npm-check-updates

What is npm-check-updates?

npm-check-updates is a command-line tool that allows you to find and update outdated npm dependencies in your project. It helps you keep your project dependencies up-to-date by checking for newer versions and updating your package.json file accordingly.

What are npm-check-updates's main functionalities?

Check for outdated dependencies

This command checks for any outdated dependencies in your project and lists them along with the latest versions available.

ncu

Update package.json with latest versions

This command updates your package.json file with the latest versions of all dependencies.

ncu -u

Interactive mode

This command runs npm-check-updates in interactive mode, allowing you to selectively choose which dependencies to update.

ncu -i

Filter dependencies

This command filters the dependencies to check for updates only within a specific scope or matching a specific pattern.

ncu '/^@my-scope/'

Upgrade specific dependencies

This command checks for updates and upgrades only the specified dependency (e.g., lodash).

ncu lodash

Other packages similar to npm-check-updates

npm-check

npm-check is another tool for checking and updating outdated npm dependencies. It provides a more interactive experience compared to npm-check-updates, allowing you to see which dependencies are outdated, unused, or missing, and to update them interactively.

depcheck

depcheck is a tool that helps you find unused dependencies in your project. While it doesn't focus on updating dependencies, it complements npm-check-updates by identifying dependencies that are no longer needed.

README

npm-check-updates

npm-check-updates is a tool that allows you to find the latest versions of dependencies, regardless of any version constraints in your package.json file (unlike npm itself).

npm-check-updates can optionally upgrade your package.json file to use the latest available versions, all while maintaining your existing semantic versioning policies.

Put plainly, it will upgrade your "express": "3.3.x" dependency to "express": "3.4.x" when express 3.4.0 hits the scene.

View the options for global, dev-only, prod-only, or filtering by package name.

Motivation

Package.json best practices recommends maintaining dependencies using a semantic versioning policy. In practice you do this by specifying a "1.2.x" style dependency in your package.json, whereby patch-level updates are automatically allowed but major and minor releases require manual verification.

Unfortunately, it then becomes your responsibility to find out about new package releases, for example by using "npm info" command one package at a time, or by visiting project pages.

Whatever your versioning policy, npm-check-updates will make keeping your dependencies up to date a breeze.

Installation

npm install -g npm-check-updates

Examples

Show any new dependencies for the project in the current directory:

$ npm-check-updates

"connect" can be updated from 2.8.x to 2.11.x  (Installed: 2.8.8, Latest: 2.11.0)
"commander" can be updated from 1.3.x to 2.0.x (Installed: 1.3.2, Latest: 2.0.0)

Run with '-u' to upgrade your package.json

Upgrade a project's package.json:

$ npm-check-updates -u

"request" can be updated from 2.20.x to 2.27.x (Installed: 2.20.0, Latest: 2.27.1)

package.json upgraded

Filter by package name:

# match mocha and should packages exactly
$ npm-check-updates -f mocha,should         

# match packages that start with "gulp-" using regex
$ npm-check-updates -f /^gulp-/             

# match packages that do not start with "gulp-". Note: single quotes are required 
# here to avoid inadvertant bash parsing
$ npm-check-updates -f '/^(?!gulp-).*$/'    

Options

-d, --dev                check only devDependencies
-h, --help               output usage information
-f, --filter <packages>  list or regex of package names to search (all others
                         will be ignored). Note: single quotes may be required 
                         to avoid inadvertant bash parsing.
-g, --global             check global packages instead of in the current project
-p, --prod               check only dependencies (not devDependencies)
-s, --silent             don't output anything
-u, --upgrade            upgrade package.json dependencies to match latest 
                         versions (maintaining existing policy)
-V, --version            output the version number

History

• 1.5.1
  • Fix bug where package names got truncated (grunt-concurrent -> grunt)
• 1.5
  • Add prod and dev only options
• 1.4
  • Add package filtering option
  • Add mocha as npm test script
• 1.3
  • Handle private packages and NPM errors
  • Added Mocha tests
  • Bugfixes
• 1.2
  • Print currently installed and latest package version in addition to semantic versions
  • Fixed bug where extra whitespace in package.json may prevent automatic upgrade
• 1.1
  • Added option to check global packages for updates: -g switch
  • Now also checks and upgrades devDependencies in package.json
• 1.0
  • Find and upgrade dependencies maintaining existing versioning policy in package.json

How dependency updates are determined

• Direct dependencies will be increased to the latest available version:
  • 2.0.1 => 2.2.0
  • 1.2 => 1.3
• Semantic versioning policies for levels are maintained while satisfying the latest version:
• 1.2.x => 1.3.x
• 1.x => 2.x
• "Any version" is maintained:
  • * => *
• Version constraints are maintained:
  • >0.2.x => > 0.3.x
  • >=1.0.0 => >=1.1.0
• Dependencies newer than the latest available version are suggested to be downgraded, as it's likely a mistake:
  • 2.0.x => 1.7.x, when 1.7.10 is the latest available version
  • 1.1.0 => 1.0.1, when 1.0.1 is the latest available version

Problems?

Please file an issue on github.

Pull requests are welcome :)