npm-check-updates
Advanced tools
npm-check-updates upgrades your package.json dependencies to the latest versions, ignoring specified versions.
"react": "^16.0.4" to "react": "^18.2.0".npm install to update your installed packages and package-lock.json.npm, yarn, and pnpm
Install globally:
npm install -g npm-check-updates
Or run with npx:
npx npm-check-updates
Show all new dependencies (excluding peerDependencies) for the project in the current directory:
$ ncu
Checking package.json
[====================] 5/5 100%
express 4.12.x → 4.13.x
multer ^0.1.8 → ^1.0.1
react-bootstrap ^0.22.6 → ^0.24.0
react-a11y ^0.1.1 → ^0.2.6
webpack ~1.9.10 → ~1.10.5
Run ncu -u to upgrade package.json
Upgrade a project's package file:
Make sure your package file is in version control and all changes have been committed. This will overwrite your package file.
$ ncu -u
Upgrading package.json
[====================] 1/1 100%
express 4.12.x → 4.13.x
Run npm install to install new versions.
$ npm install # update installed packages and package-lock.json
Check global packages:
ncu -g
Filter packages using the --filter option or adding additional cli arguments. You can exclude specific packages with the --reject option or prefixing a filter with !. Supports strings, wildcards, globs, comma-or-space-delimited lists, and regular expressions:
# upgrade only mocha
ncu mocha
ncu -f mocha
ncu --filter mocha
# upgrade packages that start with "react-"
ncu react-*
ncu "/^react-.*$/"
# upgrade everything except nodemon
ncu \!nodemon
ncu -x nodemon
ncu --reject nodemon
# upgrade only chalk, mocha, and react
ncu chalk mocha react
ncu chalk, mocha, react
ncu -f "chalk mocha react"
# upgrade packages that do not start with "react-".
ncu \!react-*
ncu '/^(?!react-).*$/' # mac/linux
ncu "/^(?!react-).*$/" # windows
2.0.1 → 2.2.01.2 → 1.30.1.0 → 1.0.1^1.2.0 → ^2.0.01.x → 2.x>0.2.0 → >0.3.0<2.0.0 → ^3.0.01.0.0 < 2.0.0 → ^3.0.0* → *--pre to include prerelease versions (e.g. alpha, beta, build1235)--deprecated to include deprecated versions--target minor, only update patch and minor:
0.1.0 → 0.2.1--target patch, only update patch:
0.1.0 → 0.1.2--target @next, update to the version published on the next tag:
0.1.0 -> 0.1.1-next.1--color Force color in terminal
--concurrency <n> Max number of concurrent HTTP requests to
registry. (default: 8)
--configFileName <filename> Config file name. (default:
.ncurc.{json,yml,js})
--configFilePath <path> Directory of .ncurc config file. (default:
directory of `packageFile`)
--cwd <path> Working directory in which npm will be executed.
--deep Run recursively in current working directory.
Alias of (--packageFile '**/package.json').
--dep <value> Check one or more sections of dependencies only:
dev, optional, peer, prod, bundle
(comma-delimited). (default:
"prod,dev,bundle,optional")
--deprecated Include deprecated packages.
--doctor Iteratively installs upgrades and runs tests to
identify breaking upgrades. Requires "-u" to
execute. Run "ncu --help --doctor" for details.
--doctorInstall <command> Specifies the install script to use in doctor
mode. (default: npm install/yarn)
--doctorTest <command> Specifies the test script to use in doctor mode.
(default: npm test)
--enginesNode Include only packages that satisfy engines.node
as specified in the package file.
-e, --errorLevel <n> Set the error level. 1: exits with error code 0
if no errors occur. 2: exits with error code 0
if no packages need updating (useful for
continuous integration). (default: 1)
-f, --filter <matches> Include only package names matching the given
string, wildcard, glob, comma-or-space-delimited
list, /regex/, or predicate function.
--filterVersion <matches> Filter on package version using
comma-or-space-delimited list, /regex/, or
predicate function.
--format <value> Modify the output formatting or show additional
information. Specify one or more comma-delimited
values: group, ownerChanged, repo. Run "ncu
--help --format" for details. (default: [])
-g, --global Check global packages instead of in the current
project.
--groupFunction <fn> Customize how packages are divided into groups
when using '--format group'. Run "ncu --help
--groupFunction" for details.
-i, --interactive Enable interactive prompts for each dependency;
implies -u unless one of the json options are
set.
-j, --jsonAll Output new package file instead of
human-readable message.
--jsonDeps Like `jsonAll` but only lists `dependencies`,
`devDependencies`, `optionalDependencies`, etc
of the new package data.
--jsonUpgraded Output upgraded dependencies in json.
