How can I update each dependency in package.json to the latest version?

Asked 18/4, 2013 at 2:39 Answered 26/5, 2023 at 17:8

2786

I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.

What's the easiest way to do this?

The best way I know is to run npm info express version and then update each dependency in package.json manually. There must be a better way.

{
  "name": "myproject",
  "description": "my node project",
  "version": "1.0.0",
  "dependencies": {
    "express": "^3.0.3", // how do I get these bumped to latest?
    "mongodb": "^1.2.5",
    "underscore": "^1.4.2"
  }
}

For Yarn-specific solutions, refer to this Stack Overflow question.

Chlortetracycline answered 18/4, 2013 at 2:39 Comment(8)

There NEEDS to be some better answers here. Obviously with dependency resolution, you can't always have the latest version of everything. Maximizing the greatest number of latest versions of modules is just that, some sort of optimization problem. But NPM doesn't know which modules you want to be most recent more than others. It would be cool if there was something like this: npm update --latest x y z, where x y z are the modules you want to be as recent as possible and all other modules will follow with their most recent compatible version. – Shekinah 26/10, 2016 at 17:18

npm will correctly handle version conflicts between shared dependencies by downloading the correct one for each. So, if Dep A depends on Dep C v1.0.0 and Dep B depends on Dep C v2.0.0, they will each be installed and used appropriately. Therefore, you are free to install the latest of any packages you would like. – Chlortetracycline 26/10, 2016 at 20:59

Try this to force upgrade: npm outdated | sed '1d; s/ .*/@latest/' | xargs npm i --save – Perlie 23/8, 2019 at 14:53

I'm always checking this answer. But I see that it has slipped in the Google results. Hopefully this comment will help push it's relevance back up!! – Anatolian 9/9, 2019 at 5:42

@RaineRevere Seems something has happened about this during 2017 (npm 5.0). Would you be so kind and check #16525930 and maybe add a reference to it? Some answers below mention 'npm outdated' and 'nom update' but they are lost in the dust. I found your question by search but the other one seems more up-to-date. – Cundiff 23/11, 2019 at 17:54

@Cundiff They seem to be different questions and solutions afaict. This question is "How to update to latest?" and the one you referenced is "How to check outdated?" – Chlortetracycline 24/11, 2019 at 19:10

Or you can set the version = "latest" for all dependencies, and then run npm i. – Heretic 16/8, 2020 at 23:11

In case of yarn you can update your package.json using this command:

yarn add bootstrap@latest mongoose@latest next@latest next-auth@latest react@latest react-bootstrap@latest react-dom@latest

– Thimbleful 3/11, 2020 at 6:35

3382

It looks like npm-check-updates is the only way to make this happen now.

npm i -g npm-check-updates
ncu -u
npm install

Or using npx (so you don't have to install a global package):

npx npm-check-updates -u
npm install

On npm <3.11:

Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).

Before:

  "dependencies": {
    "express": "*",
    "mongodb": "*",
    "underscore": "*",
    "rjs": "*",
    "jade": "*",
    "async": "*"
  }

After:

  "dependencies": {
    "express": "~3.2.0",
    "mongodb": "~1.2.14",
    "underscore": "~1.4.4",
    "rjs": "~2.10.0",
    "jade": "~0.29.0",
    "async": "~0.2.7"
  }

Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.

On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

For Yarn specific solution, refer to this Stack Overflow answer.

Selma answered 18/4, 2013 at 3:35 Comment(31)

Great answer, thank you. npm outdated doesn't seem to work for me, unless I'm misunderstanding what it does. I changed async to "0.2.5", reinstalled it, and ran npm outdated and it returned an empty line. – Chlortetracycline 18/4, 2013 at 20:14

Looks like using * is not recommended package.json.nodejitsu.com. Is that any specific reason? – Thumb 1/8, 2013 at 7:38

@thefourtheye: You generally shouldn't leave * in package.json since you might end up automatically installing a new module version with breaking changes that break your app. Since we're using --save here, the * is replaced with each package's current version. – Selma 1/8, 2013 at 14:15

Tip: Change version numbers like "~3.2.0" to "~3" after the install. This will allow minor version and patch updates (which are backwards compatible in semver) and ignore major version updates (which may be breaking). The magic of '~'! – Chlortetracycline 15/10, 2013 at 13:42

I'm not able to get this to work. Has something changed with npm since this answer was posted? When I use the wildcard and then npm install --save the wildcard is left in my package.json. – Dunno 9/12, 2013 at 22:5

@davidtheclark: Yes, npm 1.3 (released with node 0.10.13) made changes that result in npm install --save not updating package.json. Fortunately, npm update --save still works. – Selma 10/12, 2013 at 2:17

Unfortunately, using update doesn't work either, for me. I'm still left with the wildcards. Is there any documentation about this that you know of, or any other resources I might look at? – Dunno 30/12, 2013 at 21:3

A bit old but that might help other people: github.com/tjunnone/npm-check-updates | Use npm install -g npm-check-updates to install, then npm-check-updates to check if your dependencies have updates, and npm-check-updates -u to update your package.json versions. Then it's just npm install and it will download new versions. – Hemidemisemiquaver 15/1, 2014 at 13:44

Is there a way to get npm outdated to only show outdated dependencies that are direct dependencies of your project? It seems to also show outdated dependencies for packages in your node_modules directory. – Eulogium 18/6, 2014 at 22:14

