DEV Community

Cover image for Safe and elegant way to update your npm packages quickly
Shaunak
Shaunak

Posted on • Originally published at shaunak.hashnode.dev on

Safe and elegant way to update your npm packages quickly

Maintaining projects that run on npm brings more trouble than building a new one. Throughout the project development, we refer many external npm packages to help us build faster than reinvent the wheel. Thousands of open-source devs contribute daily to build stable npm packages and make those available to the global dev community.

Why should you update npm packages regularly?

  1. Security patches

    Many packages themselves have references to other public npm packages. There are times when a security vulnerability pops up and this needs a chain of updates to the packages, from the source to the destination.

  2. Deprecations

    Methods exposed by these npm packages keep on getting improved and optimized so the developers no longer support old methods.

  3. New features

    Developers keep adding new features to the package. Always good to get the latest.

Now, the real pain arises when you are building a big project, like Angular, where many external packages like prime-ng, date pickers etc. are being referred. Or you own an old project but still have to maintain the codebase regularly.

A great tool called NPM Check Updates makes your life easy. It is a CLI that helps safely make those updates with ease.

Steps to use NPM Check Updates(ncu)

  1. Install npm-check-updates, preferably globally.

    npm install -g npm-check-updates

    or with npx

    npx npm-check-updates

  2. Run NPM Check Updates.

    ncu

    This command returns a changelog of all your packages.

    Add option -u to update your package.json file with the requested versions.

  3. There are multiple options to get into more details or filter your packages. By semantic versioning (patch, minor, major).

    ncu -u -t patch|minor|major

    By name/pattern matching

    // By package name
ncu -u express
ncu -u -f express
ncu -u --filter express

// everything except express
ncu -u \!express
ncu -x express
ncu --reject express

// pattern matching
ncu -u react-*
ncu -u @angular/*

  4. Run npm i to install the changes

This two-step process makes wonders, and helps you quickly update your project dependencies. There are many option available to make it safer than manual updates.

Some useful ncu Installation options:

-u, --upgrade : Overwrite package.json with upgraded versions instead of just logging output to the console.

-f, --filter : filter by names/string

--cache : Cache versions to the cache file

--peer : Checks peer dependencies of the packages and filters updates to compatible versions. Run ncu --help --peer for more help.

--deep: Scans current directly recursively for updates.

For more information refer to their docs:

https://www.npmjs.com/package/npm-check-updates

That's all folks!

Top comments (0)