Develop Reference

how to update warn deprecated

I'm trying to learn node and npm, using express for a little project.
When i install it, i got
npm WARN deprecated core-js#2.6.10: core-js#<3.0 is no longer maintained and not recommended for usage due to the number of issues. Please, upgrade your dependencies to the actual version of core-js#3.
I understood that if everything works, it's not necessary to update everything, but i'm trying to learn and go the extra, unnecessary, mile.
How can i update only core-js?
npm install core-js#^3
will update it adding it to the dependencies in package.json.
Is this the right way to do it?
Or it's better to update the parent package that use it? If so, how can i understand which is the package that need an update and how to update it?
Or is there a way to update only the modules listed in package-lock.json.
Thanks.

You provided one way to update a package. However, there are a few more.
To update a global package, you could run:
npm update -g <package_name>
To update a package that's in your package.json (i.e., local to your project), run:
npm update <package_name>
You could also see what outdated package are there as follows:
npm outdated
You could again add -g option to check outdated global packages.
Sources: https://docs.npmjs.com/updating-packages-downloaded-from-the-registry
Also: man npm may help (in Linux).

To update to a new major version all the packages, install the npm-check-updates package globally:
npm install -g npm-check-updates
this will upgrade all the version hints in the package.json file, to dependencies and devDependencies, so npm can install the new major version.
You are now ready to run the update:
npm update
or npm install

Is there an npm command to add a dependency to package.json without installing it? [duplicate]

This question already has answers here:
How to npm install to only save dependency to package.json?
(6 answers)
Closed 5 years ago.
In other words, I want something like npm install --save foo
...but I only want it to update my package.json (adding the name and latest version number to my dependencies), and I want it to skip the actual installation into node_modules. Is this possible?
I tried --dry-run and this does skip the installation but it also skips updating package.json :/
(Yes, I could just edit the package.json manually, but I want to do this for about 30 dependencies at once, so I want to make use of npm's ability to automatically look up the latest version number for each one.)

You could use npm-check-updates plugin https://www.npmjs.com/package/npm-check-updates
npm-check-updates will check for latest version updates and update your package.json
To install npm-check-updates run npm install -g npm-check-updates
To check for updates run npm-check-updates
To update your package.json with latest version without installing run
npm-check-updates -u
To install the updated versions run npm install

How can I update all npm packages/modules at once?

I'm struggling to find a way to update all npm packages in one go, some articles suggest that package.json file should be edited where all version numbers need to be changed to * therefore forcing node to grab latest versions, but others state that such method is not considered good. Ideally, I want to find a command line option for this.

One simple step:
$ npm i -g npm-check-updates && ncu -u && npm i
This will install ncu, use it set all of your packages in package.json to the latest version and finally apply the updates.

npm outdated is the command that you want to run to find all of the packages that are not up-to-date. You could pipe the output of npm output -json into a file and then iterate over the JSON to install the latest versions of the packages.

You can try these one-liners.
Update all dependencies:
$ npm out --long --parseable |grep 'dependencies$' |cut -d: -f4 |xargs npm install --save
Update all devDependencies:
$ npm out --long --parseable |grep 'devDependencies$' |cut -d: -f4 |xargs npm install --save-dev
Keep in mind though that this is not usually a good idea as you might have to change something in the process of upgrading a package. If your project has many dependencies it is better to update them one by one or in small groups and run tests frequently.

For a single module you could try npm install --save module#latest That would change package.json too. You could write a shell script or script in nodejs to iterate though package.json and update all of the modules.

Recursive update of all modules can performed with npm update:
for locally installed modules: npm update --depth 9999 --dev
for globally installed modules: npm update --depth 9999 --dev -g
A ready-to-use NPM-script to update all Node.js modules with all its dependencies:
How to update all Node.js modules automatically?

NPM package has outdated dependency, is there a way to alter its version?

Just migrated to Node 4.1.2 from 0.10. One of the packages being installed via npm install errors due to node-gyp having a problem with one of its dependencies, it's quite a few versions out of date. The issue has been brought up on the repo but hasn't seen activity since May. Is there a way to tell NPM to install this package but with the outdated dependency using a newer version?
EDIT:
I've copied over an installed version from node_modules in an older project. npm install -g npm-check-updates then ncu in the node_modules/bs-html-injector/ directory. It lists updates, ncu -u will update the package.json, npm install after. I run my gulp task and html is injecting fine, all seems fine :) Would still like to know how to do this if I didn't have a local copy installed by NPM. It looks like it's just a 1:1 copy from the github repo?

