It's hard to update a new version of a library. Semantic versioning screws things just enough, so it's safer to manually edit package.json than to attempt npm acrobatics. Here's the correct way to update dependencies using only npm from the command line.
Updating to close-by version with npm update
When you run npm install on a fresh project, npm installs latest versions satisfying the semantic versioning ranges defined in your package.json. After initial install, re-running npm install does not update existing packages since npm already finds satisfying versions installed on the file system.
Instead of npm install, you can use npm update to freshen already installed packages. When you run npm update, npm checks if there exist newer versions in the repository that satisfy specified semantic versioning ranges and installs them.
Let's say we depend on lodash version ^3.9.2, and we have that version installed under node_modules/lodash.
Then running npm update installs version 3.10.1 under node_modules/lodash but leaves package.json untouched (you can change this by passing --save option).
Going for bigger update with @latest tag
Updating a version that is beyond semantic versioning range requires two parts. First, you ask npm to list which packages have newer versions available using npm outdated.
Then you ask npm to install the latest version of a package. You can ask for the latest version with the @latest tag. You should also use the --save flag to update package.json.
Now npm installs version 4.16.4 under node_modules. Also, package.json is updated.
Semantic Versioning Cheatsheet
Learn the difference between caret (^) and tilde (~) in package.json.