Update a project’s dependencies with npm-check-updates

Node packages sometimes need to be updated to address security issues. If you’re tracking your project on GitHub, you might get notices about this from their dependabot utility.

The best way to update a number of packages to their latest version is by using npm-check-updates.

When you run “npm update”, it accomplishes this task, but it doesn’t change package.json, meaning that your project is lying to itself about the package versions it’s using. This could very easily lead to confusion later on.

npm-check-updates is a package, so you install it with

npm install -g npm-check-updates

Once you’ve done that, you can see which packages have updates available by running


ncu -u will update package.json. You don’t need to run ncu first, but it’s good to see what you’re about to do.

Once package.json has been updated, you just need to run

npm install

To update to the now-specified versions.

Weakly Pseudonymous Software Engineer