How to determine path to deep outdated/deprecated packages (NPM)?

Question

How to determine, which packages (deep-dependencies, not top-level) are outdated in the local node_modules folder?

I run the following command:

npm install

having this in my package.json:

"dependencies": {
    "bluebird": "^3.3.4",
    "body-parser": "~1.15.0",
    "connect-flash": "^0.1.1",
    "cookie-parser": "~1.4.1",
    "debug": "~2.2.0",
    "express": "~4.13.1",
    "express-session": "^1.13.0",
    "hbs": "~4.0.0",
    "lodash": "^4.6.1",
    "mkdirp-bluebird": "^1.0.0",
    "morgan": "~1.7.0",
    "opener": "^1.4.1",
    "sequelize": "^3.19.3",
    "serve-favicon": "~2.3.0",
    "sqlite3": "^3.1.1"
},

and get the following output:

$ npm install
npm WARN deprecated graceful-fs@3.0.8: graceful-fs version 3 and before will fail on newer node releases. Please update to graceful-fs@^4.0.0 as soon as possible.
npm WARN deprecated lodash@1.0.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0.
npm WARN deprecated graceful-fs@1.2.3: graceful-fs version 3 and before will fail on newer node releases. Please update to graceful-fs@^4.0.0 as soon as possible.

In my package.json all packages are fresh. But some of the deep dependencies are outdated and I don't know how to determine WHICH, I neither know which of explicitly installed packages caused that... Bonus: if I can do it quickly;)

Does this answer your question? [How to find reverse dependencies on npm package?](https://stackoverflow.com/questions/31923195/how-to-find-reverse-dependencies-on-npm-package) — Michael Freidgeim, Jan 01 '23 at 09:54
@MichaelFreidgeim nope, because it is about building a list of dependencies of dependencies. I wanted to find _deep outdated deps_ , and maybe, a way to upgrade them. And there are good answers here, which help ;) — maxkoryukov, Jan 06 '23 at 05:55

score 16 · Accepted Answer · edited Apr 20 '17 at 03:00

16

you want ...

npm install -g npm-check-updates

then to show available updates

ncu

also ...

ncu -u

which actually change package.json to reflect the output of ncu.

And if that wasn't enough ...

ncu -m bower

check for new bower packages too!

Package npm-check-updates and more documentation is here

Edit for DEEP dependencies

npm-check-updates does not provide a depth option. With further research I found that npm now provides a CLI utitility to do what you want.

This essentially allows you to do ...

npm outdated --depth=5

which provides a similar output to npm-check-updates but also checks depth.

Note the default depth is 0 viz top level packages only. Also note that npm outdated only lists

current version
wanted version
latest version

it does not actually do the update.

To update packages use:

npm update --depth=5

npm warns against using the depth option in conjunction with npm-update

edited Apr 20 '17 at 03:00

Emile Bergeron

17,074
5
83
129

answered Mar 31 '16 at 14:10

danday74

52,471
49
232
283

2

`npm outdated --depth=5` with `npm update` -- my choice!! Thank you;) – maxkoryukov Mar 31 '16 at 18:21
recently i have found that ncu only works as expected if you delete the node_modules folder first before using it! weird i know – danday74 Apr 19 '17 at 17:52
And now I prefer to use `npm-check`, but `ncu` is good enough! – maxkoryukov Apr 25 '17 at 18:05
`ncu` command ask me to see https://github.com/tjunnone/npm-check-updates/issues/136#issuecomment-155721102 – Malay M Aug 18 '18 at 05:57
2

Ironic how I get `npm WARN deprecated` messages when I install npm-check-updates :) – Fuhrmanator Apr 23 '21 at 15:40

score 1 · Answer 2 · answered Apr 25 '17 at 18:09

1

Another one option (I found it later) — npm-check (thanks Hannah Wolfe)

Install:

npm install npm-check --global

Check and update dependencies for the current project:

npm-check -u

answered Apr 25 '17 at 18:09

maxkoryukov

4,205
5
33
54

How to determine path to deep outdated/deprecated packages (NPM)?

2 Answers2

Edit for DEEP dependencies

Linked