I copied package.json
from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.
What's the easiest way to do this?
The best way I know is to run npm info express version
then update each dependency in package.json
manually. There must be a better way.
{
"name": "myproject",
"description": "my node project",
"version": "1.0.0",
"engines": {
"node": "0.8.4",
"npm": "1.1.65"
},
"private": true,
"dependencies": {
"express": "~3.0.3", // how do I get these bumped to latest?
"mongodb": "~1.2.5",
"underscore": "~1.4.2",
"rjs": "~2.9.0",
"jade": "~0.27.2",
"async": "~0.1.22"
}
}
For Yarn specific solutions refer to this SO thread.
If you happen to be using Visual Studio Code as your IDE, this is a fun little extension to make updating package.json
a one click process.
Should get you the latest wanted versions compatible for your app. But not the latest versions.
Updtr!
Based on npm outdated, updtr installs the latest version and runs npm test for each dependency. If the test succeeds, updtr saves the new version number to your package.json. If the test fails, however, updtr rolls back its changes.
*
as the version for the latest releases, including unstablelatest
as version definition for the latest stable versionLatestStablePackages
Here is an example:
"dependencies": {
"express": "latest" // using the latest STABLE version
, "node-gyp": "latest"
, "jade": "latest"
, "mongoose": "*" // using the newest version, may involve the unstable releases
, "cookie-parser": "latest"
, "express-session": "latest"
, "body-parser": "latest"
, "nodemailer":"latest"
, "validator": "latest"
, "bcrypt": "latest"
, "formidable": "latest"
, "path": "latest"
, "fs-extra": "latest"
, "moment": "latest"
, "express-device": "latest"
},
I really like how npm-upgrade works. It is a simple command line utility that goes through all of your dependencies and lets you see the current version compared to the latest version and update if you want.
Here is a screenshot of what happens after running npm-upgrade
in the root of your project (next to the package.json
file):
For each dependency you can choose to upgrade, ignore, view the changelog, or finish the process. It has worked great for me so far.
EDIT: To be clear this is a third party package that needs to be installed before the command will work. It does not come with npm itself:
npm install -g npm-upgrade
Then from the root of a project that has a package.json file:
npm-upgrade
This feature has been introduced in npm v5
. update to npm using npm install -g npm@latest
and
to update package.json
delete /node_modules
and package-lock.json (if you have any)
run npm update
. this will update the dependencies package.json to the latest, based on semver.
to update to very latest version. you can go with npm-check-updates
If you don't want to install global npm-check-updates you can simply run that:
node -e "const pk = JSON.parse(require('fs').readFileSync('package.json', 'utf-8'));require('child_process').spawn('npm', ['install', ...Object.keys(Object.assign({},pk.dependencies, pk.devDependencies)).map(a=>a+'@latest')]).stdout.on('data', d=>console.log(d.toString()))"
The very easiest way to do this as of today is use pnpm rather than npm and simply type:
pnpm update --latest
Greenkeeper if you're using Github. https://greenkeeper.io/
It's a Github integration and incredibly easy to set things up. When installed, it automatically creates pull requests in repositories you specify (or all if wanted) and keeps your code always up-to-date, without forcing you to do anything manually. PRs should then trigger a build on a CI service and depending on a successful or failed check you can keep figuring out what's triggering the issue or when CI passes simply merge the PR.
At the bottom, you can see that the first build failed at first and after a commit ("upgrade to node v6.9") the tests pass so I could finally merge the PR. Comes with a lot of emoji, too.
Another alternative would be https://dependencyci.com/, however I didn't test it intensively. After a first look Greenkeeper looks better in general IMO and has better integration.
Use npm outdated to discover dependencies that are out of date.
Use npm update to perform safe dependency upgrades.
Use npm install @latest to upgrade to the latest major version of a package.
Use npx npm-check-updates -u and npm install to upgrade all dependencies to their latest major versions.
The following code (which was accepted) wrote me something like "it takes too long blah-blah" and did nothing. Probably using the global flag was the problem, idk.
npm i -g npm-check-updates
ncu -u
npm install
I decided to use my text editor and follow a semi-manual approach instead.
I copied a list like this (just a lot longer) from the dev dependencies of my package.json
to the notepad++ text editor:
"browserify": "10.2.6",
"expect.js": "^0.3.1",
"karma": "^0.13.22",
"karma-browserify": "^5.2.0",
I set the search mode to regular expression, used the ^\s*"([^"]+)".*$
pattern to get the package name and replaced it with npm uninstall \1 --save-dev \nnpm install \1 --save-dev
. Clicked on "replace all". The otput was this:
npm uninstall browserify --save-dev
npm install browserify --save-dev
npm uninstall expect.js --save-dev
npm install expect.js --save-dev
npm uninstall karma --save-dev
npm install karma --save-dev
npm uninstall karma-browserify --save-dev
npm install karma-browserify --save-dev
I copied it back to bash and hit enter. Everything was upgraded and working fine. That's all.