Your problem is probably coming from the fact that you try to update dev packages by typing npm update --save instead of npm update --save-dev. – Barvick 19/8, 2014 at 21:44

npm-check-updates is now the officially supported method for updating your package version numbers to the latest. – Chlortetracycline 12/12, 2014 at 16:2

@Raine, that's a third-party module. While useful, I don't see anything that indicates it's officially supported by npm. – Selma 12/12, 2014 at 18:38

Yes, poor choice of words. It's the "best" solution that I know of. Not official. – Chlortetracycline 13/12, 2014 at 21:42

npm update --save seems to destroy git dependencies. Turns them into local file: dependencies. – Amiens 11/1, 2015 at 16:24

delete npm_modules folder just in case you have the updated version already (it will keep the * if so) – Shainashaine 9/4, 2015 at 10:0

In text editor, use regexp replace(i used Eclipse Find/Replace with checked Regular Expressions) to quickly go thru all entries Find: : ".*?" Replace with: : "*" Put cursor to first dependency, and tap Replace/Find until reach end of list – Selfeffacing 21/10, 2015 at 7:55

npm update --save (and --save-dev) works fine in 5.3.0 (current version at the moment) – Sanfo 30/8, 2017 at 3:1

If you're running npm >= 5.2 you can just run npx npm-check-updates as a single command without having to install globally first – Sere 27/10, 2017 at 13:43

The * option does not work for me. I forced to change the module version number to a small number, for example, 0.0.1, then run ncu -u and it worked. – Eolian 28/1, 2018 at 8:18

Seriously, it is 2018 and I still need to install an additional npm package to do something simple as updating a package. – Binocular 29/1, 2018 at 14:2

Nope. Running npx npm-check-updates gives me require.extensions.hasOwnProperty is not a function – Carmelacarmelia 15/3, 2018 at 22:16

Wow, there is no official way? No feature in npm to update ALL to the LATEST version? That's weak. – Donny 26/4, 2018 at 16:1

on second step, you will have to do ncu -ua in case you want version to persist in package.json – Giddens 18/5, 2018 at 19:4

npm-check-updates does not work as described in the answer. As documented, it won't touch the * wildcard. Replace "*" with "^0.0.0" before running ncu -u. – Anatomist 27/3, 2019 at 16:58

It's curious that the author of the npm-check-updates package suggested in this answer is actually the OP... you have now entered the twilight zone – Famous 22/4, 2019 at 13:37

Is it fully safe to forcibly update all the packages to each of the respective latest version? Why the command npm update does not do it then? Package versions dependencies problems? – Frons 7/2, 2020 at 9:42

What about yarn – Undermost 9/4, 2020 at 23:15

@Undermost Check this thread #62651140 – Jerz 3/7, 2021 at 18:3

ncu -u will upgrade package version ignoring the semver, for example, it will upgrade from "^1.7.0" to "^4.2.0". how can I just upgrade to the latest version but still match semver? I know Deleting package-lock.json will make NPM install lastest version, but it can't get package.json update. – Poetics 8/9, 2021 at 3:25

Update all at once npm i -g npm-check-updates && ncu -u && npm install – Bree 13/5, 2022 at 16:58

To prevent weird errors, it's better to delete node-modules folder after the ncu -u step and then run npm install – Excrement 19/4, 2023 at 14:46

1353

npm-check-updates is a utility that automatically adjusts a package.json file with the latest version of all dependencies.

See npm-check-updates

npm install -g npm-check-updates
ncu -u
npm install

A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm is:

npx npm-check-updates -u
npm install

Iny answered 3/4, 2014 at 21:53 Comment(16)

This should be available natively through npm command itself, indeed best solution so far to update the dependencies. – Cristiano 17/5, 2014 at 11:4

Should be part of npm natively, fully agree. However, it is not and this solution comes in like a breeze. Thank you. – Radar 23/6, 2014 at 20:19

i assume you fellows are pushing [HARD] to get this into the core npm? – Maduro 28/1, 2015 at 22:2

$ ncu //checking for updates. $ ncu -a //updating package.json – Alphabetical 8/12, 2015 at 15:27

@wisemann would you also have to run npm install after the package.json file is updated? – Papyrology 17/12, 2015 at 0:57

@Papyrology Yes if you didn't install before. Otherwise use npm update. ncu just updates package.json. It doesn't install or update 'node_modules'. – Alphabetical 17/12, 2015 at 13:19

BAD: it doesn't respect semver settings in ~/.npmrc!!! I have save-prefix=~ but it bumped me from convict ~1.5.0 → ~2.0.0 -- that's not what I have set in npmrc. – Tanguay 3/2, 2017 at 19:30

Didn't work for private packages. All packages still have * instead of version. Tried to remove node_modules – Connie 20/11, 2017 at 12:40

This worked for me with any version of NPM: 1) Delete node_modules, 2) ncu -a, 3) npm install. @Lukas Liesis, if you first delete your NPM cache: npm cache clean <path_to_npmcache_your_local_module> or npm cache --force (for the whole cache) and specify the file path instead of * ("bar": "file:../foo/bar"), then I think that should work. – Mayest 22/11, 2017 at 20:33

@jcollum, I didn't try the steps above with save-prefix options. – Mayest 22/11, 2017 at 20:34

useless package, updating only part of packages with ncu -a, not updating package.json also. – Interlope 19/5, 2018 at 8:40

