CODEWITHSUNDEEP
node.jsnpm
Raine Revere
Raine Revere

Reputation: 33745

How can I update each dependency in package.json to the latest version?

I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.

What's the easiest way to do this?

The best way I know is to run npm info express version and then update each dependency in package.json manually. There must be a better way.

{
  "name": "myproject",
  "description": "my node project",
  "version": "1.0.0",
  "dependencies": {
    "express": "^3.0.3", // how do I get these bumped to latest?
    "mongodb": "^1.2.5",
    "underscore": "^1.4.2"
  }
}

For Yarn-specific solutions, refer to this Stack Overflow question.

Upvotes: 2893

Views: 1833407

Answers (30)

josh3736
josh3736

Reputation: 145042

It looks like npm-check-updates is the only way to make this happen now.

npm i -g npm-check-updates
ncu -u
npm install

Or using npx (so you don't have to install a global package):

npx npm-check-updates -u
npm install

On npm <3.11:

Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).

Before:

  "dependencies": {
    "express": "*",
    "mongodb": "*",
    "underscore": "*",
    "rjs": "*",
    "jade": "*",
    "async": "*"
  }

After:

  "dependencies": {
    "express": "~3.2.0",
    "mongodb": "~1.2.14",
    "underscore": "~1.4.4",
    "rjs": "~2.10.0",
    "jade": "~0.29.0",
    "async": "~0.2.7"
  }

Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.

On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

For Yarn specific solution, refer to this Stack Overflow answer.

Upvotes: 3551

andxyz
andxyz

Reputation: 3888

I recently had to update several projects that were using npm and package.json for their gruntfile.js magic. The following Bash command (multiline command) worked well for me:

npm outdated --json --depth=0 | \
jq --ascii-output --monochrome-output '. | keys | .[]' | \
xargs npm install $1 --save-dev

The idea here:

To pipe the npm outdated output as JSON, to jq (jq is a JSON command line parser/query tool) (notice the use of --depth argument for npm outdated).

jq will strip the output down to just the top-level package name only. Finally xargs puts each LIBRARYNAME one at a time into a npm install LIBRARYNAME --save-dev command.

The above is what worked for me on a machine running: node=v0.11.10 osx=10.9.2 npm=1.3.24

This required: xargs (native to my machine I believe) and jq (I installed it with brew install jq).

Note: I only save the updated libraries to package.json inside of the JSON key devDependencies by using --save-dev. That was a requirement of my projects, quite possible not yours.

Afterwards, I check that everything is gravy with a simple

npm outdated --depth=0

Also, you can check the current top-level installed library versions with

npm list --depth=0

Upvotes: 18

Robin98
Robin98

Reputation: 1159

  1. Use * as the version for the latest releases, including unstable
  2. Use latest as version definition for the latest stable version
  3. Modify the package.json with exactly the latest stable version number using LatestStablePackages

Here is an example:

"dependencies": {
        "express": "latest"  // using the latest STABLE version
    ,   "node-gyp": "latest"    
    ,   "jade": "latest"
    ,   "mongoose": "*" // using the newest version, may involve the unstable releases
    ,   "cookie-parser": "latest"
    ,   "express-session": "latest"
    ,   "body-parser": "latest"
    ,   "nodemailer":"latest"
    ,   "validator": "latest"
    ,   "bcrypt": "latest"
    ,   "formidable": "latest"
    ,   "path": "latest"
    ,   "fs-extra": "latest"
    ,   "moment": "latest"
    ,   "express-device": "latest"
},

Upvotes: 79

Tobias Cudnik
Tobias Cudnik

Reputation: 9630

This works as of npm 1.3.15.

"dependencies": {
  "foo": "latest"
}

Upvotes: 78

Etienne
Etienne

Reputation: 16887

npm-check-updates is a utility that automatically adjusts a package.json file with the latest version of all dependencies.