With npm, you can install packages from GitHub directly:
npm install user/repo#branch
You can fork the package on GitHub, make and propose the changes you need and use your fork as a dependency in your project until PR is merged.

you can use --force to force install it

How to update each dependency in package.json to the latest version?

I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.
What's the easiest way to do this?
The best way I know is to run npm info express version then update each dependency in package.json manually. There must be a better way.
{
"name": "myproject",
"description": "my node project",
"version": "1.0.0",
"dependencies": {
"express": "^3.0.3", // how do I get these bumped to latest?
"mongodb": "^1.2.5",
"underscore": "^1.4.2"
}
}
For Yarn specific solutions refer to this Stack Overflow thread.

Looks like npm-check-updates is the only way to make this happen now.
npm i -g npm-check-updates
ncu -u
npm install
On npm <3.11:
Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).
Before:
"dependencies": {
"express": "*",
"mongodb": "*",
"underscore": "*",
"rjs": "*",
"jade": "*",
"async": "*"
}
After:
"dependencies": {
"express": "~3.2.0",
"mongodb": "~1.2.14",
"underscore": "~1.4.4",
"rjs": "~2.10.0",
"jade": "~0.29.0",
"async": "~0.2.7"
}
Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.
On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.
To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.
For Yarn specific solution, refer to this StackOverflow answer.

npm-check-updates is a utility that automatically adjusts a package.json with the
latest version of all dependencies
see https://www.npmjs.org/package/npm-check-updates
$ npm install -g npm-check-updates
$ ncu -u
$ npm install
[EDIT] A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm is:
$ npx npm-check-updates -u
$ npm install

Updated for npm v2+
npm 2+ (Node 0.12+):
npm outdated
npm update
git commit package-lock.json
Ancient npm (circa 2014):
npm install -g npm-check-updates
npm-check-updates
npm shrinkwrap
git commit package-lock.json
Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run because my deps were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.
Details
For the curious who make it this far, here is what I recommend:
Use npm-check-updates or npm outdated to suggest the latest versions.
# `outdated` is part of newer npm versions (2+)
$ npm outdated
# If you agree, update.
$ npm update
# OR
# Install and use the `npm-check-updates` package.
$ npm install -g npm-check-updates
# Then check your project
$ npm-check-updates
# If you agree, update package.json.
$ npm-check-updates -u
###Then do a clean install (w/o the rm I got some dependency warnings)
$ rm -rf node_modules
$ npm install
Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap
$ rm npm-shrinkwrap.json
$ npm shrinkwrap
Now, npm install will now use exact versions in npm-shrinkwrap.json
If you check npm-shrinkwrap.json into git, all installs will use the exact same versions.
This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).
npm outdated
npm-check-updates
npm shrinkwrap
p.s. Yarn is sending your package list to Facebook.

To update one dependency to its lastest version without having to manually open the package.json and change it, you can run
npm install {package-name}#* {save flags?}
i.e.
npm install express#* --save
This flow is compatible with workspaces, i.e.
npm --workspace some/package install express#*
For reference, npm-install
Note: Some npm versions may need latest flag instead, i.e. npm install express#latest
As noted by user Vespakoen on a rejected edit, it's also possible to update multiple packages at once this way:
npm install --save package-nave#* other-package#* whatever-thing#*
He also apports a one-liner for the shell based on npm outdated. See the edit for code and explanation.
PS: I also hate having to manually edit package.json for things like that ;)

If you happen to be using Visual Studio Code as your IDE, this is a fun little extension to make updating package.json a one click process.
note: After updating packages in package.json file, run npm update to install the new versions.
Version Lens
GitLab Repo

This works as of npm 1.3.15.
"dependencies": {
"foo": "latest"
}

Use * as the version for the latest releases, including unstable
Use latest as version definition for the latest stable version
Modify the package.json with exactly the latest stable version number using LatestStablePackages
Here is an example:
"dependencies": {
"express": "latest" // using the latest STABLE version
, "node-gyp": "latest"
, "jade": "latest"
, "mongoose": "*" // using the newest version, may involve the unstable releases
, "cookie-parser": "latest"
, "express-session": "latest"
, "body-parser": "latest"
, "nodemailer":"latest"
, "validator": "latest"
, "bcrypt": "latest"
, "formidable": "latest"
, "path": "latest"
, "fs-extra": "latest"
, "moment": "latest"
, "express-device": "latest"
},

To see which packages have newer versions available, then use the following command:
npm outdated
to update just one dependency just use the following command:
npm install yourPackage#latest
For example:
My package.json file has dependency:
"#progress/kendo-angular-dateinputs": "^1.3.1",
then I should write:
npm install #progress/kendo-angular-dateinputs#latest
What does --save-dev mean?
npm install #progress/kendo-angular-dateinputs#latest --save-dev
As npm install docs says:
-D, --save-dev: Package will appear in your devDependencies.

