How to Keep Your Dependencies Up to Date with npm and Yarn

How to Keep Your Dependencies Up to Date with npm and Yarn

Is this the Description?


Package managers have made everyday use of other's code much smoother and more standardized. Gone are the days where there was no consistent way of doing common tasks including:

  • Installing/uninstalling Node packages and their dependencies
  • Creating/publishing dependencies
  • Keeping up-to-date with package versions, as well as the versions of their dependencies (and *theirs.*

This last, bolded point is what this article will be discussing. Today, with package managers like npm and Yarn, there are ways of handily updating packages and their dependencies.

Dependencies and versioning

npm and Yarn both follow the rules of semantic versioning to notate a package's given version. Each package version starts at 1.0.0 and progresses at various points, broken down like this.

$ npm install <package-name>@1.0.0
$ yarn add <package-name>@1.0.0

# 1 --> major release that comes with breaking changes

# 0 --> minor release that comes with non-breaking new features

# 0 --> patch release that comes with non-breaking bug fixes

Many packages use other existing packages to lend to their unique functionality. These packages are known as "dependencies". The next section will show how to update a single dependency.

Updating a single package dependency

To check for outdated dependencies within a package, use the outdated command with either npm or Yarn:

$ npm outdated
$ yarn outdated

This will display a list of package dependencies that could be updated to a newer version. Here are some ways to update a single dependency.


The npm update command, when used with a specific package name, updates that package. Some minor syntactical points to note:

  • Running npm update <package-name>@x.y.z updates the package to the specific x-major, y-minor, and z-patch versions.

Assuming we have an outdated version of lodash already installed:

$ npm update lodash@4.17.10
  • Running npm update <package-name@latest updates the package to the latest available version in the npm Registry .
$ npm update lodash@latest


In Yarn, the commands are similar. Instead of using update, use up.

Sticking with the lodash example, here is updating to a specific version:

$ yarn up lodash@4.17.10

And here's updating to the latest version:

$ yarn up lodash

Updating all package dependencies

While we could use npm update or yarn upgrade to update all dependencies within the constraints of the package.json file, this section covers updating all dependencies to their latest major version.

There is a package known as npm-check-updates, which is designed to update all dependencies regardless of what was specified in package.json. It's shorthand alias is ncu.

Because both npm and Yarn have access to the npm Registry, npm-check-updates is compatible with both!

$ ncu

Checking package.json
[====================] 1/1 100%

 lodash           4.17.10     4.17.21

Run ncu -u to upgrade package.json

$ ncu -u
Upgrading package.json
[====================] 1/1 100%

 lodash           4.17.10     4.17.21

Run npm/yarn install to install new versions.

$ npm/yarn install