Updating project dependencies with npm

Every once and while, you should be checking the dependency versions declared in your project. I was recently working on a project that had some very outdated node packages and I wanted to dust off the cob-webs by updating and testing each out-dated dependency one-by-one.

I chose to go through them one-by-one because they were so outdated that I thought it would be easier to troubleshoot any issues that might arise from such large jumps in versions, one package at a time. After a few small mental hurdles and a few more failed attempts I got everything updated – Here’s is what I learned and how I updated everything successfully. Note this method is likely only to work on newer versions of npm.

About $ npm update

I was hoping to update each dependency to the latest stable version available. At first I simply tried using the $ npm update command, however that didn’t work as expected. It turns out that the package.json file was limiting the maximum allowed version number. You can read about npm update here.

// package.json example 

 "devDependencies": {
    "gulp-buffer": "0.0.2",
    "gulp-jshint": "~1.2.3",
    "gulp-concat": "^2.6.1"
  },

In the example above, the tilde matches the most recent minor version (the middle number).
~1.2.3 will match all 1.2.x versions but will miss 1.3.0.

The caret, on the other hand, is more relaxed. ^2.6.1 will match any 2.x.x release including 2.7.0, but will hold off on 3.0.0.

There are of course several other ways to define semantic versioning in your package.json files. Which you can check out here.

About $ npm install

This command installs a package, and any packages that it depends on. The only big difference between npm update and npm install is that an already installed module with fuzzy versioning gets ignored by npm install, and updated by npm update.

$ npm install

About npm outdated

A handy command that I discovered after successfully updating all of my dependencies was $ npm outdated. This command will check the registry to see if any (or, specific) installed packages are currently outdated.

$ npm outdated

Package      Current   Wanted   Latest  Location
glob          5.0.15   5.0.15    6.0.1  test-outdated-output
nothingness    0.0.3      git      git  test-outdated-output
npm            3.5.1    3.5.2    3.5.1  test-outdated-output
local-dev      0.0.3   linked   linked  test-outdated-output
once           1.3.2    1.3.3    1.3.3  test-outdated-output

Pretty cool right? Hopefully this will help other developers trying to understand how to update their project dependencies and the world of semantic versioning a little better.