I really like how npm-upgrade works. It is a simple command line utility that goes through all of your dependencies and lets you see the current version compared to the latest version and update if you want.
Here is a screenshot of what happens after running npm-upgrade in the root of your project (next to the package.json file):
For each dependency you can choose to upgrade, ignore, view the changelog, or finish the process. It has worked great for me so far.
To be clear this is a third party package that needs to be installed before the command will work. It does not come with npm itself:
npm install -g npm-upgrade
Then from the root of a project that has a package.json file:
npm-upgrade

The only caveat I have found with the best answer above is that it updates the modules to the latest version. This means it could update to an unstable alpha build.
I would use that npm-check-updates utility.
My group used this tool and it worked effectively by installing the stable updates.
As Etienne stated above: install and run with this:
$ npm install -g npm-check-updates
$ npm-check-updates -u
$ npm install

I use npm-check to achieve this.
npm i -g npm npm-check
npm-check -ug #to update globals
npm-check -u #to update locals
Another useful command list which will keep exact version numbers in package.json
npm cache clean
rm -rf node_modules/
npm i -g npm npm-check-updates
ncu -g #update globals
ncu -u #update locals
npm I
Update: You can use yarn upgrade-interactive --latest if you are using yarn

Here is a basic regex to match semantic version numbers so you can quickly replace them all with an asterisk.
Semantic Version Regex
([>|<|=|~|^|\s])*?(\d+\.)?(\d+\.)?(\*|\d+)
How to use
Select the package versions you want to replace in the JSON file.
Input the regex above and verify it's matching the correct text.
Replace all matches with an asterisk.
Run npm update --save

If you want to use a gentle approach via a beautiful (for terminal) interactive reporting interface I would suggest using npm-check.
It's less of a hammer and gives you more consequential knowledge of, and control over, your dependency updates.
To give you a taste of what awaits here's a screenshot (scraped from the git page for npm-check):

This feature has been introduced in npm v5. update to npm using npm install -g npm#latest and
to update package.json
delete /node_modules and package-lock.json (if you have any)
run npm update. this will update the dependencies package.json to the latest, based on semver.
to update to very latest version. you can go with npm-check-updates

As of npm version 5.2.0, there is a way to run this in a single line without installing any additional packages to your global npm registry nor locally to your application. This can be done by leveraging the new npx utility that's bundled with npm. (Click here to learn more.)
Run the following command in the root of your project:
npx npm-check-updates -u && npm i

I recently had to update several projects that were using npm and package.json for their gruntfile.js magic. The following bash command (multiline command) worked well for me:
npm outdated --json --depth=0 | \
jq --ascii-output --monochrome-output '. | keys | .[]' | \
xargs npm install $1 --save-dev
The idea here:
To pipe the npm outdated output as json, to jq
(jq is a json command line parser/query tool)
(notice the use of --depth argument for npm outdated)
jq will strip the output down to just the top level package name only.
finally xargs puts each LIBRARYNAME one at a time into a npm install LIBRARYNAME --save-dev command
The above is what worked for me on a machine runnning:
node=v0.11.10 osx=10.9.2 npm=1.3.24
this required:
xargs http://en.wikipedia.org/wiki/Xargs (native to my machine I believe)
and
jq http://stedolan.github.io/jq/ (I installed it with brew install jq)
Note: I only save the updated libraries to package.json inside of the json key devDependancies by using --save-dev, that was a requirement of my projects, quite possible not yours.
Afterward I check that everything is gravy with a simple
npm outdated --depth=0
Also, you can check the current toplevel installed library versions with
npm list --depth=0

If you use yarn, the following command updates all packages to their latest version:
yarn upgrade --latest
From their docs:
The upgrade --latest command upgrades packages the same as the upgrade command, but ignores the version range specified in package.json. Instead, the version specified by the latest tag will be used (potentially upgrading the packages across major versions).

Updtr!
Based on npm outdated, updtr installs the latest version and runs npm test for each dependency. If the test succeeds, updtr saves the new version number to your package.json. If the test fails, however, updtr rolls back its changes.
https://github.com/peerigon/updtr

Safe update
Use 'npm outdated' to discover dependencies that are out of date.
Use 'npm update' to perform safe dependency upgrades.
Use 'npm install #latest' to upgrade to the latest major version of a package.
Breaking Update
Use 'npx npm-check-updates -u'.
'npm install' to upgrade all dependencies to their latest major versions.