Imagine that your module depend on Dep A latest version, but Dep A depends on Dep B specifically on v.1.0.0, while there is already a Dep B v1.0.1. If Dep A is not tested to work on Dep B v1.0.1, you should not force Dep B to be the on the latest version because things can break. You should contact the developer of Dev A and tell him to update his dependencies and test it. If you force everything to be on the latest versions, things can break, and probably that's the reason why npm does not support officially this solution. – Frons 2/3, 2019 at 11:49

@AlexanderKim maybe this was a bug but this is fixed now, I ran npx npm-check-updates -u and got the package.json updated as well as the modules themselves. – Purplish 13/3, 2019 at 9:32

npx npm-check-updates -u was the answer for me – Siusan 21/7, 2021 at 15:1

npx npm-check-updates -u $ npm install This was the only thing that worked for me. Thank you – Indira 15/7, 2023 at 5:55

466

Updated for npm v2+

npm 2+ (Node.js 0.12+):

npm outdated
npm update
git commit package-lock.json

Ancient npm (circa 2014):

npm install -g npm-check-updates
npm-check-updates
npm shrinkwrap
git commit package-lock.json

Be sure to shrinkwrap your dependencies, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run, because my dependencies were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.

Details

For the curious who make it this far, here is what I recommend:

Use `npm-check-updates` or `npm outdated` to suggest the latest versions.

# `outdated` is part of newer npm versions (2+)
npm outdated

# If you agree, update.
npm update

#       OR

# Install and use the `npm-check-updates` package.
npm install -g npm-check-updates

# Then check your project
npm-check-updates

# If you agree, update package.json.
npm-check-updates -u

Then do a clean install (without the rm I got some dependency warnings)

rm -rf node_modules
npm install

Lastly, save exact versions to `npm-shrinkwrap.json` with `npm shrinkwrap`

rm npm-shrinkwrap.json
npm shrinkwrap

Now, `npm install` will now use exact versions in `npm-shrinkwrap.json`

If you check npm-shrinkwrap.json into Git, all installs will use the exact same versions.

This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).

P.S.: Yarn is sending your package list to Facebook.

Mauldin answered 2/6, 2015 at 22:29 Comment(4)

For sure. If you create and npm-shrinkwrap.json into source, and commit whenever you update, you can always 'go back to where you were'. I overlooked shrinkwrap feature when I started. – Mauldin 31/12, 2015 at 16:1

this does not answer the question. The question is how to update the latest version. npm update only updates to the semver version, not the latest. – Cam 27/9, 2016 at 12:53

Would be great if npm update actually updated package.json. Per github.com/npm/npm/issues/13555 this is a bug which is not fixed after 2 years. npmjs.com/package/npm-check-updates is the current way to go – Pleat 4/6, 2018 at 0:51

I love the outdated option to see first what's to be updated .... nice one!! – Skep 11/4 at 6:3

234

To update one dependency to its lastest version without having to manually open the package.json and change it, you can run

npm install {package-name}@* {save flags?}

i.e.

npm install express@* --save

This flow is compatible with workspaces, i.e.

npm --workspace some/package install express@*

For reference, npm-install

Note: Some npm versions may need latest flag instead, i.e. npm install express@latest

As noted by user Vespakoen on a rejected edit, it's also possible to update multiple packages at once this way:

npm install --save package-nave@* other-package@* whatever-thing@*

He also apports a one-liner for the shell based on npm outdated. See the edit for code and explanation.

PS: I also hate having to manually edit package.json for things like that ;)

Varhol answered 30/4, 2014 at 14:51 Comment(7)

This solution is great. Quick and easy way to explicitly update a single package to the latest version without installing any new modules. I like npm-check-updates, but afaik it tries to keep all packages up to date, which isn't always what you want. – Eulogium 3/4, 2015 at 18:45

this doesn't work for me npm install react-native-image-picker@* --save – Interdental 5/11, 2015 at 17:17

Use npm outdated -l to show whether each package is a dependency or devDependency. Use npm install --save-dev to save as a devDependency. – Lunkhead 20/10, 2016 at 5:3

@Chev: ncu can easily target a single or several packages with ncu express mocha chai. You can also exclude packages with ncu -x mocha. I agree the above is the simplest solution though for updating a single package. – Chlortetracycline 27/12, 2016 at 1:5

If using bash, an alias with the following oneliner to update devDeps npm outdated -lp|awk -F':' '$5~/^dev/{print $4}'|xargs npm i -D and this for update deps npm outdated -lp|awk -F':' '$5~/^dep/{print $4}'|xargs npm i -P. – Mariehamn 7/6, 2018 at 23:1

I just used something similar that worked, from possibly more recent docs... uses "latest" instead of "*" npm install {package-name}@latest {save flags} – Loganloganberry 20/8, 2018 at 18:49

Many thanks, this solution is great and exactly what I am looking for. It allows you to update a particular package without the need to update every other dependency which may lead to unforeseen problems! – Pym 20/11, 2018 at 10:13

215

If you happen to be using Visual Studio Code as your IDE, this is a fun little extension to make updating package.json a one click process.

