Find newer versions of dependencies than what your package.json allows
npm-check-updates is a tool that allows you to find the latest versions of dependencies, regardless of any version constraints in your package.json file (unlike npm itself).
npm-check-updates can optionally upgrade your package.json file to use the latest available versions, all while maintaining your existing semantic versioning policies.
Put plainly, it will upgrade your "express": "3.3.x" dependency to "express": "3.4.x" when express 3.4.0 hits the scene.
View the options for global, dev-only, prod-only, or filtering by package name.
Package.json best practices recommends maintaining dependencies using a semantic versioning policy. In practice you do this by specifying a "1.2.x" style dependency in your package.json, whereby patch-level updates are automatically allowed but major and minor releases require manual verification.
Unfortunately, it then becomes your responsibility to find out about new package releases, for example by using "npm info" command one package at a time, or by visiting project pages.
Whatever your versioning policy, npm-check-updates will make keeping your dependencies up to date a breeze.
npm install -g npm-check-updates
Show any new dependencies for the project in the current directory:
$ npm-check-updates"connect" can be updated from 2.8.x to 2.11.x"commander" can be updated from 1.3.x to 2.0.xRun with '-u' to upgrade your package.json
Upgrade a project's package.json:
$ npm-check-updates -u"request" can be updated from 2.20.x to 2.27.xpackage.json upgraded
Filter by package name:
$ npm-check-updates -f mocha,should # string$ npm-check-updates -f /^((?!gulp-).)*$/ # regex
-d, --dev check only devDependencies -h, --help output usage information -f, --filter <packages> list or regex of package names to search (all others will be ignored) -g, --global check global packages instead of in the current project -p, --prod check only dependencies (not devDependencies) -s, --silent don't output anything -u, --upgrade upgrade package.json dependencies to match latest versions (maintaining existing policy) -V, --version output the version number
- Fix bug where package names got truncated (grunt-concurrent -> grunt)
- Add prod and dev only options
- Add package filtering option
- Add mocha as npm test script
- Handle private packages and NPM errors
- Added Mocha tests
- Print currently installed and latest package version in addition to semantic versions
- Fixed bug where extra whitespace in package.json may prevent automatic upgrade
- Added option to check global packages for updates: -g switch
- Now also checks and upgrades devDependencies in package.json
- Find and upgrade dependencies maintaining existing versioning policy in package.json
- Direct dependencies will be increased to the latest available version:
- 2.0.1 => 2.2.0
- 1.2 => 1.3
- Semantic versioning policies for levels are maintained while satisfying the latest version:
- 1.2.x => 1.3.x
- 1.x => 2.x
- "Any version" is maintained:
- * => *
- Version constraints are maintained:
- >0.2.x => > 0.3.x
- >=1.0.0 => >=1.1.0
- Dependencies newer than the latest available version are suggested to be downgraded, as it's likely a mistake:
- 2.0.x => 1.7.x, when 1.7.10 is the latest available version
- 1.1.0 => 1.0.1, when 1.0.1 is the latest available version
Please file an issue on github.
Pull requests are welcome :)