NPM Update

Everything breaks sometimes

You know that messsage which has been prompting you that found 14 vulnerabilities (9 low, 5 high) in 22292 scanned packages every time you run npm install or npm update, well, you really should update them. That of course is an easy task, the hard part is piecing together all the broken bits afterwards.

NPM update

This command will update all the packages listed to the latest version (specified by the tag config), respecting semver. src

The first step is to run npm update on a regular basis. This should be safe as it respects sepmantic versioning which should not bring in breaking changes so long as your tags are setup correctly. This should be the case if you’ve left them as default.
Of course this may not be the latest versions and further steps are required in this case.

NPM outdated

This command will check the registry to see if any (or, specific) installed packages are currently outdated. src

The npm outdated command will check to see if there are any packages which require upgrades, ignoring semantic versioning (semver).
I recommend running npm outdated after npm update as there may be no output in which case further steps are not needed and then it must be caffeine time.
If output is produced then there are a couple of options to upgrade packages.

  1. Overwrite each packages version tag with *
    After this, run npm update which will then download the latest version of each package and update the version tag again to default. NOTE: I’m not sure exactly what controls the default version tag behaviour, any further explanation welcome in the comments
    * >> npm update
  2. Use the npm-check-updates (ncu) package.
    This can be installed globally for easy use among multiple projects.
    npm install -g npm-check-updates.
    Then run ncu in your package.json directory. This will output a list of packages which can be updated.
    Once you’ve checked for available updates, you can apply them with ncu -u which will update your package.json with the latest versions, then run npm i which will download the relevant versions for your package.json This option is slightly more involved but can save time with a large number of packages.
    ncu -u >> npm i


You’re now done, kick off your tests and go have a coffee

About the author

John Baro