Update a project’s dependencies with npm-check-updates

Node packages sometimes need to be updated to address security issues. If you’re tracking your project on GitHub, you might get notices about this from their dependabot utility.

The best way to update a number of packages to their latest version is by using npm-check-updates.

When you run “npm update”, it accomplishes this task, but it doesn’t change package.json, meaning that your project is lying to itself about the package versions it’s using. This could very easily lead to confusion later on.

npm-check-updates is a package, so you install it with

npm install -g npm-check-updates

Once you’ve done that, you can see which packages have updates available by running

ncu
example from something I haven’t touched in a while

ncu -u will update package.json. You don’t need to run ncu first, but it’s good to see what you’re about to do.

Once package.json has been updated, you just need to run

npm install

To update to the now-specified versions.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store