Should I use npm install or npm update to keep my code up to date?

Question

So I'm working on some projects within my work space and I notice that a lot of my dependencies are roughly 3 years old, including React itself. The thing I'm worried about is that if I run npm install or npm update that things might break and I could run into a plethora of issues. In my scenario I would like to know if it is better for me to do an npm install, npm update, or just leave it the way it is? (which I'm sure no one would recommend).

Here is our package.json file

{
  "name": "my-app",
  "version": "0.0.2",
  "main": "index.js",
  "license": "MIT",
  "scripts": {
    "start": "node src/entry",
    "start-dev": "npm-run-all --parallel build babel-node",
    "serve": "live-server public/",
    "build-linux": "clear && webpack && clear && yarn build-server && clear && yarn start",
    "build-windows": "cls && webpack && cls && yarn build-server && cls && yarn start",
    "build-server": "babel src/server -d src",
    "dev-server": "webpack-dev-server",
    "babel-node": "nodemon --exec babel-node src/server.js"
  },
  "dependencies": {
    "aws-sdk": "^2.358.0",
    "axios": "^0.19.0",
    "babel-cli": "^6.26.0",
    "babel-core": "^6.26.3",
    "babel-loader": "7.1.1",
    "babel-plugin-transform-class-properties": "6.24.1",
    "babel-polyfill": "^6.26.0",
    "babel-preset-env": "^1.7.0",
    "babel-preset-react": "6.24.1",
    "babel-preset-stage-0": "^6.24.1",
    "bcryptjs": "^2.4.3",
    "body-parser": "^1.18.2",
    "core-js": "^2.5.3",
    "css-loader": "0.28.4",
    "express": "latest",
    "file-loader": "^1.1.5",
    "fs": "0.0.1-security",
    "google-maps-react": "^1.1.4",
    "html2canvas": "^1.0.0-rc.3",
    "image-webpack-loader": "^4.6.0",
    "immutability-helper": "^2.4.0",
    "jquery": "^3.4.1",
    "jsonwebtoken": "^8.1.0",
    "jspdf": "^1.5.3",
    "lodash": "^4.17.14",
    "moment": "^2.22.2",
    "node-sass": "^4.11.0",
    "nodemailer": "^4.7.0",
    "normalize.css": "7.0.0",
    "npm": "^6.10.1",
    "promise-mysql": "^3.1.0",
    "prop-types": "^15.6.0",
    "react": "^16.0.0",
    "react-csv": "^1.0.14",
    "react-dom": "^16.0.0",
    "react-router-dom": "4.2.2",
    "react-scripts": "^2.1.3",
    "sass-loader": "6.0.6",
    "socket.io": "^2.0.3",
    "style-loader": "0.18.2",
    "table2csv": "^1.1.1",
    "twilio": "^3.24.0",
    "validator": "8.0.0",
    "webpack": "^3.12.0",
    "webpack-dev-middleware": "^3.5.0",
    "webpack-dev-server": "^3.1.14"
  },
  "devDependencies": {
    "concurrently": "^3.5.0",
    "npm-run-all": "^4.1.1"
  }
}

I already tried updating my react and react-dom versions to the latest, but I started getting warnings about componentWillMount and componentWillReceiveProps being outdated. I tried updating react-router-dom to get rid of some of those warnings, considering they were pointing to things like Link, Route, Switch, but that did not suppress them.

If anyone knows what the best way for me to go about this would be, and what the effects of npm install vs npm update would do to my system that would be great. I know what each of them is capable of doing, but I'm just trying to be cautious and want to know which one would be better in my scenario. Thanks.

Answer 1

When you run npm install on a project, npm installs latest versions satisfying the semantic versioning ranges defined in your package.json. After initial install, re-running npm install does not update existing packages since npm already finds satisfying versions installed on the file system.

When you run npm update it freshen already installed packages. When you run npm update, npm checks if there exist newer versions in the repository that satisfy specified semantic versioning ranges and installs them.

I would say "bite the bullet" and update them to latest. It will be a tedious task but if you are looking to maintain this for longer run, it is your best bet.

Answer 2

Updating stuff can break things or some dependencies will be deprecated after an update. I would not update anything unless it is necessary.