How to Update Node Dependencies to the Latest Versions in package.json

Just running npm update won’t do the trick. Here’s why.

Running npm install <package> will install the latest version of <package> as well as update the following locations:

  • package.json
  • package-lock.json
  • /node_modules

Inside package.json, we see that each package is associated with a version.

// package.json
"devDependencies": {
  "babel-loader": "^6.0.0",
  "css-loader": "^0.25.0",
  "file-loader": "^0.9.0",
  "webpack": "^2.6.1",
  "webpack-dev-server": "^2.4.5"

Based on npm’s semantic versioning, the caret ^ tells us that npm update will only update patch and minor releases.

For instance, ^6.0.0 can update to 6.0.1, 6.1.0, 6.1.1, and so on.

For major versions such as 7.0.0 or 8.0.0, it will not update because it may break compatibility.

In summary:

  • Patch and Minor Releases: npm update will update the installed version in /node_modules as well as update package-lock.json, but it won’t update package.json
  • Major Releases: npm update will not update anything

So, how can we update package.json?

Find Outdated Packages

The first step is to check for new releases of the packages in package.json.

npm outdated

This will give us a list of the outdated packages.

Package             Current  Wanted  Latest  Location
babel-loader          6.4.1   6.4.1   8.1.0  demo
css-loader           0.25.0  0.25.0   3.5.3  demo
file-loader           0.9.0   0.9.0   6.0.0  demo
webpack               2.7.0   2.7.0  4.43.0  demo
webpack-dev-server   2.11.5  2.11.5  3.11.0  demo

Simple enough.

Install npm-check-updates

To perform the version updates for all packages, we need to first globally install the npm-check-updates package.

npm install -g npm-check-updates

This gives us access to ncu, which stands for npm-check-updates.

Use ncu to update package.json

The -u flag will upgrade all the version hints in package.json.

ncu -u

It is possible that you may run into an error like this:

Hmmmmm... this is taking a long time. Your console is telling me to wait for input
on stdin, but maybe that is not what you want.

In that case, you may need to manually specify the location of your package.json by running the following two lines instead of just ncu -u.

ncu --loglevel verbose --packageFile package.json
ncu -u --packageFile package.json

Perform the Update

You can finally update your packages based on your new package.json.

npm update

Or install everything fresh.

npm install