npm check and update package if needed

Question

We need to integrate Karma test runner into TeamCity and for that I'd like to give sys-engineers small script (powershell or whatever) that would:

pick up desired version number from some config file (I guess I can put it as a comment right in the karma.conf.js)
check if the defined version of karma runner installed in npm's global repo
if it's not, or the installed version is older than desired: pick up and install right version
run it: karma start .\Scripts-Tests\karma.conf.js --reporters teamcity --single-run

So my real question is: "how can one check in a script, if desired version of package installed?". Should you do the check, or it's safe to just call npm -g install everytime?

I don't want to always check and install the latest available version, because other config values may become incompatible

There is an online update/analyze tool https://pkgui.com/npm see this answer about it https://stackoverflow.com/a/76342980 — tom, May 26 '23 at 17:18

score 1171 · Accepted Answer · edited Feb 28 '22 at 11:38

1171

To check if any module in a project is 'old':

npm outdated

'outdated' will check every module defined in package.json and see if there is a newer version in the NPM registry.

For example, say xml2js 0.2.6 (located in node_modules in the current project) is outdated because a newer version exists (0.2.7). You would see:

xml2js@0.2.7 node_modules/xml2js current=0.2.6

To update all dependencies, if you are confident this is desirable:

npm update

Or, to update a single dependency such as xml2js:

npm update xml2js

To update package.json version numbers, append the --save flag:

npm update --save

edited Feb 28 '22 at 11:38

dialex

2,706
8
44
74

answered May 13 '13 at 23:40

dublx

11,978
1
14
11

11

Be careful with `npm update` especially with `npm update -g` ... it does not what most peaole expect it to do! See: https://github.com/npm/npm/issues/6247 and https://gist.github.com/othiym23/4ac31155da23962afd0e – jbandi Dec 23 '14 at 15:10
12

@jbandi As of npm@2.6.1, `npm -g update` is safe to use again. https://github.com/npm/npm/issues/6247#issuecomment-92182814 – Chuck Le Butt Jul 06 '16 at 10:03
22

Please be aware that npm update will not update your package.json file as stated by the answer from @Erik Olson. – Ehtesham Hasan Oct 26 '17 at 19:00
28

`As of npm@5.0.0, 'npm update' will change package.json to save the new version as the minimum required dependency` https://docs.npmjs.com/cli/update.html – Sidney Apr 02 '19 at 20:40
5

just did `npm update` on my npm 5.6.0 and it broke all code; luckily I backed up my files before doing that – Armand Jul 18 '20 at 12:18

score 528 · Answer 2 · edited Jan 17 '23 at 08:28

528

npm outdated will identify packages that should be updated, and npm update <package name> can be used to update each package. But prior to npm@5.0.0, npm update <package name> will not update the versions in your package.json which is an issue.

The best workflow is to:

Identify out of date packages with npm outdated
Update the versions in your package.json
Run npm update to install the latest versions of each package

Check out npm-check-updates to help with this workflow.

Install npm-check-updates with npm i npm-check-updates -g
Run npm-check-updates to list what packages are out of date (basically the same thing as running npm outdated)
Run npm-check-updates -u to update all the versions in your package.json (this is the magic sauce)
Run npm update as usual to install the new versions of your packages based on the updated package.json

edited Jan 17 '23 at 08:28

João Pimentel Ferreira

14,289
10
80
109

answered Jun 01 '14 at 13:13

Erik Olson

5,807
1
18
17

7

`npm outdated` will show ALL packages.. even inside other packages.. but those won't get updated with this procedure so they will always appear.. so just use `npm-check-updates` (as you actually recommended) which only shows main packages from `package.json` ... this is relevant – davidhq Feb 06 '15 at 22:42
3

With yarn this is much easier just type 'yarn upgrade'. – Christopher Grigg Apr 09 '18 at 00:06
147

Why must I install an update manager to manage my package manager? Do we not agree this is silly? It should be as simple as `npm install --all-outdated` but it isn't... – ADJenks Jan 24 '19 at 05:40
8

You can always run `npm update --save package_name` to save the latest change to package.json. – trungk18 Apr 09 '19 at 08:56
3