_{note: After updating packages in package.json file, run npm update to install the new versions.}

Version Lens

GitLab Repo

Constructionist answered 27/3, 2017 at 20:0 Comment(5)

There's sublime text 3 version here: github.com/yavorsky/Bump, though a bit slow. – Interlope 24/5, 2018 at 10:46

Worked beautifully, in case it is not clear to anyone, this simply checks the versions in your package.json against the latest npm repository versions, and allows you to click on a version to update the text content in your package.json. You then need to run "npm update" to tell npm to install the new versions. – Conflagrant 8/6, 2018 at 11:8

Note that it is already possible to see the latest version of the package dependencies with a brief description in built-in Visual Studio Code by mouse hovering on the package entry: Built-in Package Version Hint – Herein 25/8, 2018 at 21:9

Note that it does not automatically install packages when clicking a code lens link! It simply updates the package.json version text. – Unpractical 30/8, 2019 at 23:22

This saved me a lot of time, I had to update all dependencies in a project. Thank you very much – Foreland 11/6, 2023 at 19:29

This works as of npm 1.3.15.

"dependencies": {
  "foo": "latest"
}

Phylis answered 21/1, 2014 at 22:35 Comment(4)

Good to know. My guess is that this would generally be a bad practice on any production site because it will update to potentially backwards-incompatible versions automatically. The '~2' syntax locks you into a given major version number, which following semver will be backwards compatible. – Chlortetracycline 7/2, 2014 at 18:21

You can always freeze deps on prod. Theres a command for that. -2 sounds ok. – Phylis 20/2, 2014 at 17:50

I like using this along with npm shrinkwrap to freeze deps. – Sulfurous 17/7, 2014 at 22:6

If we do this, then how do we know the actual version of that package? Say I had an entry called "react": "16.9.0" and then I added latest to it and ran npm i, after this how do I find which version of react is now in my project? since "react":"latest" is whats left in my package.json, not a number even after I did npm i – Xerophyte 19/2, 2020 at 17:57

Use * as the version for the latest releases, including unstable
Use latest as version definition for the latest stable version
Modify the package.json with exactly the latest stable version number using LatestStablePackages

Here is an example:

"dependencies": {
        "express": "latest"  // using the latest STABLE version
    ,   "node-gyp": "latest"    
    ,   "jade": "latest"
    ,   "mongoose": "*" // using the newest version, may involve the unstable releases
    ,   "cookie-parser": "latest"
    ,   "express-session": "latest"
    ,   "body-parser": "latest"
    ,   "nodemailer":"latest"
    ,   "validator": "latest"
    ,   "bcrypt": "latest"
    ,   "formidable": "latest"
    ,   "path": "latest"
    ,   "fs-extra": "latest"
    ,   "moment": "latest"
    ,   "express-device": "latest"
},

Histopathology answered 23/1, 2015 at 3:45 Comment(4)

This is the best answer. – Raskind 10/9, 2018 at 13:23

still the safest approach to take. Good answer. – Goethite 21/1, 2020 at 17:15

"latest" also stops the thrashing that package.json does to your git commit history, each time a package version number changes. The only downside being that in a production release we need to freeze the package version numbers, so that the build does not break. Although we might be able to replace "latest" with the actual semvar values, by handling that in package.json with a run script for a command like npm run build. – Pancho 7/6, 2022 at 9:6

Not sure if npm shrinkwrap is the way to go to freeze version numbers for a production release. But to convert "latest" into exact semvar numbers one could use something like "scripts": { "build" : "npx --yes npm-check-updates --upgrade" } in package.json. – Pancho 7/6, 2022 at 9:40

To see which packages have newer versions available, then use the following command:

npm outdated

to update just one dependency just use the following command:

npm install yourPackage@latest

For example:

My package.json file has dependency:

"@progress/kendo-angular-dateinputs": "^1.3.1",

then I should write:

npm install @progress/kendo-angular-dateinputs@latest

What does --save-dev mean?

npm install @progress/kendo-angular-dateinputs@latest --save-dev

As npm install docs says:

-D, --save-dev: Package will appear in your devDependencies.

Jarvis answered 7/12, 2017 at 7:1 Comment(3)

Nice but it looks like that --save (or --save-dev) is not mandatory for update. – Roslyn 27/7, 2018 at 23:18

@Roslyn yeah, you are right! Please, see my updated answer! Thanks! – Jarvis 17/3, 2021 at 10:22

how does this answer the question to 'update each dependency'? Isn't this a manual solution by dependency, not a solution that updates all dependencies? And to the latest major version? – Commuter 9/5, 2022 at 18:32

I really like how npm-upgrade works. It is a simple command line utility that goes through all of your dependencies and lets you see the current version compared to the latest version and update if you want.

Here is a screenshot of what happens after running npm-upgrade in the root of your project (next to the package.json file):

For each dependency you can choose to upgrade, ignore, view the changelog, or finish the process. It has worked great for me so far.

To be clear this is a third party package that needs to be installed before the command will work. It does not come with npm itself:

npm install -g npm-upgrade

Then from the root of a project that has a package.json file:

npm-upgrade

Shiver answered 22/8, 2017 at 20:8 Comment(5)

Hmm, npm-upgrade did not work for me, but npm upgrade did and it updated my package.json file which was exactly what I was looking for. – Smilax 24/5, 2018 at 12:44

Hmm interesting, was there an error? The idea behind using npm-upgrade is that you get to see exactly what is being upgraded and pick and choose which ones get upgraded. npm upgrade may work fine for most people but sometimes you need to have a little more control when upgrading. – Shiver 24/5, 2018 at 21:48

@Grandizer: upgrade is an alias for update, so there should be no difference between them. However, npm 6.2.0 is buggy, and may not udpate package.json. – Walli 25/7, 2018 at 1:39

You can also use this with npx: npx npm-upgrade - quite cool! :) – Unmoor 26/2, 2019 at 23:37

Please review Why not upload images of code/errors when asking a question? (e.g., "Images should only be used to illustrate problems that can't be made clear in any other way, such as to provide screenshots of a user interface.") and do the right thing (it covers answers as well, and it also covers program (text) input and output). Thanks in advance. – Flue 31/8, 2023 at 16:42

The only caveat I have found with the best answer is that it updates the modules to the latest version. This means it could update to an unstable alpha build.

