How to Keep Your Dependencies Up to Date with npm and Yarn
Is this the Description?
3 min read
Package managers have made everyday use of other's code much smoother and more standardized. Gone are the days where there was no consistent way of doing common tasks including:
- Installing/uninstalling Node packages and their dependencies
- Creating/publishing dependencies
- Keeping up-to-date with package versions, as well as the versions of their dependencies (and *theirs.*
This last, bolded point is what this article will be discussing. Today, with package managers like npm and Yarn, there are ways of handily updating packages and their dependencies.
Dependencies and versioning
npm and Yarn both follow the rules of semantic versioning to notate a package's given version. Each package version starts at
1.0.0 and progresses at various points, broken down like this.
$ npm install <package-name>@1.0.0 $ yarn add <package-name>@1.0.0 # 1 --> major release that comes with breaking changes # 0 --> minor release that comes with non-breaking new features # 0 --> patch release that comes with non-breaking bug fixes
Many packages use other existing packages to lend to their unique functionality. These packages are known as "dependencies". The next section will show how to update a single dependency.
Updating a single package dependency
To check for outdated dependencies within a package, use the
outdated command with either npm or Yarn:
$ npm outdated $ $ yarn outdated
This will display a list of package dependencies that could be updated to a newer version. Here are some ways to update a single dependency.
npm update command, when used with a specific package name, updates that package. Some minor syntactical points to note:
npm update <package-name>@x.y.zupdates the package to the specific x-major, y-minor, and z-patch versions.
Assuming we have an outdated version of
lodash already installed:
$ npm update firstname.lastname@example.org
npm update <package-name@latestupdates the package to the latest available version in the npm Registry .
$ npm update lodash@latest
In Yarn, the commands are similar. Instead of using
Sticking with the lodash example, here is updating to a specific version:
$ yarn up email@example.com
And here's updating to the latest version:
$ yarn up lodash
Updating all package dependencies
While we could use
npm update or
yarn upgrade to update all dependencies within the constraints of the
package.json file, this section covers updating all dependencies to their latest major version.
There is a package known as
npm-check-updates, which is designed to update all dependencies regardless of what was specified in
package.json. It's shorthand alias is
Because both npm and Yarn have access to the npm Registry,
npm-check-updates is compatible with both!
$ ncu Checking package.json [====================] 1/1 100% lodash 4.17.10 → 4.17.21 Run ncu -u to upgrade package.json $ ncu -u Upgrading package.json [====================] 1/1 100% lodash 4.17.10 → 4.17.21 Run npm/yarn install to install new versions. $ npm/yarn install