If you are using yarn, yarn upgrade-interactive is a really sleek tool that can allow you to view your outdated dependencies and then select which ones you want to update.
More reasons to use Yarn over npm. Heh.

Commands that I had to use to update package.json for NPM 3.10.10:
npm install -g npm-check-updates
ncu -a
npm install
Background:
I was using the latest command from #josh3736 but my package.json was not updated. I then noticed the description text when running npm-check-updates -u:
The following dependency is satisfied by its declared version range,
but the installed version is behind. You can install the latest
version without modifying your package file by using npm update. If
you want to update the dependency in your package file anyway, run ncu
-a.
Reading the documentation for npm-check-updates you can see the difference:
https://www.npmjs.com/package/npm-check-updates
-u, --upgrade: overwrite package file
-a, --upgradeAll: include even those dependencies whose latest version satisfies the declared semver dependency
ncu is an alias for npm-check-updates as seen in the message when typing npm-check-updates -u:
[INFO]: You can also use ncu as an alias

If you don't want to install global npm-check-updates you can simply run that:
node -e "const pk = JSON.parse(require('fs').readFileSync('package.json', 'utf-8'));require('child_process').spawn('npm', ['install', ...Object.keys(Object.assign({},pk.dependencies, pk.devDependencies)).map(a=>a+'#latest')]).stdout.on('data', d=>console.log(d.toString()))"

If you're looking for an easier solution that doesn't involve installing npm packages, I'd checkout updatepackagejson.com

The above commands are unsafe because you might break your module when switching versions.
Instead I recommend the following
Set actual current node modules version into package.json using npm shrinkwrap command.
Update each dependency to the latest version IF IT DOES NOT BREAK YOUR TESTS using https://github.com/bahmutov/next-update command line tool
npm install -g next-update
// from your package
next-update

Try following command if you using npm 5 and node 8
npm update --save

I solved this by seeing the instructions from https://github.com/tjunnone/npm-check-updates
$ npm install -g npm-check-updates
$ ncu
$ ncu -u # to update all the dependencies to latest
$ ncu -u "specific module name" #in case you want to update specific dependencies to latest

I found another solution for recent version of NPM. What I want to do is to replace all the "*" dependencies with the explicit lastest version number. None of the methods discussed has worked for me.
What I did:
Replace all "*" with "^0.0.0"
Run npm-check-updates -u
Everything in package.json now is updated to the last version.

As it's almost 10 years since the original question, many of the answers are either outdated or not recommended.
I would use something which is package manager agnostic i.e. can work with npm, pnpm, yarn or others.
Lately I have been using taze
You can either add it to your dev dependencies and run from there or run without installation with npx taze or pnpx taze, etc.

The following code (which was accepted) wrote me something like "it takes too long blah-blah" and did nothing. Probably using the global flag was the problem, idk.
npm i -g npm-check-updates
ncu -u
npm install
I decided to use my text editor and follow a semi-manual approach instead.
I copied a list like this (just a lot longer) from the dev dependencies of my package.json to the notepad++ text editor:
"browserify": "10.2.6",
"expect.js": "^0.3.1",
"karma": "^0.13.22",
"karma-browserify": "^5.2.0",
I set the search mode to regular expression, used the ^\s*"([^"]+)".*$ pattern to get the package name and replaced it with npm uninstall \1 --save-dev \nnpm install \1 --save-dev. Clicked on "replace all". The otput was this:
npm uninstall browserify --save-dev
npm install browserify --save-dev
npm uninstall expect.js --save-dev
npm install expect.js --save-dev
npm uninstall karma --save-dev
npm install karma --save-dev
npm uninstall karma-browserify --save-dev
npm install karma-browserify --save-dev
I copied it back to bash and hit enter. Everything was upgraded and working fine. That's all.
"browserify": "^16.1.0",
"expect.js": "^0.3.1",
"karma": "^2.0.0",
"karma-browserify": "^5.2.0",
I don't think it is a big deal, since you have to do it only every now and then, but you can easily write a script, which parses the package.json and upgrades your packages. I think it is better this way, because you can edit your list if you need something special, for example keeping the current version of a lib.

It's wild to me that 90% of answers is some variant of "use npm-check-updates". Here's what I do (relevant code):
{
"devDependencies": {
"updates": "^13.0.5" // the version here could be "latest" or "*" tbh...
},
"scripts": {
"test:dependencies": "updates --update ./",
}
}
Running npm run test:dependencies (or whatever your dependency update script is called) will check your package.json for the latest versions of every package listed, and it'll let you know when the latest version was published. Run npm i after that and you'll be up to date!
Also, unlike npm-check-updates, updates has zero dependencies (ncu has 29, at the time of this post).