"browserify": "^16.1.0",
"expect.js": "^0.3.1",
"karma": "^2.0.0",
"karma-browserify": "^5.2.0",
I don't think it is a big deal, since you have to do it only every now and then, but you can easily write a script, which parses the package.json
and upgrades your packages. I think it is better this way, because you can edit your list if you need something special, for example keeping the current version of a lib.
I solved this by seeing the instructions from https://github.com/tjunnone/npm-check-updates
$ npm install -g npm-check-updates
$ ncu
$ ncu -u # to update all the dependencies to latest
$ ncu -u "specific module name" #in case you want to update specific dependencies to latest
As of npm version 5.2.0, there is a way to run this in a single line without installing any additional packages to your global npm registry nor locally to your application. This can be done by leveraging the new npx
utility that's bundled with npm. (Click here to learn more.)
Run the following command in the root of your project:
npx npm-check-updates -u && npm i
Try following command if you using npm 5 and node 8
npm update --save
If you are using yarn
, yarn upgrade-interactive
is a really sleek tool that can allow you to view your outdated dependencies and then select which ones you want to update.
More reasons to use Yarn over npm
. Heh.
I use npm-check
to achieve this.
npm i -g npm npm-check
npm-check -ug #to update globals
npm-check -u #to update locals
Another useful command list which will keep exact version numbers in package.json
npm cache clean
rm -rf node_modules/
npm i -g npm npm-check-updates
ncu -g #update globals
ncu -ua #update locals
npm i
To see which packages have newer versions available, then use the following command:
npm outdated
to update just one dependency just use the following command:
npm install yourPackage@latest --save
For example:
My package.json
file has dependency:
"@progress/kendo-angular-dateinputs": "^1.3.1",
then I should write:
npm install @progress/kendo-angular-dateinputs@latest --save
If you want to use a gentle approach via a beautiful (for terminal) interactive reporting interface I would suggest using npm-check.
It's less of a hammer and gives you more consequential knowledge of, and control over, your dependency updates.
To give you a taste of what awaits here's a screenshot (scraped from the git page for npm-check):
I recently had to update several projects that were using npm and package.json for their gruntfile.js magic. The following bash command (multiline command) worked well for me:
npm outdated --json --depth=0 | \
jq --ascii-output --monochrome-output '. | keys | .[]' | \
xargs npm install $1 --save-dev
The idea here:
To pipe the npm outdated
output as json, to jq
(jq is a json command line parser/query tool)
(notice the use of --depth
argument for npm outdated
)
jq will strip the output down to just the top level package name only.
finally xargs puts each LIBRARYNAME one at a time into a npm install LIBRARYNAME --save-dev
command
The above is what worked for me on a machine runnning: node=v0.11.10 osx=10.9.2 npm=1.3.24
this required:
xargs http://en.wikipedia.org/wiki/Xargs (native to my machine I believe)
and
jq http://stedolan.github.io/jq/ (I installed it with brew install jq
)
Note: I only save the updated libraries to package.json inside of the json key devDependancies
by using --save-dev
, that was a requirement of my projects, quite possible not yours.
Afterward I check that everything is gravy with a simple
npm outdated --depth=0
Also, you can check the current toplevel installed library versions with
npm list --depth=0
Commands that I had to use to update package.json
for NPM 3.10.10
:
npm install -g npm-check-updates
ncu -a
npm install
Background:
I was using the latest command from @josh3736 but my package.json
was not updated. I then noticed the description text when running npm-check-updates -u
:
The following dependency is satisfied by its declared version range, but the installed version is behind. You can install the latest version without modifying your package file by using npm update. If you want to update the dependency in your package file anyway, run ncu -a.
Reading the documentation for npm-check-updates you can see the difference:
https://www.npmjs.com/package/npm-check-updates
-u, --upgrade: overwrite package file
-a, --upgradeAll: include even those dependencies whose latest version satisfies the declared semver dependency
ncu is an alias for npm-check-updates
as seen in the message when typing npm-check-updates -u
:
[INFO]: You can also use ncu as an alias
npm outdated
npm update
git commit package-lock.json
npm install -g npm-check-updates
npm-check-updates
npm shrinkwrap
git commit package-lock.json
Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run because my deps were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.
For the curious who make it this far, here is what I recommend:
npm-check-updates
or npm outdated
to suggest the latest versions.# `outdated` is part of newer npm versions (2+)
$ npm outdated
# If you agree, update.
$ npm update
# OR
# Install and use the `npm-check-updates` package.
$ npm install -g npm-check-updates
# Then check your project
$ npm-check-updates
# If you agree, update package.json.
$ npm-check-updates -u
###Then do a clean install (w/o the rm I got some dependency warnings)
$ rm -rf node_modules
$ npm install
npm-shrinkwrap.json
with npm shrinkwrap
$ rm npm-shrinkwrap.json
$ npm shrinkwrap
npm install
will now use exact versions in npm-shrinkwrap.json
If you check npm-shrinkwrap.json
into git, all installs will use the exact same versions.