I would use that npm-check-updates utility. My group used this tool and it worked effectively by installing the stable updates.

As Etienne stated: install and run with this:

npm install -g npm-check-updates
npm-check-updates -u
npm install

Amphicoelous answered 11/2, 2015 at 23:37 Comment(3)

rm -rf node_modules before npm install got rid of some dependency warnings for me. – Mauldin 2/6, 2015 at 22:24

Just in case you have "*" in package.json, simply change it to "0" or "0.0" or "0.0.0" before running npm-check-updates. – Messene 3/11, 2015 at 12:44

You should link directly to whatever the "best answer above" is/was. While your answer stands alone, that explanation isn't clear. – Extinguisher 2/6, 2022 at 21:19

I use npm-check to achieve this.

npm i -g npm npm-check
npm-check -ug # To update globals
npm-check -u # To update locals

Another useful command list which will keep exact version numbers in package.json:

npm cache clean
rm -rf node_modules/
npm i -g npm npm-check-updates
ncu -g # Update globals
ncu -u # Update locals
npm I

You can use yarn upgrade-interactive --latest if you are using Yarn.

Overleap answered 17/4, 2017 at 14:16 Comment(2)

yarn upgrade-interactive --latest is a better option now – Overleap 14/7, 2022 at 13:15

wouldn't that install latest Major? That's not usually better. – Slater 19/8, 2023 at 16:56

Safe update

Use npm outdated to discover dependencies that are out of date.
Use npm update to perform safe dependency upgrades.
Use npm install <packagename>@latest to upgrade to the latest major version of a package.

Breaking Update

Use npx npm-check-updates -u.
npm install to upgrade all dependencies to their latest major versions.

Schuller answered 30/10, 2020 at 8:9 Comment(2)

The commands listed in the answer are incorrect and will error out. Please note that npm install @latest should really be npm install <PACKAGE>@latest. – Elrod 11/8, 2021 at 7:57

Works fine for me and my macbook – Matsuyama 18/4, 2023 at 16:29

Here is a basic regex to match semantic version numbers so you can quickly replace them all with an asterisk.

Semantic Version Regex

([>|<|=|~|^|\s])*?(\d+\.)?(\d+\.)?(\*|\d+)

How to use

Select the package versions you want to replace in the JSON file.

Input the regex above and verify it's matching the correct text.

Replace all matches with an asterisk.

Run npm update --save

Sulfurous answered 4/3, 2016 at 15:21 Comment(2)

doesn't when there is number in a package name. i.e.: babel-preset-es2015, babel-preset-stage-0, hex2rgba. Maybe search for quote/double quote at the beggining: ('|")([>|<|=|~|^|\s])*?(\d+\.)?(\d+\.)?(\*|\d+) – Eleemosynary 15/9, 2017 at 9:47

on any editor that supports multiple carets (ej Sublime Text) you can select the first : and press ctrl+d multiple times until you select them all, then go to the version number (press right arrow 2 times) and press ctrl space, then write "*" – Umbel 18/9, 2017 at 2:47

If you want to use a gentle approach via a beautiful (for terminal) interactive reporting interface I would suggest using npm-check.

It's less of a hammer and gives you more consequential knowledge of, and control over, your dependency updates.

To give you a taste of what awaits here's a screenshot (scraped from the git page for npm-check):

Lyonnais answered 27/11, 2018 at 6:4 Comment(1)

As of npm version 5.2.0, there is a way to run this in a single line without installing any additional packages to your global npm registry nor locally to your application. This can be done by leveraging the new npx utility that's bundled with npm. (Click here to learn more.)

Run the following command in the root of your project:

npx npm-check-updates -u && npm i

Chrystel answered 1/2, 2019 at 20:6 Comment(0)

This feature has been introduced in npm v5. Update to npm using npm install -g npm@latest and to update package.json:

delete folder node_modules and package-lock.json (if you have any)
run npm update. This will update the dependencies in package.json to the latest, based on semantic versioning.

To update to the very latest version, you can go with npm-check-updates.

Unyoke answered 1/6, 2017 at 5:34 Comment(0)

I recently had to update several projects that were using npm and package.json for their gruntfile.js magic. The following Bash command (multiline command) worked well for me:

npm outdated --json --depth=0 | \
jq --ascii-output --monochrome-output '. | keys | .[]' | \
xargs npm install $1 --save-dev

The idea here:

To pipe the npm outdated output as JSON, to jq (jq is a JSON command line parser/query tool) (notice the use of --depth argument for npm outdated).

jq will strip the output down to just the top-level package name only. Finally xargs puts each LIBRARYNAME one at a time into a npm install LIBRARYNAME --save-dev command.

The above is what worked for me on a machine running: node=v0.11.10 osx=10.9.2 npm=1.3.24

This required: xargs (native to my machine I believe) and jq (I installed it with brew install jq).

Note: I only save the updated libraries to package.json inside of the JSON key devDependancies by using --save-dev. That was a requirement of my projects, quite possible not yours.

