Node packages sometimes need to be updated to address security issues. If you’re tracking your project on GitHub, you might get notices about this from their dependabot utility.
The best way to update a number of packages to their latest version is by using npm-check-updates.
When you run “npm update”, it accomplishes this task, but it doesn’t change package.json, meaning that your project is lying to itself about the package versions it’s using. This could very easily lead to confusion later on.
npm-check-updates is a package, so you install it with
npm install -g npm-check-updates
Once you’ve done that, you can see which packages have updates available by running
ncu -u will update package.json. You don’t need to run ncu first, but it’s good to see what you’re about to do.
Once package.json has been updated, you just need to run
To update to the now-specified versions.