Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
npm-check-updates
Advanced tools
Find newer versions of dependencies than what your package.json allows
npm-check-updates is a command-line tool that allows you to find and update outdated npm dependencies in your project. It helps you keep your project dependencies up-to-date by checking for newer versions and updating your package.json file accordingly.
Check for outdated dependencies
This command checks for any outdated dependencies in your project and lists them along with the latest versions available.
ncu
Update package.json with latest versions
This command updates your package.json file with the latest versions of all dependencies.
ncu -u
Interactive mode
This command runs npm-check-updates in interactive mode, allowing you to selectively choose which dependencies to update.
ncu -i
Filter dependencies
This command filters the dependencies to check for updates only within a specific scope or matching a specific pattern.
ncu '/^@my-scope/'
Upgrade specific dependencies
This command checks for updates and upgrades only the specified dependency (e.g., lodash).
ncu lodash
npm-check is another tool for checking and updating outdated npm dependencies. It provides a more interactive experience compared to npm-check-updates, allowing you to see which dependencies are outdated, unused, or missing, and to update them interactively.
depcheck is a tool that helps you find unused dependencies in your project. While it doesn't focus on updating dependencies, it complements npm-check-updates by identifying dependencies that are no longer needed.
npm-check-updates is a command-line tool that allows you to find the latest versions of dependencies, regardless of any version constraints in your package.json file (unlike npm itself).
npm-check-updates can optionally upgrade your package.json file to use the latest available versions, all while maintaining your existing semantic versioning policies.
Put plainly, it will upgrade your "express": "^4.11.2" dependency to "express": "^5.0.0" when express 5.0.0 hits the scene.
npm install -g npm-check-updates
Please consider installing the unstable version to help test pre-release features. You may even find some features you needed that are not yet in the stable version.
npm install -g npm-check-updates@unstable
Show any new dependencies for the project in the current directory:
$ npm-check-updates
"connect" can be updated from ^2.8.0 to ^2.11.0 (Installed: 2.8.8, Latest: 2.11.0)
"commander" can be updated from ^1.3.0 to ^2.0.0 (Installed: 1.3.2, Latest: 2.0.0)
Run with '-u' to upgrade your package.json
Upgrade a project's package.json:
$ npm-check-updates -u
"request" can be updated from ^2.20.0 to ^2.27.0 (Installed: 2.20.0, Latest: 2.27.1)
package.json upgraded
Filter by package name:
# match mocha and should packages exactly
$ npm-check-updates -f mocha,should
# match packages that start with "gulp-" using regex
$ npm-check-updates -f /^gulp-/
# match packages that do not start with "gulp-". Note: single quotes are required
# here to avoid inadvertant bash parsing
$ npm-check-updates -f '/^(?!gulp-).*$/'
-d, --dev check only devDependencies
-h, --help output usage information
-f, --filter <packages> list or regex of package names to search (all others
will be ignored). Note: single quotes may be required
to avoid inadvertant bash parsing.
-e, --error-level set the error-level. 1: exits with error code 0 if no
errors occur. 2: exits with error code 0 if no
packages need updating (useful for continuous
integration) (alpha release only)
-g, --global check global packages instead of in the current project
-p, --prod check only dependencies (not devDependencies)
-s, --silent don't output anything
-t, --greatest find the highest versions available instead of the
latest stable versions (alpha release only)
-u, --upgrade upgrade package.json dependencies to match latest
versions (maintaining existing policy)
-V, --version output the version number
Package.json best practices recommends maintaining dependencies using a semantic versioning policy. In practice you do this by specifying a "^1.2.0" style dependency in your package.json, whereby patch- and minor-level updates are automatically allowed but major releases require manual verification.
Unfortunately, it then becomes your responsibility to find out about new package releases, for example by using "npm info" command one package at a time, or by visiting project pages.
Please file an issue on github.
Pull requests are welcome :)
FAQs
Find newer versions of dependencies than what your package.json allows
We found that npm-check-updates demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.