See npm-check-updates

npm install -g npm-check-updates
ncu -u
npm install

A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm is:

npx npm-check-updates -u
npm install

Upvotes: 1373

Michael Cole
Michael Cole

Reputation: 16257

Updated for npm v2+

npm 2+ (Node.js 0.12+):

npm outdated
npm update
git commit package-lock.json

Ancient npm (circa 2014):

npm install -g npm-check-updates
npm-check-updates
npm shrinkwrap
git commit package-lock.json

Be sure to shrinkwrap your dependencies, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run, because my dependencies were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.

Details

For the curious who make it this far, here is what I recommend:

Use npm-check-updates or npm outdated to suggest the latest versions.

# `outdated` is part of newer npm versions (2+)
npm outdated

# If you agree, update.
npm update

#       OR

# Install and use the `npm-check-updates` package.
npm install -g npm-check-updates

# Then check your project
npm-check-updates

# If you agree, update package.json.
npm-check-updates -u

Then do a clean install (without the rm I got some dependency warnings)

rm -rf node_modules
npm install

Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap

rm npm-shrinkwrap.json
npm shrinkwrap

Now, npm install will now use exact versions in npm-shrinkwrap.json

If you check npm-shrinkwrap.json into Git, all installs will use the exact same versions.

This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).

P.S.: Yarn is sending your package list to Facebook.

Upvotes: 471

Haven
Haven

Reputation: 7966

An alternative is

"dependencies":{
    "foo" : ">=1.4.5"
}

Every time you use npm update, it automatically updates to the latest version.

For more version syntax, you may check here: https://www.npmjs.org/doc/misc/semver.html

Upvotes: 2

Tyler Davis
Tyler Davis

Reputation: 913

The only caveat I have found with the best answer is that it updates the modules to the latest version. This means it could update to an unstable alpha build.

I would use that npm-check-updates utility. My group used this tool and it worked effectively by installing the stable updates.

As Etienne stated: install and run with this:

npm install -g npm-check-updates
npm-check-updates -u
npm install

Upvotes: 51

gleb bahmutov
gleb bahmutov

Reputation: 1919

The commands in previous answers are unsafe, because you might break your module when switching versions. Instead I recommend the following:

  • Set the actual current Node.js modules version into package.json using the npm shrinkwrap command.
  • Update each dependency to the latest version if it does not break your tests using the next-update command line tool
npm install -g next-update
// from your package
next-update

Upvotes: 5

David Braun
David Braun

Reputation: 5919

Use Updtr!

Based on npm outdated, updtr installs the latest version and runs npm test for each dependency. If the test succeeds, updtr saves the new version number to your package.json. If the test fails, however, updtr rolls back its changes.

Upvotes: 14

Luca Steeb
Luca Steeb

Reputation: 1849

Greenkeeper if you're using GitHub.

It's a GitHub integration and incredibly easy to set things up. When installed, it automatically creates pull requests in repositories you specify (or all if wanted) and keeps your code always up-to-date, without forcing you to do anything manually. PRs should then trigger a build on a CI service and depending on a successful or failed check you can keep figuring out what's triggering the issue or when CI passes simply merge the PR.

Greenkeeper PR 1 Greenkeeper PR 2

At the bottom, you can see that the first build failed at first and after a commit ("upgrade to node v6.9") the tests pass, so I could finally merge the PR. It comes with a lot of emoji, too.

Another alternative would be https://dependencyci.com/, however I didn't test it intensively. After a first look, Greenkeeper looks better in general, IMO, and has better integration.

Upvotes: 2

goksel
goksel

Reputation: 4580

I use npm-check to achieve this.

npm i -g npm npm-check
npm-check -ug # To update globals
npm-check -u # To update locals

Enter image description here

Another useful command list which will keep exact version numbers in package.json:

npm cache clean
rm -rf node_modules/
npm i -g npm npm-check-updates
ncu -g # Update globals
ncu -u # Update locals
npm I

You can use yarn upgrade-interactive --latest if you are using Yarn.

