Using npm update and npm outdated to update dependencies

NAVIGATION

Updating to close-by version with npm update

Going for bigger update with @latest tag

It's hard to update a new version of a library. Semantic versioning screws things just enough, so it's safer to manually edit package.json than to attempt npm acrobatics. Here's the correct way to update dependencies using only npm from the command line.

Updating to close-by version with npm update

When you run npm install on a fresh project, npm installs the latest versions satisfying the semantic versioning ranges defined in your package.json. After the initial install, re-running npm install does not update existing packages since npm already finds satisfying versions installed on the file system.

Instead of npm install, you can use npm update to freshen already installed packages. When you run npm update, npm checks if there exist newer versions out there that satisfy specified semantic versioning ranges and installs them.

Let's say we depend on lodash version ^3.9.2, and we have that version installed under node_modules/lodash.

"dependencies": {
    "lodash": "^3.9.2"
}

Then running npm update installs version 3.10.1 under node_modules/lodash and updates package.json to reference this version number.

$ npm update
└── lodash@3.10.1
"dependencies": {
    "lodash": "^3.10.1"
}

Going for bigger update with @latest tag

Updating a version that is beyond the semantic versioning range requires two parts. First, you ask npm to list which packages have newer versions available using npm outdated.

$ npm outdated
Package  Current  Wanted  Latest  Location
lodash    3.10.1  3.10.1  4.16.4  backend

Then you ask npm to install the latest version of a package. You can ask for the latest version with the @latest tag.

$ npm install lodash@latest

Now npm installs version 4.16.4 under node_modules. Also, package.json is updated.

"dependencies": {
    "lodash": "^4.16.4"
}
Semantic Versioning Cheatsheet

Semantic Versioning Cheatsheet

Learn the difference between caret (^) and tilde (~) in package.json.

Get Cheatsheet

Loading Comments