How do I update each dependency in package.json to the latest version?
How do I update each dependency in package.json to the latest version?
Question
I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.
What's the easiest way to do this?
The best way I know of now is to run npm info express version then update package.json manually for each one. There must be a better way.
{
"name": "myproject",
"description": "my node project",
"version": "1.0.0",
"engines": {
"node": "0.8.4",
"npm": "1.1.65"
},
"private": true,
"dependencies": {
"express": "~3.0.3", // how do I get these bumped to latest?
"mongodb": "~1.2.5",
"underscore": "~1.4.2",
"rjs": "~2.9.0",
"jade": "~0.27.2",
"async": "~0.1.22"
}
}
UPDATE 5/1/19: Six years later and I am still maintaining npm-check-updates as a comprehensive solution to this problem. Enjoy!
Accepted Answer
Looks like npm-check-updates is the only way to make this happen now.
npm i -g npm-check-updates
ncu -u
npm install
On npm <3.11:
Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).
Before:
"dependencies": {
"express": "*",
"mongodb": "*",
"underscore": "*",
"rjs": "*",
"jade": "*",
"async": "*"
}
After:
"dependencies": {
"express": "~3.2.0",
"mongodb": "~1.2.14",
"underscore": "~1.4.4",
"rjs": "~2.10.0",
"jade": "~0.29.0",
"async": "~0.2.7"
}
Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.
On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.
To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.
Popular Answer
npm-check-updates is a utility that automatically adjusts a package.json with the
latest version of all dependencies
see https://www.npmjs.org/package/npm-check-updates
$ npm install -g npm-check-updates
$ ncu -u
$ npm install
[EDIT] A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm is:
$ npx npm-check-updates -u
$ npm install
Read more… Read less…
Updated for latest NPM
npm 2+ (Node 0.12+):
npm outdated
npm update
git commit package-lock.json
Ancient npm (circa 2014):
npm install -g npm-check-updates
npm-check-updates
npm shrinkwrap
git commit package-lock.json
Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run because my deps were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.
Details
For the curious who make it this far, here is what I recommend:
Use npm-check-updates or npm outdated to suggest the latest versions.
# `outdated` is part of newer npm versions (2+)
$ npm outdated
# If you agree, update.
$ npm update
# OR
# Install and use the `npm-check-updates` package.
$ npm install -g npm-check-updates
# Then check your project
$ npm-check-updates
# If you agree, update package.json.
$ npm-check-updates -u
Then do a clean install (w/o the rm I got some dependency warnings)
$ rm -rf node_modules
$ npm install
Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap
$ rm npm-shrinkwrap.json
$ npm shrinkwrap
Now, npm install will now use exact versions in npm-shrinkwrap.json
If you check npm-shrinkwrap.json into git, all installs will use the exact same versions.
This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).
To update one dependency to its lastest version without having to manually open the package.json and change it, you can run
npm install {package-name}@* {save flags?}
i.e.
npm install [email protected]* --save
For reference, npm-install
As noted by user Vespakoen on a rejected edit, it's also possible to update multiple packages at once this way:
npm install --save [email protected]* [email protected]* [email protected]*
He also apports a one-liner for the shell based on npm outdated. See the edit for code and explanation.
PS: I also hate having to manually edit package.json for things like that ;)
If you happen to be using Visual Studio Code as your IDE, this is a fun little extension to make updating package.json a one click process.
Version Lens
- Use
*as the version for the latest releases, including unstable - Use
latestas version definition for the latest stable version - Modify the package.json with exactly the latest stable version number using
LatestStablePackages
Here is an example:
"dependencies": {
"express": "latest" // using the latest STABLE version
, "node-gyp": "latest"
, "jade": "latest"
, "mongoose": "*" // using the newest version, may involve the unstable releases
, "cookie-parser": "latest"
, "express-session": "latest"
, "body-parser": "latest"
, "nodemailer":"latest"
, "validator": "latest"
, "bcrypt": "latest"
, "formidable": "latest"
, "path": "latest"
, "fs-extra": "latest"
, "moment": "latest"
, "express-device": "latest"
},