How to Update npm Packages to their Latest Version

In any NodeJS project, you’ll want to update your package dependencies often. Luckily, the process is simple and can be done in mere minutes. Of course, you want to verify any updates with some QA and hopefully some automated tests (a test framework or CI tool can be helpful).

How to Update Your Packages

The npm update command allows you to update any out-of-date packages, according to your package.json versions. This is the default way to update packages with npm.

How Do I Know Which Packages Have Updates?

One built-in way to check which packages are outdated is to run the npm outdated command.

Another way, which I prefer, is to use the npm-check-updates (ncu) module. This package allows you to easily upgrade your package.json dependencies to the latest versions of modules regardless of any version constraints in those files. Then with the npm install or npm update commands you can upgrade the installed packages.

In the rest of this article, we’ll take a look at the various NodeJS tools to update npm packages to their latest version, with or without semantic versioning constraints. Specifically, we’ll cover:

Jump ahead using the links above or read on to explore the world of npm package updating!

Semantic Versioning: Major, Minor, & Patch Version Ranges

Any npm or bower packages can use semantic versioning (semver) as specified on the website. This means that a package version can consist of three components:

  1. MAJOR version for when there are incompatible API changes
  2. MINOR version for when functionality is added in a backwards compatible manner
  3. PATCH version for when backwards compatible bug fixes are done

Node-semver is the package that parses the semvers and also understands some additional semver syntax, such as: basic ranges, tilde ranges, pre-release tags, caret ranges, hyphen ranges, and x ranges.

As a user of NodeJS packages, you can specify which kinds of updates your app can accept in the package.json file. For example, if you were starting with a package version 1.0.4, this is how you could specify the allowed update version ranges in three basic ways:

  • To Allow Patch Releases: 1.0 or 1.0.x or ~1.0.4
  • To Allow Minor Releases: 1 or 1.x or ^1.0.4
  • To Allow Major Releases: * or x

More fine-grained version ranges are also available if you use the additional semver syntax mentioned above.

First, Install node, npm, & ncu

If you haven’t yet, see this tutorial to install node and npm.

Now we can install the ncu tool globally, by typing the following:

You might first need root user permissions though; if so, type “sudo” in front of that command:

Let’s take a look at the ncu help syntax:

Now a Sample NodeJS Project

Let’s create a sample NodeJS project called “foo,” which we will let depend upon an older “express” and “request” package version, to show how to upgrade packages using the NodeJS install, update, and ncu commands:

Now our package.json will look something like this:

We see how npm installed the older versions of these two packages from their highest allowed and available packaged version and updated the package.json file.

Checking for Possible Updates

To see which packages have available updates, we can either use the ncu tool or the npm outdated command.

Detecting Updates with npm

If we wanted to check for packages that have updates, you can use the npm outdated command:

We see that the “request” package version is in line with what we wanted (as stated by our semver during install), but that there is a new major version available. For the “express” package, we see that both the wanted and latest versions have newer versions available.

Detecting Updates with ncu

Using the ncu tool we can also detect which packages have newer versions:

We see that there are major updates for both packages available.

Strict vs. Non-Strict Versioned Updates

We can either allow for strict versioned updates (strictly within our package.json semver constraints) or non-strict versioned updates (to update regardless of our semver constraints).

Strict Versioned Updates Using npm

Let’s use the npm update command to allow for strict versioned updates:

Now let’s have a look at npm outdated again:

Nice, npm update did what we asked of it and no more!

Non-Strict Versioned Updates Using ncu

For non-strict versioned updates, there are several command line options we can use with ncu.

ncu –upgrade [package]

To upgrade the “request” package to its newest major version, we could do the following:

This will update the package.json semver for the “request” package:

Please note that the ncu tool does maintain your existing semantic versioning policies (e.g., “allow only minor upgrades,” in our case), when updating the package.json file. Therefore, the major version of the “request” package was increased, but the policy of only allowing minor upgrades upon a npm update is still in effect.

Now we need to install the updated package version using npm install:

Let’s check the installed “request” package version:

ncu –upgrade

To update all of our package dependencies in package.json (including our “express” package), we would do the following:

ncu –upgradeAll

The ncu tool can install newer package versions according the package.json semver constraints, but does not update those newer version in the package.json file.

If you want to enforce writing those newly installed package versions to your package.json, you can use the –upgradeAll option. Though not necessary, this functionality is there if you want it.

To enforce overwriting your package.json package versions to their latest (semver-allowed), specific version number, type:

Filtering with ncu

We could also upgrade packages matching some regular expression syntax.

For example, this would match and upgrade all packages starting with “gulp-“:

To check only the “dependencies” packages, and not also the “devDependencies” packages, do the following:

This can be useful in cases where you want more developer environment stability.

Using bower.json

To use the bower.json file with ncu, you specify that option on the command line:

Final Words on npm Package Updating

NodeJS has great tooling for flexible package management and dependency versioning. Be sure to have a look at the npm documentation to learn more about npm package management and best practices.

Roberto Sanchez

Roberto Sanchez got his start with web hosting when he was still in high school, with a Perl script to conjugate verbs on a shared host. Roberto has been involved with web development ever since, experimenting with many web languages and hosting types. Roberto is on the web development team at Digital Brands Inc., where he applies his knowledge of PHP and WordPress to improve performance for the firm's various web properties. Roberto also leverages NodeJS to develop exciting products at Digital Brands Inc. and is eager to share his experience with users.