-l, --loglevel <n> Amount to log: silent, error, minimal, warn,
info, verbose, silly. (default: "warn")
--mergeConfig Merges nested configs with the root config file
for --deep or --packageFile options. (default:
false)
-m, --minimal Do not upgrade newer versions that are already
satisfied by the version range according to
semver.
--packageData <value> Package file data (you can also use stdin).
--packageFile <path|glob> Package file(s) location. (default:
./package.json)
-p, --packageManager <name> npm, yarn, staticRegistry (default: npm). Run
"ncu --help --packageManager" for details.
--peer Check peer dependencies of installed packages
and filter updates to compatible versions. Run
"ncu --help --peer" for details.
--pre <n> Include -alpha, -beta, -rc. (default: 0; default
with --newest and --greatest: 1)
--prefix <path> Current working directory of npm.
-r, --registry <uri> Third-party npm registry. Run "ncu --help
--registry" for details.
-x, --reject <matches> Exclude packages matching the given string,
wildcard, glob, comma-or-space-delimited list,
/regex/, or predicate function. (default: [])
--rejectVersion <matches> Exclude package.json versions using
comma-or-space-delimited list, /regex/, or
predicate function.
--removeRange Remove version ranges from the final package
version.
--retry <n> Number of times to retry failed requests for
package info. (default: 3)
-s, --silent Don't output anything. Alias for --loglevel
silent.
--stdin Read package.json from stdin.
-t, --target <value> Determines the version to upgrade to: latest,
newest, greatest, minor, patch, @[tag], or
[function]. (default: latest). Run "ncu --help
--target" for details.
--timeout <ms> Global timeout in milliseconds. (default: no
global timeout and 30 seconds per
npm-registry-fetch)
-u, --upgrade Overwrite package file with upgraded versions
instead of just outputting to console.
--verbose Log additional information for debugging. Alias
for --loglevel verbose.
-V, --version output the version number
-h, --help display help for command
Choose exactly which upgrades to make in interactive mode:
ncu --interactive
ncu -i
Select which upgrades you want:
Combine with --format group for a truly luxe experience:
Usage: ncu --doctor [-u] [options]
Iteratively installs upgrades and runs tests to identify breaking upgrades. Requires -u to execute (modifies your package file, lock file, and node_modules).
To be more precise:
npm install (or yarn) and npm test to ensure tests are currently passing. You can specify your own scripts with --doctorInstall and --doctorTest.ncu -u to optimistically upgrade all dependencies.Example:
$ ncu --doctor -u
npm install
npm run test
ncu -u
npm install
npm run test
Failing tests found:
/projects/myproject/test.js:13
throw new Error('Test failed!')
^
Now let's identify the culprit, shall we?
Restoring package.json
Restoring package-lock.json
npm install
npm install --no-save react@16.0.0
npm run test
✓ react 15.0.0 → 16.0.0
npm install --no-save react-redux@7.0.0
npm run test
✗ react-redux 6.0.0 → 7.0.0
Saving partially upgraded package.json
Use a .ncurc.{json,yml,js} file to specify configuration information.
You can specify file name and path using --configFileName and --configFilePath
command line options.
For example, .ncurc.json:
{
"upgrade": true,
"filter": "express",
"reject": ["@types/estree", "ts-node"]
}
npm-check-updates can be imported as a module:
import ncu from 'npm-check-updates'
const upgraded = await ncu.run({
// Pass any cli option
packageFile: '../package.json',
upgrade: true,
// Defaults:
// jsonUpgraded: true,
// silent: true,
})
console.log(upgraded) // { "mypackage": "^2.0.0", ... }
Contributions are happily accepted. I respond to all PR's and can offer guidance on where to make changes. For contributing tips see CONTRIBUTING.md.
ncu prints output that does not seem related to this package, it may be conflicting with another executable such as ncu-weather-cli or Nvidia CUDA. Try using the long name instead: npm-check-updates.ncu --packageFile package.json. You can run ncu --loglevel verbose to confirm that it was incorrectly waiting for stdin. See #136.File an issue. Please search existing issues first.
npm-check is another tool for checking and updating outdated npm dependencies. It provides a more interactive experience compared to npm-check-updates, allowing you to see which dependencies are outdated, unused, or missing, and to update them interactively.
depcheck is a tool that helps you find unused dependencies in your project. While it doesn't focus on updating dependencies, it complements npm-check-updates by identifying dependencies that are no longer needed.
FAQs
Find newer versions of dependencies than what your package.json allows
The npm package npm-check-updates receives a total of 540,345 weekly downloads. As such, npm-check-updates popularity was classified as popular.
We found that npm-check-updates demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CTO Ahmad Nassri discusses why supply chain attacks now target developer machines and what AI means for the future of enterprise security.
Security News
Learn the essential steps every developer should take to stay secure on npm and reduce exposure to supply chain attacks.
Security News
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.