incorrect dependencies
This command checks for dependencies that are incorrectly listed in your package.json, such as dependencies that should be in devDependencies.
npx npm-check --specials=incorrectnpm-outdated is a built-in npm command that checks for outdated packages. It provides a list of packages that have newer versions available. Unlike npm-check, it does not offer an interactive update interface.
npm-check-updates is a tool that allows you to find and update outdated npm dependencies. It can update your package.json to the latest versions of dependencies. Unlike npm-check, it focuses solely on updating dependencies and does not check for unused or incorrect dependencies.
depcheck is a tool that checks for unused dependencies in your project. It scans your codebase to find dependencies that are listed in your package.json but are not being used. Unlike npm-check, it does not check for outdated or incorrect dependencies.
Check for outdated, incorrect, and unused dependencies.
-g.-u.import from syntax.npm@3, so dependencies go where you expect them.private: true in their package.json.npm@2 and npm@3, as well as newer alternative installers like ied and pnpm.This is the easiest way to use npm-check.
$ npm install -g npm-check
$ npm-check
The result should look like the screenshot, or something nice when your packages are all up-to-date and in use.
When updates are required it will return a non-zero response code that you can use in your CI tools.
Usage
$ npm-check <path> <options>
Path
Where to check. Defaults to current directory. Use -g for checking global modules.
Options
-u, --update Interactive update.
-y, --update-all Uninteractive update. Apply all updates without prompting.
-g, --global Look at global modules.
-s, --skip-unused Skip check for unused packages.
-p, --production Skip devDependencies.
-d, --dev-only Look at devDependencies only (skip dependencies).
-i, --ignore Ignore dependencies based on succeeding glob.
-E, --save-exact Save exact version (x.y.z) instead of caret (^x.y.z) in package.json.
--specials List of depcheck specials to include in check for unused dependencies.
--no-color Force or disable color output.
--no-emoji Remove emoji support. No emoji in default in CI environments.
--debug Show debug output. Throw in a gist when creating issues on github.
Examples
$ npm-check # See what can be updated, what isn't being used.
$ npm-check ../foo # Check another path.
$ npm-check -gu # Update globally installed modules by picking which ones to upgrade.
-u, --updateShow an interactive UI for choosing which modules to update.
Automatically updates versions referenced in the package.json.
Based on recommendations from the npm team, npm-check only updates using npm install, not npm update.
To avoid using more than one version of npm in one directory, npm-check will automatically install updated modules
using the version of npm installed globally.
Set environment variable NPM_CHECK_INSTALLER to the name of the installer you wish to use.
NPM_CHECK_INSTALLER=pnpm npm-check -u
## pnpm install --save-dev foo@version --color=always
You can also use this for dry-run testing:
NPM_CHECK_INSTALLER=echo npm-check -u
-y, --update-allUpdates your dependencies like --update, just without any prompt. This is especially useful if you want to automate your dependency updates with npm-check.
-g, --globalCheck the versions of your globally installed packages.
If the value of process.env.NODE_PATH is set, it will override the default path of global node_modules returned by package global-modules.
Tip: Use npm-check -u -g to do a safe interactive update of global modules, including npm itself.
-s, --skip-unusedBy default npm-check will let you know if any of your modules are not being used by looking at require statements
in your code.
This option will skip that check.
This is enabled by default when using global or update.
-p, --productionBy default npm-check will look at packages listed as dependencies and devDependencies.
This option will let it ignore outdated and unused checks for packages listed as devDependencies.
-d, --dev-onlyIgnore dependencies and only check devDependencies.
This option will let it ignore outdated and unused checks for packages listed as dependencies.
-i, --ignoreIgnore dependencies that match specified glob.
$ npm-check -i babel-* will ignore all dependencies starting with 'babel-'.
-E, --save-exactInstall packages using --save-exact, meaning exact versions will be saved in package.json.
Applies to both dependencies and devDependencies.
--specialsCheck special (e.g. config) files when looking for unused dependencies.
$ npm-check --specials=bin,webpack will look in the scripts section of package.json and in webpack config.
See https://github.com/depcheck/depcheck#special for more information.