Afterwards, I check that everything is gravy with a simple

npm outdated --depth=0

Also, you can check the current top-level installed library versions with

npm list --depth=0

Praiseworthy answered 28/4, 2014 at 19:14 Comment(3)

I love jq and use it almost everyday, but for this purpose I use simple awk instead: npm outdated --depth=0 | grep -v "^Package" | awk '{print $1}' | xargs npm install $1 --save-dev – Tat 10/11, 2014 at 2:55

Re "devDependancies": [sic]. Is it actually present? Not "devDependencies"? – Flue 2/11, 2023 at 3:58

If you use Yarn, the following command updates all packages to their latest version:

yarn upgrade --latest

From their documentation:

The upgrade --latest command upgrades packages the same as the upgrade command, but ignores the version range specified in package.json. Instead, the version specified by the latest tag will be used (potentially upgrading the packages across major versions).

Punchy answered 17/4, 2018 at 13:14 Comment(2)

Doesn't update the dependencies in package.json - github.com/yarnpkg/yarn/issues/4390 – Lowpitched 13/1, 2020 at 15:26

@Lowpitched Please refer to this YARN specific thread #62651140 – Jerz 21/10, 2020 at 13:43

Use Updtr!

Based on npm outdated, updtr installs the latest version and runs npm test for each dependency. If the test succeeds, updtr saves the new version number to your package.json. If the test fails, however, updtr rolls back its changes.

Loquat answered 27/5, 2016 at 22:24 Comment(0)

If you are using yarn, yarn upgrade-interactive is a really sleek tool that can allow you to view your outdated dependencies and then select which ones you want to update.

More reasons to use Yarn over npm. Heh.

Parvenu answered 13/6, 2017 at 10:0 Comment(3)

Yarn is moving fast, hit a 1.0 already and is a damn pleasure to use. This should be the new selected answer. – Lichen 10/9, 2017 at 11:51

Doesn't update the dependencies in package.json - github.com/yarnpkg/yarn/issues/4390 – Lowpitched 13/1, 2020 at 15:27

@JoshHabdas You can follow the following thread for Yarn specific solution.... #62651140 – Jerz 3/7, 2021 at 18:6

Commands that I had to use to update package.json for NPM 3.10.10:

npm install -g npm-check-updates
ncu -a
npm install

Background:

I was using the latest command from @josh3736 but my package.json was not updated. I then noticed the description text when running npm-check-updates -u:

The following dependency is satisfied by its declared version range, but the installed version is behind. You can install the latest version without modifying your package file by using npm update. If you want to update the dependency in your package file anyway, run ncu -a.

Reading the documentation for npm-check-updates you can see the difference:

https://www.npmjs.com/package/npm-check-updates

-u, --upgrade: overwrite package file

-a, --upgradeAll: include even those dependencies whose latest version satisfies the declared semver dependency

ncu is an alias for npm-check-updates as seen in the message when typing npm-check-updates -u:

[INFO]: You can also use ncu as an alias

Montgolfier answered 1/11, 2017 at 13:2 Comment(1)

In npm-check-updates v3, -a is the default behavior, and overwriting the package.json is left solely to the -u option. – Chlortetracycline 1/5, 2019 at 15:40

I solved this by using the instructions from npm-check-updates:

npm install -g npm-check-updates
ncu
ncu -u # To update all the dependencies to the latest
ncu -u "specific module name"  # In case you want to update specific dependencies to the latest

Rusell answered 22/5, 2018 at 14:17 Comment(1)

also there is an option --target minor to update only minor versions – Gravitt 29/1 at 13:56

If you're looking for an easier solution that doesn't involve installing npm packages, I'd checkout updatepackagejson.com

Monostich answered 28/9, 2020 at 0:10 Comment(0)

Try the following command if you are using npm 5 and Node.js 8:

npm update --save

Nagging answered 4/8, 2017 at 11:48 Comment(1)

The update command does not seem to bump dependencies beyond the original definition. If package.json declares "1.2.3" exactly you won't get 1.2.4. That can be good or bad :) – Nahum 17/1, 2018 at 12:5

If you don't want to install global npm-check-updates you can simply run that:

node -e "const pk = JSON.parse(require('fs').readFileSync('package.json', 'utf-8'));require('child_process').spawn('npm', ['install', ...Object.keys(Object.assign({},pk.dependencies, pk.devDependencies)).map(a=>a+'@latest')]).stdout.on('data', d=>console.log(d.toString()))"

Eastward answered 23/6, 2019 at 11:35 Comment(2)

Love it! Best answer here. No unwanted dependencies required for a one-time task. Thank you kind sir! – Flavorous 6/11, 2021 at 19:35

this command not work for us @Node.js v18.14.1 + Windows – Proteolysis 24/2, 2023 at 14:20

As it's almost been 10 years since the original question, and many of the answers are either outdated or not recommended.

I would use something which is package manager-agnostic, i.e., can work with npm, pnpm, Yarn or others.

Lately I have been using taze.

You can either add it to your development dependencies and run from there or run without installation with npx taze or pnpx taze, etc.

