# How to Keep Your Dependencies Up to Date with npm and Yarn

### Introduction

 [Package managers](https://en.wikipedia.org/wiki/Package_manager)  have made everyday use of other's code much smoother and more standardized. Gone are the days where there was no consistent way of doing common tasks including: 

* Installing/uninstalling Node packages and their dependencies
* Creating/publishing dependencies
* **Keeping up-to-date with package versions, as well as the versions of their dependencies (and *theirs**.*

This last, bolded point is what this article will be discussing. Today, with package managers like  [npm](https://www.npmjs.com/)  and Yarn, there are ways of handily updating packages and their dependencies. 

## Dependencies and versioning

npm and Yarn both follow the rules of  [semantic versioning](https://semver.org/) to notate a package's given version. Each package version starts at `1.0.0` and progresses at various points, broken down like this. 

```
$ npm install <package-name>@1.0.0
$ yarn add <package-name>@1.0.0

# 1 --> major release that comes with breaking changes

# 0 --> minor release that comes with non-breaking new features

# 0 --> patch release that comes with non-breaking bug fixes
```

Many packages use other existing packages to lend to their unique functionality. These packages are known as "dependencies". The next section will show how to update a single dependency.

## Updating a single package dependency

To check for outdated dependencies within a package, use the `outdated` command with either npm or Yarn: 

```
$ npm outdated
$
$ yarn outdated
```

This will display a list of package dependencies that could be updated to a newer version.  Here are some ways to update a single dependency.

#### npm

The `npm update` command, when used with a specific package name, updates that package. Some minor syntactical points to note: 

* Running `npm update <package-name>@x.y.z` updates the package to the specific x-major, y-minor, and z-patch versions. 

Assuming we have an outdated version of  [`lodash`](https://www.npmjs.com/package/lodash)  already installed:

```
$ npm update lodash@4.17.10
```

* Running `npm update <package-name@latest` updates the package to the latest available version in the  [npm Registry](https://docs.npmjs.com/cli/v7/using-npm/registry) .

```
$ npm update lodash@latest
```

#### Yarn

In Yarn, the commands are similar. Instead of using `update`, use `up`. 

Sticking with the lodash example, here is updating to a specific version:

```
$ yarn up lodash@4.17.10
```

And here's updating to the latest version: 

```
$ yarn up lodash
```

## Updating all package dependencies

While we could use `npm update` or `yarn upgrade` to update all dependencies within the constraints of the `package.json` file, this section covers updating all dependencies to their *latest major version*. 

There is a package known as  [`npm-check-updates`](https://www.npmjs.com/package/npm-check-updates), which is designed to update all dependencies regardless of what was specified in `package.json`. It's shorthand alias is `ncu`. 

Because both npm and Yarn have access to the npm Registry, `npm-check-updates` is compatible with both!

```
$ ncu

Checking package.json
[====================] 1/1 100%

 lodash           4.17.10  →   4.17.21

Run ncu -u to upgrade package.json

$ ncu -u
Upgrading package.json
[====================] 1/1 100%

 lodash           4.17.10  →   4.17.21

Run npm/yarn install to install new versions.

$ npm/yarn install
```