This site runs best with JavaScript enabled.

How to update all your NPM packages: The simple, the automatic and the manual way

Post status

budding

planted Nov 12, 2021

Video Blogger

Keeping your npm packages up to date is a crucial task, since old packages can result in a security risk. However, updating them can be a hassle. There are several ways to get the latest version for your packages.

The safe way

The simplest way is to use the native way of npm:

$ npm update --save
$ npm update --save-dev

This will update all packages to the most recent minor version. This shouldn't result in any problems, since minor version updates do not include any breaking changes.

The less safe way

You can use another npm package to update your other packages. The package we are using is called npm-check. It will allow you to interactively choose which packages to update.

To use it, you can install it globally:

$ npm install npm-check -g

Afterwards, you can use the npm-check command, which will give you the option to choose which packages to update.

The manual way

If you want to be extra careful, it might be a good idea to update your packages manually. In that case, you can use npm outdated to see which packages need updates. This also gives you information about the latest version and the latest possible minor version you can update to.

You can then manually update each package with

$ npm update [package-name] --save

Another way to check which packages to update is npm audit. This will show you all issues and vulnerabilities you are exposed to from your npm packages and which version fixes the issue. You can try to fix them automatically by using npm audit fix. If you want to see only the critical issues, you can use this command to only print the critical issues:

$ npm audit | grep -B 3 -A 15 Critical

Why should I want to do all this manually?

While it seems like a hassle to do this manually instead of using the automated ways above, this allows you to update the packages one by one. This way, you can test if the new version of a specific package introduces issues or bugs.

It might be a good idea, to create a commit for each updated package. If you find an issue later, it is easier to find out which packages is responsible via git bisect.

Thats it!

No matter which way you choose, I hope you don't run into too many issues.

Sebastian Auner © 2023
Legal NoticeTerms and ConditionsPrivacyAttributions