Upvotes: 44

mattpr
mattpr

Reputation: 3260

Instead of installing yet another Node.js module for a one-off use case, you can just do this in your shell...

npm install $(npm outdated | tail -n +2 | awk '{print $1}' | sed -e 's/$/@latest/g' | tr '\n' ' ')

Upvotes: 4

Sibiraj
Sibiraj

Reputation: 4756

This feature has been introduced in npm v5. Update to npm using npm install -g npm@latest and to update package.json:

  1. delete folder node_modules and package-lock.json (if you have any)

  2. run npm update. This will update the dependencies in package.json to the latest, based on semantic versioning.

To update to the very latest version, you can go with npm-check-updates.

Upvotes: 21

krunal shah
krunal shah

Reputation: 16339

Try the following command if you are using npm 5 and Node.js 8:

npm update --save

Upvotes: 7

Sunil
Sunil

Reputation: 166

I solved this by using the instructions from npm-check-updates:

npm install -g npm-check-updates
ncu
ncu -u # To update all the dependencies to the latest
ncu -u "specific module name"  # In case you want to update specific dependencies to the latest

Upvotes: 7

manncito
manncito

Reputation: 4122

I really like how npm-upgrade works. It is a simple command line utility that goes through all of your dependencies and lets you see the current version compared to the latest version and update if you want.

Here is a screenshot of what happens after running npm-upgrade in the root of your project (next to the package.json file):

npm upgrade example

For each dependency you can choose to upgrade, ignore, view the changelog, or finish the process. It has worked great for me so far.

To be clear this is a third party package that needs to be installed before the command will work. It does not come with npm itself:

npm install -g npm-upgrade

Then from the root of a project that has a package.json file:

npm-upgrade

Upvotes: 60

Ogglas
Ogglas

Reputation: 70176

Commands that I had to use to update package.json for NPM 3.10.10:

npm install -g npm-check-updates
ncu -a
npm install

Background:

I was using the latest command from @josh3736 but my package.json was not updated. I then noticed the description text when running npm-check-updates -u:

The following dependency is satisfied by its declared version range, but the installed version is behind. You can install the latest version without modifying your package file by using npm update. If you want to update the dependency in your package file anyway, run ncu -a.

Reading the documentation for npm-check-updates you can see the difference:

https://www.npmjs.com/package/npm-check-updates

-u, --upgrade: overwrite package file

-a, --upgradeAll: include even those dependencies whose latest version satisfies the declared semver dependency

ncu is an alias for npm-check-updates as seen in the message when typing npm-check-updates -u:

[INFO]: You can also use ncu as an alias

Upvotes: 9

fotijr
fotijr

Reputation: 1096

If you use Yarn, the following command updates all packages to their latest version:

yarn upgrade --latest

From their documentation:

The upgrade --latest command upgrades packages the same as the upgrade command, but ignores the version range specified in package.json. Instead, the version specified by the latest tag will be used (potentially upgrading the packages across major versions).

Upvotes: 17

miqrc
miqrc

Reputation: 2384

I found another solution for recent versions of NPM. I want to replace all the "*" dependencies with the explicit latest version number. None of the methods discussed has worked for me.

I did:

  1. Replace all "*" with "^0.0.0"
  2. Run npm-check-updates -u

Everything in package.json now is updated to the last version.

Upvotes: 5

Mike
Mike

Reputation: 14616

An automatic update is possible with NPM-script:

{
    "_cmd-update-modules": "npm run devops-update-modules",
    "scripts": {
        "create-global-node-modules-folder": "if not exist \"%appdata%\\npm\\node_modules\" mkdir %appdata%\\npm\\node_modules",
        "npm-i-g": "npm i npm@latest -g",
        "npm-check-i-g": "npm i npm-check@latest -g",
        "eslint-i-g": "npm i eslint@latest -g",
        "npm-check-u-l": "npm-check \"C:\\Program Files\\nodejs\\node_modules\\npm\" -y",
        "npm-check-u-g": "npm-check \"C:\\Program Files\\nodejs\\node_modules\\npm\" -y -g",
        "npm-deep-update-l": "npm update --depth 9999 --dev",
        "npm-deep-update-g": "npm update --depth 9999 --dev -g",
        "npm-cache-clear": "npm cache clear --force",
        "devops-update-modules": "npm run create-global-node-modules-folder && npm run npm-i-g && npm run npm-check-i-g && npm run eslint-i-g && npm run npm-check-u-l && npm run npm-check-u-g && npm run npm-deep-update-l && npm run npm-deep-update-g && npm run npm-cache-clear"
    }
}

For further details and step-by-step manual: How can I update all Node.js modules automatically?