Extravert answered 20/10, 2022 at 8:57 Comment(0)

The commands in previous answers are unsafe, because you might break your module when switching versions. Instead I recommend the following:

Set the actual current Node.js modules version into package.json using the npm shrinkwrap command.
Update each dependency to the latest version if it does not break your tests using the next-update command line tool

npm install -g next-update
// from your package
next-update

Pineda answered 2/11, 2014 at 16:43 Comment(2)

Backwards-incompatible changes do need to be safeguarded against for active projects. The OP is more concerned with starting a new project where you want to break things now rather than later and have the latest versions to work from. – Chlortetracycline 12/12, 2014 at 16:5

Re "the next-update command line tool": Which you presumably wrote? That should be revealed. Related (Help Center): How to not be a spammer – Flue 2/11, 2023 at 3:18

I found another solution for recent versions of NPM. I want to replace all the "*" dependencies with the explicit latest version number. None of the methods discussed has worked for me.

I did:

Replace all "*" with "^0.0.0"
Run npm-check-updates -u

Everything in package.json now is updated to the last version.

Herculaneum answered 27/4, 2019 at 10:33 Comment(0)

The following code (which was accepted) wrote me something like "it takes too long blah-blah" and did nothing. Probably using the global flag was the problem, idk.

npm i -g npm-check-updates
ncu -u
npm install

I decided to use my text editor and follow a semi-manual approach instead.

I copied a list like this (just a lot longer) from the dev dependencies of my package.json to the notepad++ text editor:

"browserify": "10.2.6",
"expect.js": "^0.3.1",
"karma": "^0.13.22",
"karma-browserify": "^5.2.0",

I set the search mode to regular expression, used the ^\s*"([^"]+)".*$ pattern to get the package name and replaced it with npm uninstall \1 --save-dev \nnpm install \1 --save-dev. Clicked on "replace all". The otput was this:

npm uninstall browserify --save-dev 
npm install browserify --save-dev
npm uninstall expect.js --save-dev 
npm install expect.js --save-dev
npm uninstall karma --save-dev 
npm install karma --save-dev
npm uninstall karma-browserify --save-dev 
npm install karma-browserify --save-dev

I copied it back to bash and hit enter. Everything was upgraded and working fine. That's all.

"browserify": "^16.1.0",
"expect.js": "^0.3.1",
"karma": "^2.0.0",
"karma-browserify": "^5.2.0",

I don't think it is a big deal, since you have to do it only every now and then, but you can easily write a script, which parses the package.json and upgrades your packages. I think it is better this way, because you can edit your list if you need something special, for example keeping the current version of a lib.

Unwieldy answered 25/2, 2018 at 23:15 Comment(2)

With npm-check-updates, the hanging terminal is a known issue on Windows. Try adding --packageFile package.json so that knows not to wait for stdin. – Chlortetracycline 1/5, 2019 at 15:48

@RaineRevere Thanks! – Unwieldy 1/5, 2019 at 19:46

It's wild to me that 90% of answers is some variant of "use npm-check-updates". Here's what I do (relevant code):

{
  "devDependencies": {
    "updates": "^13.0.5" // the version here could be "latest" or "*" tbh...
  },
  "scripts": {
    "test:dependencies": "updates --update ./",
  }
}

Running npm run test:dependencies (or whatever your dependency update script is called) will check your package.json for the latest versions of every package listed, and it'll let you know when the latest version was published. Run npm i after that and you'll be up to date!

Also, unlike npm-check-updates, updates has zero dependencies (ncu has 29, at the time of this post).

Brae answered 28/4, 2022 at 5:54 Comment(1)

Why is it wild? – Flue 31/8, 2023 at 16:1

There is an online package.json update tool. The versions can also be selected via a dropdown.

It also updates to the major version, which npm outdated and ncu don't do.

Paste the package.json content into the input field and let it parse:

The output looks like this:

Jaxartes answered 26/5, 2023 at 17:8 Comment(0)

Instead of installing yet another Node.js module for a one-off use case, you can just do this in your shell...

npm install $(npm outdated | tail -n +2 | awk '{print $1}' | sed -e 's/$/@latest/g' | tr '\n' ' ')

Impacted answered 9/12, 2022 at 14:56 Comment(0)

An alternative is

"dependencies":{
    "foo" : ">=1.4.5"
}

Every time you use npm update, it automatically updates to the latest version.

For more version syntax, you may check here: https://www.npmjs.org/doc/misc/semver.html

Rhombohedron answered 12/4, 2014 at 16:40 Comment(2)

One reason for versioning is to prevent backwards-incompatible changes from newer major versions. I would recommend against this or '*' version numbers. The OP is related to easing the process while maintaining control over when it occurs. – Chlortetracycline 14/4, 2014 at 14:13

The link is broken (404). – Flue 2/11, 2023 at 3:42

Solution without additional packages

Change every dependency's version to *:

"dependencies": {
    "react": "*",
    "react-google-maps": "*"
  }

Then run npm update --save.

Some of your packages were updated, but some not?

"dependencies": {
    "react": "^15.0.1",
    "react-google-maps": "*"
  }

This is the tricky part, it means your local version of "react" was lower than the newest one. In this case npm downloaded and updated "react" package. However your local version of "react-google-maps" is the same as the newest one.

If you still want to "update" unchanged *, you have to delete these modules from node_modules folder.

e.g. delete node_modules/react-google-maps.

Finally run again npm update --save.

"dependencies": {
    "react": "^15.0.1",
    "react-google-maps": "^4.10.1"
  }

Do not forget to run npm update --save-dev if you want to update development dependencies.

Tufted answered 27/4, 2016 at 14:29 Comment(0)

Greenkeeper if you're using GitHub.