@ADJenks because `npm-check-updates` makes major updates, according to `semver`, which might have breaking changes, whereas `npm update` does only safe minor and patch updates. See: https://stackoverflow.com/a/48917961/1243247 – João Pimentel Ferreira Jul 15 '21 at 09:25
@JoãoPimentelFerreira I understand it's only safe to do minor patches, but eventually devs want to test the latest versions in a controlled way. There's a common need and desire to do this, as demonstrated by the existence of tools to do it, therefore I think the function should just be built in. You don't think it should be built in? I think a flag that was named `--force-update-max` would be very useful. If they want, they could give it a name to warn people, like how react uses "dangerouslySetInnerHTML" to set raw html. It's a bit patronizing, but it waives their liability for damages. – ADJenks Jul 15 '21 at 15:59
@ADJenks yes, I agree with you that it should be something built in, but not by default – João Pimentel Ferreira Jul 16 '21 at 12:10
@JoãoPimentelFerreira Yes, I didn't say anything about making it the default option, I was suggesting to add the flag `--all-outdated` which is a flag I made up which doesn't exist. The point was that I think there should be a flag that does this. I gave it a better name in my other response to you, `--force-update-max`, but my intention was the same in my original comment. A flag to update everything to the max, that would be great. – ADJenks Jul 18 '21 at 05:44
@ADJenks yes, I agree that `--force-update-max` would be a better name because it should be clear that breaking changes may occur according to `semver`. According to `semver` major updates are not backward compatible. Although the majority of the developers disregards these specifications. – João Pimentel Ferreira Jul 18 '21 at 15:39
npm update --save-dev // for dev dependencies – Sarath Oct 19 '21 at 07:59
Running `npm update --save` after `npm outdated` doesn't save the new versions in my `package.json` file. Nor does it install them. How do I update all outdated packages and save the new versions in `package.json` file? – Qwerty Aug 31 '22 at 13:47
@ADJenks because node is a community-based framework, and some group of people are motivated and willing to develop programs that does a better work than the original package manager that is half proprietary? Don't get me wrong but I think this is dope that you have to actually install something from the manager to enhance it (call that a plugin), you can feel that the community is motivated to help each other out. – vdegenne Dec 05 '22 at 10:06

score 214 · Answer 3 · edited Sep 13 '22 at 08:28

214

There is also a "fresh" module called npm-check:

npm-check

Check for outdated, incorrect, and unused dependencies.

screenshot of npm-check

It also provides a convenient interactive way to update the dependencies with npm-check -u.

edited Sep 13 '22 at 08:28

IcyIcicle

564
3
15

answered Dec 14 '14 at 07:07

alecxe

462,703
120
1,088
1,195

score 148 · Answer 4 · edited Jun 20 '20 at 09:12

148

One easy step:

$ npm i -g npm-check-updates && ncu -u && npm i

That is all. All of the package versions in package.json will be the latest major versions.

Edit:

What is happening here?

Installing a package that checks updates for you.

Use this package to update all package versions in your package.json (-u is short for --updateAll).

Install all of the new versions of the packages.

edited Jun 20 '20 at 09:12

Community

1
1

answered Apr 13 '17 at 18:51

Matt

33,328
25
83
97

5

@imnickvaughn `ncu` stands for node-check-updates and `-a` is the 'upgradeAll' option. Find all options here: https://www.npmjs.com/package/npm-check-updates – Arian Acosta Jun 05 '18 at 17:09
2

And what if I want to do it in one line without using another package like ncu? – ADJenks Jan 24 '19 at 05:37
13

Or without the global install, `npx -p npm-check-updates ncu -u` – entozoon Apr 30 '20 at 16:45
2

`npm-check-updates` makes major updates, according to `semver`, which might have breaking changes. Use it carefully: https://stackoverflow.com/a/48917961/1243247 – João Pimentel Ferreira Jul 15 '21 at 09:26

score 82 · Answer 5 · edited Jan 15 '23 at 15:14

To update a single local package:
1. First find out your outdated packages by:
  
  npm outdated
2. Then update the package or packages that you want manually as:
  
  npm update --save <package_name>

This way it is not necessary to update your local package.json file manually.

Note that the above command will update your package to the latest version.

