Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
npm-check-updates
Advanced tools
Find newer versions of dependencies than what your package.json or bower.json allows
npm-check-updates is a command-line tool that allows you to find and update outdated npm dependencies in your project. It helps you keep your project dependencies up-to-date by checking for newer versions and updating your package.json file accordingly.
Check for outdated dependencies
This command checks for any outdated dependencies in your project and lists them along with the latest versions available.
ncu
Update package.json with latest versions
This command updates your package.json file with the latest versions of all dependencies.
ncu -u
Interactive mode
This command runs npm-check-updates in interactive mode, allowing you to selectively choose which dependencies to update.
ncu -i
Filter dependencies
This command filters the dependencies to check for updates only within a specific scope or matching a specific pattern.
ncu '/^@my-scope/'
Upgrade specific dependencies
This command checks for updates and upgrades only the specified dependency (e.g., lodash).
ncu lodash
npm-check is another tool for checking and updating outdated npm dependencies. It provides a more interactive experience compared to npm-check-updates, allowing you to see which dependencies are outdated, unused, or missing, and to update them interactively.
depcheck is a tool that helps you find unused dependencies in your project. While it doesn't focus on updating dependencies, it complements npm-check-updates by identifying dependencies that are no longer needed.
npm-check-updates is a command-line tool that allows you to upgrade your package.json or bower.json dependencies to the latest versions, regardless of existing version constraints.
npm-check-updates maintains your existing semantic versioning policies, i.e., it will upgrade your "express": "^4.11.2"
dependency to "express": "^5.0.0"
when express 5.0.0 is released.
Having issues? Check out known issues first. Then check the issues page.
npm install -g npm-check-updates
Show any new dependencies for the project in the current directory:
$ ncu
express 4.12.x → 4.13.x
multer ^0.1.8 → ^1.0.1
react-bootstrap ^0.22.6 → ^0.24.0
react-a11y ^0.1.1 → ^0.2.6
webpack ~1.9.10 → ~1.10.5
Run with -u to upgrade your package.json
Upgrade a project's package file:
Make sure your package file is in version control and all changes have been committed. This will overwrite your package file.
$ ncu -u
express 4.12.x → 4.13.x
package.json upgraded
Works with bower:
$ ncu -m bower # will use bower.json and check versions in bower
You can include or exclude specific packages using the --filter
and --reject
options. They accept strings, comma-delimited lists, or regular expressions:
# match mocha and should packages exactly
$ ncu mocha # shorthand for ncu -f mocha (or --filter)
$ ncu one, two, three
# exclude packages
$ ncu -x nodemon # shorthand for ncu --reject nodemon
# match packages that start with "gulp-" using regex
$ ncu /^gulp-/
# match packages that do not start with "gulp-". Note: single quotes are required
# here to avoid inadvertent bash parsing
$ ncu '/^(?!gulp-).*$/'
-d, --dev check only devDependencies
-e, --error-level set the error-level. 1: exits with error code 0 if no
errors occur. 2: exits with error code 0 if no
packages need updating (useful for continuous
integration)
-f, --filter include only package names matching the given string,
comma-delimited list, or regex
-g, --global check global packages instead of in the current project
-h, --help output usage information
-j, --jsonAll output new package file instead of human-readable
message
--jsonUpgraded output upgraded dependencies in json
-l, --loglevel what level of logs to report: silent, error, warn, info,
verbose, silly (default: warn)
--packageData include stringified package file (use stdin instead)
--packageFile package file location (default: ./package.json)
-m, --packageManager npm or bower (default: npm)
-o, --optional check only optionalDependencies
-p, --prod check only dependencies (not devDependencies)
-r, --registry specify third-party NPM registry
-s, --silent don't output anything (--loglevel silent)
-t, --greatest find the highest versions available instead of the
latest stable versions (alpha release only)
-u, --upgrade overwrite package file
-a, --upgradeAll include even those dependencies whose latest
version satisfies the declared semver dependency
-x, --reject exclude packages matching the given string, comma-
delimited list, or regex
-V, --version output the version number
The tool allows integration with 3rd party code:
var ncu = require('npm-check-updates');
ncu.run({
// Always specify the path to the package file
packageFile: 'package.json',
// Any command-line option can be specified here.
// These are set by default:
silent: true,
jsonUpgraded: true
}).then(function(upgraded) {
console.log('dependencies to upgrade:', upgraded);
});
2.0.1
→ 2.2.0
1.2
→ 1.3
^1.2.0
→ ^2.0.0
1.x
→ 2.x
*
→ *
>0.2.0
→ >0.3.0
1.0.0 < 2.0.0
→ ^3.0.0
^1.0.0
is a range that will includes all non-major updates. If you run npm update
, it will install 1.0.1
without changing the dependency listed in your package file. You don't need to update your package file if the latest version is satisfied by the specified dependency range. If you really want to upgrade your package file (even though it's not necessary), you can run ncu --upgradeAll
.
Docker volumes can be used to easily update a package:
docker run -it --rm -v $(pwd)/package.json:/app/package.json creack/ncu -u -a
See the github releases.
For help migrating from v1 to v2, see the v2 release notes.
In some environments (Windows?) npm-check-updates may hang. Run ncu --loglevel verbose
to see if it is waiting for stdin. If so, try setting the package file explicitly: ncu -g --packageFile package.json
. See #136.
If you installed node via brew, ncu -g
may incorrectly report that all packages are up-to-date. Try PREFIX="/usr/local/" ncu -g
. See #146.
There is an issue with grunt-shell described in #119. TLDR; You have to explicitly specify your package file with ncu --packageFile package.json
.
Cannot find module 'proto-list'
. This error is occurring for many people, yet it cannot be consistently reproduced. It seems to be fixed by fresh installs of node and npm: "I reinstalled node 4.2.1 and npm 2.14.7. Installed ncu, and it worked fine. So I'm afraid I'm not able to reproduce the issue anymore." See #144.
Please file an issue on github! Contributors are responsive and happy to assist.
When filing an issue, always include the dependencies from your package file (or the output from npm -g ls --depth=0
if using global mode)!
Pull requests are welcome, and will not collect dust :)
FAQs
Find newer versions of dependencies than what your package.json allows
The npm package npm-check-updates receives a total of 321,221 weekly downloads. As such, npm-check-updates popularity was classified as popular.
We found that npm-check-updates demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.