NPM provides a command to check for outdated packages:
However, by default, the command checks the entire dependency tree, not only the modules specified in
package.json, but also the dependencies of those modules. If we only care about the top-level packages, we can add
--depth option to show just that:
This is similar to listing installed packages:
Using the option, it will not print out the nested dependency tree, but only the top-level. The option is similar to
tree -L 1, but zero indexed instead of one.
Another interesting thing about
outdated command is the color coding in the output:
Do not want colors? We can turn if off:
And here are the corresponding modules specified in
Due to SemVer
^x.y.z caret format, red colors clearly indicate that packages are out of date, and they need to be upgraded. And yellow ones indicate that packages are out of date as well, but to upgrade, there might be breaking changes. (Since
koa is still
0.x.x, so the caret rule applies to minor.)
All packages in red should be upgraded first, then upgrade ones in yellow, because of the possibility of breaking change.
How to update all packages with a single command? This is actually pretty easy:
Be careful, not all packages are updated, but only the ones in red. Since the ones in red are either patch or minor releases, no breaking change, so they are safe to be upgraded.
It is not really necessary to have the updated versions to be written into
package.json file. As long as the SemVer rules are followed, the latest packages will be installed.
Now, if you examine the yellow ones and feel good on the new major upgrade, then remove the old package, and install the new one.
This command does not work. But
install command works:
To install the latest version and also update
In summary, here is the the workflow to keep dependencies up to date:
npm outdated --depth 0to show outdated packages.
npm updateto update all packages that have no breaking change.
- Examine packages that might have breaking change, and upgrade them one by one.