--color, --no-colorEnable or disable color support.
By default npm-check uses colors if they are available.
--emoji, --no-emojiEnable or disable emoji support. Useful for terminals that don't support them. Automatically disabled in CI servers.
--spinner, --no-spinnerEnable or disable the spinner. Useful for terminals that don't support them. Automatically disabled in CI servers.
The API is here in case you want to wrap this with your CI toolset.
const npmCheck = require('npm-check');
npmCheck(options)
.then(currentState => console.log(currentState.get('packages')));
updatefalseglobalfalsecwd is automatically set with this option.skipUnusedfalseignoreDevdevDependencies.--production on the command line to match npm.falsedevOnlydependencies and only check devDependencies.falseignore[]saveExactx.y.z instead of semver range ^x.y.z.falsedebugfalsecwdnpm-check checks.process.cwd()specialsdepcheck special parsers to include.''currentStateThe result of the promise is a currentState object, look in state.js to see how it works.
You will probably want currentState.get('packages') to get an array of packages and the state of each of them.
Each item in the array will look like the following:
{
moduleName: 'lodash', // name of the module.
homepage: 'https://lodash.com/', // url to the home page.
regError: undefined, // error communicating with the registry
pkgError: undefined, // error reading the package.json
latest: '4.7.0', // latest according to the registry.
installed: '4.6.1', // version installed
isInstalled: true, // Is it installed?
notInstalled: false, // Is it installed?
packageWanted: '4.7.0', // Requested version from the package.json.
packageJson: '^4.6.1', // Version or range requested in the parent package.json.
devDependency: false, // Is this a devDependency?
usedInScripts: undefined, // Array of `scripts` in package.json that use this module.
mismatch: false, // Does the version installed not match the range in package.json?
semverValid: '4.6.1', // Is the installed version valid semver?
easyUpgrade: true, // Will running just `npm install` upgrade the module?
bump: 'minor', // What kind of bump is required to get the latest, such as patch, minor, major.
unused: false // Is this module used in the code?
},
You will also see this if you use --debug on the command line.
Additional options can be sent to the depcheck process. See depcheck API. Create a .npmcheckrc{.json,.yml,.js} file and set the depcheck options under depcheck property.
For example, to skip packages for unused check, but still want them in the outdated check (so can't use the --ignore option):
# .npmcheckrc
depcheck:
ignoreMatches: ["replace-in-file","snyk","sonarqube-scanner"]
Hi! Thanks for checking out this project! My name is Dylan Greene. When not overwhelmed with my two young kids I enjoy contributing
to the open source community. I'm also a tech lead at Opower. 
Here's some of my other Node projects:
| Name | Description | npm Downloads |
|---|---|---|
grunt‑notify | Automatic desktop notifications for Grunt errors and warnings. Supports OS X, Windows, Linux. |  |
shortid | Amazingly short non-sequential url-friendly unique id generator. |  |
space‑hogs | Discover surprisingly large directories from the command line. |  |
rss | RSS feed generator. Add RSS feeds to any project. Supports enclosures and GeoRSS. |  |
grunt‑prompt | Interactive prompt for your Grunt config using console checkboxes, text input with filtering, password fields. |  |
xml | Fast and simple xml generator. Supports attributes, CDATA, etc. Includes tests and examples. |  |
changelog | Command line tool (and Node module) that generates a changelog in color output, markdown, or json for modules in npmjs.org's registry as well as any public github.com repo. |  |
grunt‑attention | Display attention-grabbing messages in the terminal |  |
observatory | Beautiful UI for showing tasks running on the command line. |  |
anthology | Module information and stats for any @npmjs user |  |
grunt‑cat | Echo a file to the terminal. Works with text, figlets, ascii art, and full-color ansi. |  |
This list was generated using anthology.
Copyright (c) 2016 Dylan Greene, contributors.
Released under the MIT license.
Screenshots are CC BY-SA (Attribution-ShareAlike).
FAQs
Check for outdated, incorrect, and unused dependencies.
The npm package npm-check receives a total of 292,588 weekly downloads. As such, npm-check popularity was classified as popular.
We found that npm-check demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.