How to Keep Your Dependencies Up to Date with npm and Yarn
Is this the Description?
Introduction
Package managers have made everyday use of other's code much smoother and more standardized. Gone are the days where there was no consistent way of doing common tasks including:
- Installing/uninstalling Node packages and their dependencies
- Creating/publishing dependencies
- Keeping up-to-date with package versions, as well as the versions of their dependencies (and *theirs.*
This last, bolded point is what this article will be discussing. Today, with package managers like npm and Yarn, there are ways of handily updating packages and their dependencies.
Dependencies and versioning
npm and Yarn both follow the rules of semantic versioning to notate a package's given version. Each package version starts at 1.0.0
and progresses at various points, broken down like this.
$ npm install <package-name>@1.0.0
$ yarn add <package-name>@1.0.0
# 1 --> major release that comes with breaking changes
# 0 --> minor release that comes with non-breaking new features
# 0 --> patch release that comes with non-breaking bug fixes
Many packages use other existing packages to lend to their unique functionality. These packages are known as "dependencies". The next section will show how to update a single dependency.
Updating a single package dependency
To check for outdated dependencies within a package, use the outdated
command with either npm or Yarn:
$ npm outdated
$
$ yarn outdated
This will display a list of package dependencies that could be updated to a newer version. Here are some ways to update a single dependency.
npm
The npm update
command, when used with a specific package name, updates that package. Some minor syntactical points to note:
- Running
npm update <package-name>@x.y.z
updates the package to the specific x-major, y-minor, and z-patch versions.
Assuming we have an outdated version of lodash
already installed:
$ npm update lodash@4.17.10
- Running
npm update <package-name@latest
updates the package to the latest available version in the npm Registry .
$ npm update lodash@latest
Yarn
In Yarn, the commands are similar. Instead of using update
, use up
.
Sticking with the lodash example, here is updating to a specific version:
$ yarn up lodash@4.17.10
And here's updating to the latest version:
$ yarn up lodash
Updating all package dependencies
While we could use npm update
or yarn upgrade
to update all dependencies within the constraints of the package.json
file, this section covers updating all dependencies to their latest major version.
There is a package known as npm-check-updates
, which is designed to update all dependencies regardless of what was specified in package.json
. It's shorthand alias is ncu
.
Because both npm and Yarn have access to the npm Registry, npm-check-updates
is compatible with both!
$ ncu
Checking package.json
[====================] 1/1 100%
lodash 4.17.10 → 4.17.21
Run ncu -u to upgrade package.json
$ ncu -u
Upgrading package.json
[====================] 1/1 100%
lodash 4.17.10 → 4.17.21
Run npm/yarn install to install new versions.
$ npm/yarn install