How to update a Node dependency - NPM?
© https://nodejs.org/en/

How to update a Node dependency - NPM?

Get the latest bug fixes and performance improvements.

ByMario Kandut

honey pot logo

Europe’s developer-focused job platform

Let companies apply to you

Developer-focused, salary and tech stack upfront.

Just one profile, no job applications!

This article is based on Node v16.15.1 and NPM 8.11.0.

Keeping dependencies up-to-date is important, to get the latest security fixes, performance improvements, and general bug fixes for the packages installed. There is one thing to consider though. The package-lock.json is locking/pinning a specific version of a package. On a regular basis these records need to be updated to pull the latest compatible version.

How to update dependencies

💰 The Pragmatic Programmer: journey to mastery. 💰 One of the best books in software development, sold over 200,000 times.

To update a dependency in a Node.js project you have to follow these steps:

  • Check for outdated packages
  • Update packages to a specific version or update packages to the latest major release
  • Test your updates

Check for outdated packages

To check if any packages in your Node.js project are outdated, run npm outdated in the root folder (where the package.json file is). This command will output the current installed versions of all packages, the wanted version (npm update would want to update to this version), and the latest available version. For example, we have the following package.json (created with npm init -y and version 4.8.1 of lodash installed):

{
  "name": "node-test",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "keywords": [],
  "author": "",
  "license": "ISC",
  "dependencies": {
    "lodash": "^4.8.1"
  }
}

When we run npm outdated we get the following output:

Package  Current   Wanted   Latest  Location
lodash     4.8.1  4.17.21  4.17.21  node-test

Update packages

To update all packages at once to their wanted version run npm update. If you just want to update one package you have to specify the package npm update <package-name>.

# Updates all dependencies in project.
npm update

# Update just the lodash package.
npm update lodash

To update a globally installed package add the --global flag in the update command.

npm update --global <package-name>

Important: Both changes in the package.json and package-lock.json have to be committed to version control (GIT).

Update package to the latest major release

When you run npm update the version ranges in package.json will be respected. Typically, updates to a major version are not allowed. If you'd like to update to a major release, use npm install with the tag @latest. This will install the latest version regarding of which version you already have installed.

For example, if you want to install the latest version of lodash.

npm install lodash@latest

Important: Installing the latest version of a package puts the safeties provided by semantic versioning aside and can introduce major code changes into your project.

Test your updates

The general rule in software development is Better safe than sorry. Hence, don't just blindly update your packages without testing the application. The NPM registry uses semantic versioning, and packages within the same major version shouldn't break anything, but the ecosystem has no way of enforcing this policy.

TL;DR

  • Check outdated packages with npm outdated.
  • Update all packages with npm update.
  • Update individual packages with npm update <package-name>.
  • Install latest package version with the @latest flag - npm install <package-name>@latest.

Thanks for reading and if you have any questions, use the comment function or send me a message @mariokandut.

If you want to know more about Node, have a look at these Node Tutorials.

References (and Big thanks):

NPM update, NPM outdated, HeyNode

More node articles:

Getting started with Webpack

How to list/debug npm packages?

How to specify a Node.js version

How to create a web server in Node.js

How to dynamically load ESM in CJS

How to convert a CJS module to an ESM

How to create a CJS module

How to stream to an HTTP response

How to handle binary data in Node.js?

How to use streams to ETL data?

How to connect streams with pipeline?

How to handle stream errors?

How to connect streams with pipe?

What Is a Node.js Stream?

Handling Errors in Node (asynchronous)

Handling Errors in Node.js (synchronous)

Introduction to errors in Node.js

Callback to promise-based functions

ETL: Load Data to Destination with Node.js

ETL: Transform Data with Node.js

ETL: Extract Data with Node.js

Event Emitters in Node.js

How to set up SSL locally with Node.js?

How to use async/await in Node.js

What is an API proxy?

How to make an API request in Node.js?

How does the Event Loop work in Node.js

How to wait for multiple Promises?

How to organize Node.js code

Understanding Promises in Node.js

How does the Node.js module system work?

Set up and test a .env file in Node

How to Use Environment Variables in Node

How to clean up node modules?

Restart a Node.js app automatically

How to update a Node dependency - NPM?

What are NPM scripts?

How to uninstall npm packages?

How to install npm packages?

How to create a package.json file?

What Is the Node.js ETL Pipeline?

What is data brokering in Node.js?

How to read and write JSON Files with Node.js?

What is package-lock.json?

How to install Node.js locally with nvm?

How to update Node.js?

How to check unused npm packages?

What is the Node.js fs module?

What is Semantic versioning?

The Basics of Package.json explained

How to patch an NPM dependency

What is NPM audit?

Beginner`s guide to NPM

Getting started with Node.js

Scroll to top ↑