If you write some version in your package.json file and do:

npm update <package_name>

In this case you will get just the next stable version (wanted) regarding the version that you wrote in your package.json file.

And with npm list <package_name> you can find out the current version of your local package.

score 47 · Answer 6 · edited Nov 26 '21 at 13:03

47

You can try either of these options:

Check outdated packages
```
npm outdated
```
Check and pick packages to update
```
npx npm-check -u
```

edited Nov 26 '21 at 13:03

KyleMit

30,350
66
462
664

answered Sep 11 '18 at 08:50

Long Tran

1,885
15
10

MikeMajara · Answer 7 · 2019-12-19T17:19:08.777

32

No additional packages, to just check outdated and update those which are, this command will do:

npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)

edited Dec 19 '19 at 17:19

answered Mar 28 '19 at 20:51

MikeMajara

922
9
23

10

This is a great answer because it can be put in any shell script to automate this step without relying on having any further package installed. – Jankapunkt Mar 18 '20 at 07:44
1

@Jankapunkt yes, for those who have this problem, I used all the answers above with more likes but haven't solved the bug for me. in this case, this answer solved it really well! so just using this is a very great answer (tested on bash terminal) – Laaouatni Anas Jan 29 '23 at 18:56

Smit Patel · Answer 8 · 2020-05-29T20:20:40.477

NPM commands to update or fix vulnerabilities in some dependency manifest files

Use below command to check outdated or vulnerabilities in your node modules.

npm audit
If any vulnerabilities found, use below command to fix all issues.

npm audit fix
If it doesn't work for you then try

npm audit fix -f, this command will almost fix all vulnerabilities. Some dependencies or devDependencies are locked in package-lock.json file, so we use -f flag to force update them.
If you don't want to use force audit fix then you can manually fix your dependencies versions by changing them in package-lock.json and package.json file. Then run

npm update && npm upgrade

I ran `npm audit fix --force`. Now I have more vulnerabilities than before. I can run it again, but it will not change. Now what? — Thomas Weller, Mar 27 '22 at 09:14

score 8 · Answer 9 · answered May 13 '13 at 16:17

When installing npm packages (both globally or locally) you can define a specific version by using the @version syntax to define a version to be installed.

In other words, doing: npm install -g karma@0.9.2 will ensure that only 0.9.2 is installed and won't reinstall if it already exists.

As a word of a advice, I would suggest avoiding global npm installs wherever you can. Many people don't realize that if a dependency defines a bin file, it gets installed to ./node_modules/.bin/. Often, its very easy to use that local version of an installed module that is defined in your package.json. In fact, npm scripts will add the ./node_modules/.bin onto your path.

As an example, here is a package.json that, when I run npm install && npm test will install the version of karma defined in my package.json, and use that version of karma (installed at node_modules/.bin/karma) when running the test script:

{
 "name": "myApp",
 "main": "app.js",
 "scripts": {
   "test": "karma test/*",
 },
 "dependencies": {...},
 "devDependencies": {
   "karma": "0.9.2"
 }
}

This gives you the benefit of your package.json defining the version of karma to use and not having to keep that config globally on your CI box.

what's in the `test` script? Can you please give me a clue how you install it with a script. — iLemming, May 13 '13 at 18:04
Look at the package.json. Under the "scripts" property, you can define another property, "test" whose value is a command you want to be run when you type `npm test`. npm docs are pretty good here: https://npmjs.org/doc/scripts.html — addisonj, May 14 '13 at 17:23

score 7 · Answer 10 · answered Jul 08 '19 at 18:28

7

As of npm@5.0.0+ you can simply do:

npm update <package name>

This will automatically update the package.json file. We don't have to update the latest version manually and then use npm update <package name>

You can still get the old behavior using

npm update --no-save

(Reference)

answered Jul 08 '19 at 18:28

adiga

34,372
9
61
83

5

I have `npm@7.21.1` and it is not automatically updating my `package.json`. Running `npm update --save` did not help either! – Farzan Jan 07 '22 at 23:28

score 5 · Answer 11 · answered Jul 13 '21 at 03:41

3 simple steps you can use for update all outdated packages

First, check the packages which are outdated

sudo npm i -g npm-check-updates

Second, put all of them in ready

ncu -u

Results in Terminal will be like this:

Third, just update all of them.

npm install

That's it.

