npm install vs. update - what's the difference?

Question

What is the practical difference between npm install and npm update? When should I use which?

Answer 1

In general, use npm install when:

• Installing packages that are in package.json but not installed yet (npm install).
• Adding and installing a new package that's not in package.json yet (npm install package).
• Updating a package that's in package.json to a newer MAJOR version (npm install package@9 or npm install package@latest).

Use npm update when:

• Updating packages that are in package.json to the latest MINOR and PATCH version of the currently installed MAJOR version.

If you run npm outdated:

Package      Current  Wanted  Latest  Location                  Depended by
compression    1.7.4   1.7.5   1.7.5  node_modules/compression  project-name
croner         5.7.0   5.7.0   9.0.0  node_modules/croner       project-name
dotenv        16.0.3  16.4.5  16.4.5  node_modules/dotenv       project-name
express       4.19.2  4.21.1  4.21.1  node_modules/express      project-name

npm update will update the packages from Current version to Wanted version. In case the Wanted version is not the Latest version because of breaking changes (different MAJOR version), use npm install e.g. npm install package@9 and make sure nothing breaks.

Answer 2

The difference between npm install and npm update handling of package versions specified in package.json:

{
  "name": "my-project",
  "version": "1.0",                               // install   update
  "dependencies": {                               // ------------------
    "already-installed-versionless-module": "*",  // ignores   "1.0" -> "1.1"
    "already-installed-semver-module": "^1.4.3"   // ignores   "1.4.3" -> "1.5.2"
    "already-installed-versioned-module": "3.4.1" // ignores   ignores
    "not-yet-installed-versionless-module": "*",  // installs  installs
    "not-yet-installed-semver-module": "^4.2.1"   // installs  installs
    "not-yet-installed-versioned-module": "2.7.8" // installs  installs
  }
}

Summary: The only big difference is that an already installed module with fuzzy versioning ...

• gets ignored by npm install
• gets updated by npm update

Additionally: install and update by default handle devDependencies differently

• npm install will install/update devDependencies unless --production flag is added
• npm update will ignore devDependencies unless --dev flag is added

---

Why use npm install at all?

Because npm install does more when you look besides handling your dependencies in package.json. As you can see in npm install you can ...

• manually install node-modules
• set them as global (which puts them in the shell's PATH) using npm install -g <name>
• install certain versions described by git tags
• install from a git url
• force a reinstall with --force

Answer 3

npm update also installs the latest version of a package regardless of the checksum saved in package-lock.json. When depending on private repos the saved checksum can break so that npm install throws a mismatch error. npm update will ignore the checksum and install the latest version specified in package.json.

The error can look something like this:

npm WARN tarball tarball data for repo@git+ssh://git@github.com/company/repo.git#b2d8280dfb292c13c614352adra910f298a2a771 (sha512-36mxm1NMCHisdfsdfsdfsdsdf3NtFvwpzpjCEZfQTXmoi04B3qVrsTs1tnsdsdfsdfZNIK8lbEGVRVKcDX5u9pY7B==) seems to be corrupted. Trying again.
npm ERR! code EINTEGRITY

Answer 4

npm update: install and update with latest node modules which are in package.json

npm install: install node modules which are defined in package.json(without update)

Answer 5

npm install installs all modules that are listed on package.json file and their dependencies.

npm update updates all packages in the node_modules directory and their dependencies.

npm install express installs only the express module and its dependencies.

npm update express updates express module (starting with npm@2.x, it doesn't update its dependencies).

So updates are for when you already have the module and wish to get the new version.

Answer 6

Many distinctions have already been mentioned. Here is one more:

Running npm install at the top of your source directory will run various scripts: prepublish, preinstall, install, postinstall. Depending on what these scripts do, a npm install may do considerably more work than just installing dependencies.

I've just had a use case where prepublish would call make and the Makefile was designed to fetch dependencies if the package.json got updated. Calling npm install from within the Makefile would have lead to an infinite recursion, while calling npm update worked just fine, installing all dependencies so that the build could proceed even if make was called directly.

Answer 7

In most cases, this will install the latest version of the module published on npm.

npm install express --save

or better to upgrade module to latest version use:

npm install express@latest --save --force

--save: Package will appear in your dependencies.

More info: npm-install