It's a GitHub integration and incredibly easy to set things up. When installed, it automatically creates pull requests in repositories you specify (or all if wanted) and keeps your code always up-to-date, without forcing you to do anything manually. PRs should then trigger a build on a CI service and depending on a successful or failed check you can keep figuring out what's triggering the issue or when CI passes simply merge the PR.

At the bottom, you can see that the first build failed at first and after a commit ("upgrade to node v6.9") the tests pass, so I could finally merge the PR. It comes with a lot of emoji, too.

Another alternative would be https://dependencyci.com/, however I didn't test it intensively. After a first look, Greenkeeper looks better in general, IMO, and has better integration.

Winchell answered 8/1, 2017 at 23:22 Comment(2)

"Greenkeeper has said goodbye" – Flue 31/8, 2023 at 17:17

Definitely not a relevant option anymore :D – Winchell 1/9, 2023 at 19:16

npm outdated
npm update

Should get you the latest wanted versions compatible for your app. But not the latest versions.

Deft answered 15/1, 2017 at 21:27 Comment(0)

An automatic update is possible with NPM-script:

{
    "_cmd-update-modules": "npm run devops-update-modules",
    "scripts": {
        "create-global-node-modules-folder": "if not exist \"%appdata%\\npm\\node_modules\" mkdir %appdata%\\npm\\node_modules",
        "npm-i-g": "npm i npm@latest -g",
        "npm-check-i-g": "npm i npm-check@latest -g",
        "eslint-i-g": "npm i eslint@latest -g",
        "npm-check-u-l": "npm-check \"C:\\Program Files\\nodejs\\node_modules\\npm\" -y",
        "npm-check-u-g": "npm-check \"C:\\Program Files\\nodejs\\node_modules\\npm\" -y -g",
        "npm-deep-update-l": "npm update --depth 9999 --dev",
        "npm-deep-update-g": "npm update --depth 9999 --dev -g",
        "npm-cache-clear": "npm cache clear --force",
        "devops-update-modules": "npm run create-global-node-modules-folder && npm run npm-i-g && npm run npm-check-i-g && npm run eslint-i-g && npm run npm-check-u-l && npm run npm-check-u-g && npm run npm-deep-update-l && npm run npm-deep-update-g && npm run npm-cache-clear"
    }
}

For further details and step-by-step manual: How can I update all Node.js modules automatically?

Aronson answered 17/2, 2019 at 19:46 Comment(0)

The easiest way to do this as of today is use pnpm rather than npm and simply type:

pnpm update --latest

Alpenstock answered 29/4, 2019 at 15:23 Comment(0)

This can be helpful:

npm outdated | awk '{ if (NR>1) {print $1"@"$4} }' | xargs npm i

Lurette answered 8/7, 2022 at 19:32 Comment(0)

Expanding on kozlovd's answer, I built a Bash script to update any npm script in two steps:

This gives you the number of npm packages, if you get an error count them manually.

npm list | wc -l

Here replace NUM_PKGS with the number of packages and if you got "UNMET DEPENDENCY" error in the previous command replace $2 for $4.

NUM_PKGS=9999; npm list --no-unicode | awk -v NUM_PKGS=$NUM_PKGS '{\
    if (NR>1 && NR <NUM_PKGS) {\
        pver=A[split($2,A,"@")];\
        print substr($2,0,length($2)-length(pver))"latest";\
    }\
}' | xargs -r npm i

Explanation: The command number 2 first gets the package names and only operates over the lines with them in case of an "UNMET DEPENDENCY" error, then AWK iterates over each package name, it gets the version value and replaces it by "latest", lastly all those packages with the version replaced are collected by xargs who concatenates them after "npm i" to finally install all of them with the latest version.

These steps can update a new project with packages without a set version or an existing project.

Yun answered 19/9, 2022 at 20:8 Comment(0)

I find that npm-check-updates works well, but it is extremely heavy in its dependencies (currently 312 packages).

I created a limited, but extremely lightweight, (no dependencies) tool to update dependencies: npm-updatedependencies2latest

Maybe it might be a good solution for others as well.

Mitis answered 1/3, 2023 at 22:6 Comment(0)

-2

Here in 2023, I simply used:

npm update

Many packages are updated at that point, but you may get a message that some need to be fixed. In that case, I then ran:

npm audit fix --force

Finally, to make sure it is all installed, I ran:

npm install

That's it; my packages were updated.
There isn't any need to manually edit your configuration files.

Geometric answered 7/2, 2023 at 12:41 Comment(4)

npm update does not upgrade to the latest version. It only upgrades to the version range given in your package.json. – Chlortetracycline 7/2, 2023 at 21:26

@RaineRevere Interesting. Not sure how my packages became updated to newer versions then. Would you know how that might've happened after only running npm update? Also, are you saying that the only way to update to newer versions is by manually altering the package-lock.json? if this is still true in 2023 then npm is definitely a failed package system. Thanks – Geometric 8/2, 2023 at 18:30

npm update --save will upgrade your package.json dependencies to newer versions, provided that they fall within the specified version range. For example, ^1.0.0 may be upgraded to ^1.1.0 but not ^2.0.0. – Chlortetracycline 9/2, 2023 at 15:23

There are several ways to upgrade package.json dependencies, as shown in the answers on this page, but none that are built in to npm. The package-lock.json would never be manually edited, but rather is generated automatically from your package.json when you run npm install or npm update. The package-lock.json will only ever reflect what you have in your package.json. So the main concern here is how to upgrade the dependencies in package.json beyond their specified versions ranges. – Chlortetracycline 9/2, 2023 at 15:26

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++