This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).
If you use yarn, the following command updates all packages to their latest version:
yarn upgrade --latest
From their docs:
The
upgrade --latest
command upgrades packages the same as the upgrade command, but ignores the version range specified in package.json. Instead, the version specified by the latest tag will be used (potentially upgrading the packages across major versions).
I found another solution for recent version of NPM. What I want to do is to replace all the "*" dependencies with the explicit lastest version number. None of the methods discussed has worked for me.
What I did:
npm-check-updates -u
Everything in package.json now is updated to the last version.
An automatic update is possible with NPM-script:
{
"_cmd-update-modules": "npm run devops-update-modules",
"scripts": {
"create-global-node-modules-folder": "if not exist \"%appdata%\\npm\\node_modules\" mkdir %appdata%\\npm\\node_modules",
"npm-i-g": "npm i npm@latest -g",
"npm-check-i-g": "npm i npm-check@latest -g",
"eslint-i-g": "npm i eslint@latest -g",
"npm-check-u-l": "npm-check \"C:\\Program Files\\nodejs\\node_modules\\npm\" -y",
"npm-check-u-g": "npm-check \"C:\\Program Files\\nodejs\\node_modules\\npm\" -y -g",
"npm-deep-update-l": "npm update --depth 9999 --dev",
"npm-deep-update-g": "npm update --depth 9999 --dev -g",
"npm-cache-clear": "npm cache clear --force",
"devops-update-modules": "npm run create-global-node-modules-folder && npm run npm-i-g && npm run npm-check-i-g && npm run eslint-i-g && npm run npm-check-u-l && npm run npm-check-u-g && npm run npm-deep-update-l && npm run npm-deep-update-g && npm run npm-cache-clear"
}
}
For further details and step-by-step manual: https://stackoverflow.com/a/34295664
Here is a basic regex to match semantic version numbers so you can quickly replace them all with an asterisk.
([>|<|=|~|^|\s])*?(\d+\.)?(\d+\.)?(\*|\d+)
Select the package versions you want to replace in the JSON file.
Input the regex above and verify it's matching the correct text.
Replace all matches with an asterisk.
Run npm update --save
This works as of npm 1.3.15.
"dependencies": {
"foo": "latest"
}
To update one dependency to its lastest version without having to manually open the package.json
and change it, you can run
npm install {package-name}@* {save flags?}
i.e.
npm install express@* --save
For reference, npm-install
Update: Recent versions may need latest flag instead, i.e. npm install express@latest
As noted by user Vespakoen on a rejected edit, it's also possible to update multiple packages at once this way:
npm install --save package-nave@* other-package@* whatever-thing@*
He also apports a one-liner for the shell based on npm outdated
. See the edit for code and explanation.
PS: I also hate having to manually edit package.json
for things like that ;)
The above commands are unsafe because you might break your module when switching versions. Instead I recommend the following
npm shrinkwrap
command.npm install -g next-update // from your package next-update
npm-check-updates
is a utility that automatically adjusts a package.json with the
latest version of all dependencies
see https://www.npmjs.org/package/npm-check-updates
$ npm install -g npm-check-updates
$ ncu -u
$ npm install
[EDIT] A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm
is:
$ npx npm-check-updates -u
$ npm install
Solution without additional packages
Change every dependency's version to *
:
"dependencies": {
"react": "*",
"react-google-maps": "*"
}
Then run npm update --save
.
Some of your packages were updated, but some not?
"dependencies": {
"react": "^15.0.1",
"react-google-maps": "*"
}
This is the tricky part, it means your local version of "react" was lower than the newest one. In this case npm downloaded and updated "react" package. However your local version of "react-google-maps" is the same as the newest one.
If you still want to "update" unchanged *
, you have to delete these modules from node_modules
folder.
e.g. delete node_modules/react-google-maps
.
Finally run again npm update --save
.
"dependencies": {
"react": "^15.0.1",
"react-google-maps": "^4.10.1"
}
Do not forget to run npm update --save-dev
if you want to update development dependencies.
If you're looking for an easier solution that doesn't involve installing npm packages, I'd checkout updatepackagejson.com
Alternative is
"dependencies":{
"foo" : ">=1.4.5"
}
everytime you use npm update , it automatically update to the latest version. For more version syntax, you may check here: https://www.npmjs.org/doc/misc/semver.html
The only caveat I have found with the best answer above is that it updates the modules to the latest version. This means it could update to an unstable alpha build.
I would use that npm-check-updates utility. My group used this tool and it worked effectively by installing the stable updates.
As Etienne stated above: install and run with this:
$ npm install -g npm-check-updates
$ npm-check-updates -u
$ npm install
Source: Stackoverflow.com