Hari Reddy · Answer 12 · 2022-04-14T15:31:19.503

5

Just do this to update everything to the latest version - npx npm-check-updates -u

Note - You'll be prompted to install npm-check-updates. Press y and enter.

Now run npm i. You're good to go.

edited Apr 14 '22 at 15:31

answered Aug 26 '21 at 08:12

Hari Reddy

339
3
15

soraku02 · Answer 13 · 2021-06-05T11:40:07.173

4

A different approach would be to first uprade the package.json file using,

ncu -u

and then simply run,

npm install

to update all the packages to the latest version. ps: It will update all the packages to the latest version however if the package is already up to date that package will not be affected at all.

edited Jun 05 '21 at 11:40

answered Apr 24 '21 at 06:01

soraku02

282
3
11

score 4 · Answer 14 · answered Sep 17 '22 at 11:08

You can do this completely automatically in 2022

Install npm-check-updates
Run the command

ncu --doctor -u
It will first try every dependency you have and run tests, if the tests fail it will update each dependency one by one and run tests after each update

score 3 · Answer 15 · edited Jan 29 '19 at 17:12

3

To really update just one package install NCU and then run it just for that package. This will bump to the real latest.

npm install -g npm-check-updates

ncu -f your-intended-package-name -u

edited Jan 29 '19 at 17:12

Community

1
1

answered Dec 28 '18 at 10:21

regisbsb

3,664
2
35
41

9

Low quality post, some better explanation would help. – linuxfan says Reinstate Monica Dec 28 '18 at 16:20

score 3 · Answer 16 · answered Jul 21 '22 at 09:06

If you want to upgrade a package to the latest release, (major, minor and patch), append the @latest keyword to the end of the package name, ex:

npm i express-mongo-sanitize@latest

this will update express-mongo-sanitize from version 1.2.1 for example to version 2.2.0.

If you want to know which packages are outdated and which can be updated, use the npm outdated command

ex:

$ npm outdated
Package             Current   Wanted  Latest  Location                         Depended by
express-rate-limit    3.5.3    3.5.3   6.4.0  node_modules/express-rate-limit  apiv2
helmet               3.23.3   3.23.3   5.1.0  node_modules/helmet              apiv2
request-ip            2.2.0    2.2.0   3.3.0  node_modules/request-ip          apiv2
validator           10.11.0  10.11.0  13.7.0  node_modules/validator           apiv2

score 1 · Answer 17 · answered Jul 06 '21 at 12:10

1

One more for bash:

npm outdated -parseable|cut -d: -f5|xargs -L1 npm i

answered Jul 06 '21 at 12:10

Ronen

1,225
13
10

score 1 · Answer 18 · answered Nov 14 '21 at 15:49

I'm just interested in updating the outdated packages using the semantic versioning rules in my package.json.

Here's a one-liner that takes care of that

npm update `npm outdated | awk '{print $1}' | tr '\n' ' '`

What it does:

takes the output from npm outdated and
pipes that into awk where we're grabbing just the name of the package (in column 1)
then we're using tr to convert newline characters into spaces
finally -- using backticks -- we're using the output of the preceding steps as arguments to npm update so we get all our needed updates in one shot.

One would think that there's a way to do this using npm alone, but it wasn't here when I looked, so I'm just dropping this here in case it's helpful to anyone .

** I believe there's an answer that MikeMajara provides here that does something similar, but it's appending @latest to the updated package name, which I'm not really interested in as a part of my regularly scheduled updates.

score 1 · Answer 19 · answered Dec 04 '22 at 14:01

1

If you have multiple projects with the same node-modules content, pnpm is recommended. This will prevent the modules from being downloaded in each project. After the installation the answer to your question is:

pnpm up

answered Dec 04 '22 at 14:01

Michael S.

589
8
25

score -1 · Answer 20 · answered Jun 02 '23 at 12:35

-1

You can use an online tool https://pkgui.com/npm

It edits the package.json with the major versions and allows manual changes via dropdown.

answered Jun 02 '23 at 12:35

tom

9,550
6
30
49

npm check and update package if needed

20 Answers20

NPM commands to update or fix vulnerabilities in some dependency manifest files

Linked