Upvotes: 1

tom
tom

Reputation: 10601

There is an online package.json update tool. The versions can also be selected via a dropdown.

It also updates to the major version, which npm outdated and ncu don't do.

Paste the package.json content into the input field and let it parse:

Enter image description here

The output looks like this:

Enter image description here

Upvotes: 4

Corno
Corno

Reputation: 5396

I find that npm-check-updates works well, but it is extremely heavy in its dependencies (currently 312 packages).

I created a limited, but extremely lightweight, (no dependencies) tool to update dependencies: npm-updatedependencies2latest

Maybe it might be a good solution for others as well.

Upvotes: 0

raddevus
raddevus

Reputation: 9087

Here in 2023, I simply used:

npm update

Many packages are updated at that point, but you may get a message that some need to be fixed. In that case, I then ran:

npm audit fix --force

Finally, to make sure it is all installed, I ran:

npm install

That's it; my packages were updated.
There isn't any need to manually edit your configuration files.

Upvotes: -2

Ubuntu4Life
Ubuntu4Life

Reputation: 21

Expanding on kozlovd's answer, I built a Bash script to update any npm script in two steps:

  1. This gives you the number of npm packages, if you get an error count them manually.

    npm list | wc -l

  2. Here replace NUM_PKGS with the number of packages and if you got "UNMET DEPENDENCY" error in the previous command replace $2 for $4.

    NUM_PKGS=9999; npm list --no-unicode | awk -v NUM_PKGS=$NUM_PKGS '{\
    if (NR>1 && NR <NUM_PKGS) {\
        pver=A[split($2,A,"@")];\
        print substr($2,0,length($2)-length(pver))"latest";\
    }\
}' | xargs -r npm i

Explanation: The command number 2 first gets the package names and only operates over the lines with them in case of an "UNMET DEPENDENCY" error, then AWK iterates over each package name, it gets the version value and replaces it by "latest", lastly all those packages with the version replaced are collected by xargs who concatenates them after "npm i" to finally install all of them with the latest version.

These steps can update a new project with packages without a set version or an existing project.

Upvotes: 0

husayt
husayt

Reputation: 15149

As it's almost been 10 years since the original question, and many of the answers are either outdated or not recommended.

I would use something which is package manager-agnostic, i.e., can work with npm, pnpm, Yarn or others.

Lately I have been using taze.

You can either add it to your development dependencies and run from there or run without installation with npx taze or pnpx taze, etc.

Upvotes: 6

kozlovd
kozlovd

Reputation: 29

This can be helpful:

npm outdated | awk '{ if (NR>1) {print $1"@"$4} }' | xargs npm i

Upvotes: 0

Sumomo
Sumomo

Reputation: 623

The easiest way to do this as of today is use pnpm rather than npm and simply type:

pnpm update --latest

Upvotes: 1

Chukwuemeka Maduekwe
Chukwuemeka Maduekwe

Reputation: 8566

Safe update

  1. Use npm outdated to discover dependencies that are out of date.

  2. Use npm update to perform safe dependency upgrades.

  3. Use npm install <packagename>@latest to upgrade to the latest major version of a package.

Breaking Update

  1. Use npx npm-check-updates -u.

  2. npm install to upgrade all dependencies to their latest major versions.

Upvotes: 32

GollyJer
GollyJer

Reputation: 26762

If you happen to be using Visual Studio Code as your IDE, this is a fun little extension to make updating package.json a one click process.

note: After updating packages in package.json file, run npm update to install the new versions.

Version Lens

enter image description here

GitLab Repo

Upvotes: 220

Related Questions