557

We need to integrate Karma test runner into TeamCity and for that I'd like to give sys-engineers small script (powershell or whatever) that would:

  1. pick up desired version number from some config file (I guess I can put it as a comment right in the karma.conf.js)

  2. check if the defined version of karma runner installed in npm's global repo

  3. if it's not, or the installed version is older than desired: pick up and install right version

  4. run it: karma start .\Scripts-Tests\karma.conf.js --reporters teamcity --single-run

So my real question is: "how can one check in a script, if desired version of package installed?". Should you do the check, or it's safe to just call npm -g install everytime?

I don't want to always check and install the latest available version, because other config values may become incompatible

Volker E.
  • 5,443
  • 11
  • 43
  • 62
iLemming
  • 30,282
  • 53
  • 181
  • 302

12 Answers12

747

To check if any module in a project is 'old':

npm outdated

'outdated' will check every module defined in package.json and see if there is a newer version in the NPM registry.

For example, say xml2js 0.2.6 (located in node_modules in the current project) is outdated because a newer version exists (0.2.7). You would see:

xml2js@0.2.7 node_modules/xml2js current=0.2.6

To update all dependencies, if you are confident this is desirable:

npm update

Or, to update a single dependency such as xml2js:

npm update xml2js
Ninjakannon
  • 3,283
  • 5
  • 42
  • 65
dublx
  • 7,732
  • 1
  • 11
  • 11
  • 10
    Be careful with `npm update` especially with `npm update -g` ... it does not what most peaole expect it to do! See: https://github.com/npm/npm/issues/6247 and https://gist.github.com/othiym23/4ac31155da23962afd0e – jbandi Dec 23 '14 at 15:10
  • 9
    @jbandi As of npm@2.6.1, `npm -g update` is safe to use again. https://github.com/npm/npm/issues/6247#issuecomment-92182814 – Chuck Le Butt Jul 06 '16 at 10:03
  • 14
    Please be aware that npm update will not update your package.json file as stated by the answer from @Erik Olson. – Ehtesham Hasan Oct 26 '17 at 19:00
  • 10
    `As of npm@5.0.0, 'npm update' will change package.json to save the new version as the minimum required dependency` https://docs.npmjs.com/cli/update.html – Sidney Apr 02 '19 at 20:40
  • 2
    just did `npm update` on my npm 5.6.0 and it broke all code; luckily I backed up my files before doing that – Armand Jul 18 '20 at 12:18
399

npm outdated will identify packages that should be updated, and npm update <package name> can be used to update each package. But prior to npm@5.0.0, npm update <package name> will not update the versions in your package.json which is an issue.

The best workflow is to:

  1. Identify out of date packages
  2. Update the versions in your package.json
  3. Run npm update to install the latest versions of each package

Check out npm-check-updates to help with this workflow.

  • Install npm-check-updates
  • Run npm-check-updates to list what packages are out of date (basically the same thing as running npm outdated)
  • Run npm-check-updates -u to update all the versions in your package.json (this is the magic sauce)
  • Run npm update as usual to install the new versions of your packages based on the updated package.json
Corey
  • 575
  • 8
  • 17
Erik Olson
  • 4,507
  • 1
  • 16
  • 17
  • 6
    `npm outdated` will show ALL packages.. even inside other packages.. but those won't get updated with this procedure so they will always appear.. so just use `npm-check-updates` (as you actually recommended) which only shows main packages from `package.json` ... this is relevant – davidhq Feb 06 '15 at 22:42
  • 1
    With yarn this is much easier just type 'yarn upgrade'. – Christopher Grigg Apr 09 '18 at 00:06
  • 40
    Why must I install an update manager to manage my package manager? Do we not agree this is silly? It should be as simple as `npm install --all-outdated` but it isn't... – ADJenks Jan 24 '19 at 05:40
  • 4
    You can always run `npm update --save package_name` to save the latest change to package.json. – trungk18 Apr 09 '19 at 08:56
  • 1
    Erik, can you kindly reply [this related SO question](https://stackoverflow.com/questions/57069622/command-npm-update-vs-package-npm-check-updates), because it's still a bit confusing to me the difference between both commands, that is, `npm update` vs `npm-check-updates`? – João Pimentel Ferreira Jul 17 '19 at 06:22
164

There is also a "fresh" module called npm-check:

npm-check

Check for outdated, incorrect, and unused dependencies.

enter image description here

It also provides a convenient interactive way to update the dependencies with npm-check -u.

Paolo
  • 16,171
  • 20
  • 78
  • 110
alecxe
  • 414,977
  • 106
  • 935
  • 1,083
103

One easy step:

$ npm i -g npm-check-updates && ncu -u && npm i

That is all. All of the package versions in package.json will be the latest major versions.

Edit:

What is happening here?

  1. Installing a package that checks updates for you.

  2. Use this package to update all package versions in your package.json (-u is short for --updateAll).

  3. Install all of the new versions of the packages.

Community
  • 1
  • 1
Matt
  • 26,570
  • 19
  • 63
  • 74
73

  • To update a single local package:

    1. First find out your outdated packages:

      npm outdated

    2. Then update the package or packages that you want manually as:

      npm update --save package_name

This way it is not necessary to update your local package.json file.

Note that this will update your package to the latest version.

  • If you write some version in your package.json file and do:

    npm update package_name

    In this case you will get just the next stable version (wanted) regarding the version that you wrote in your package.json file.

And with npm list (package_name) you can find out the current version of your local packages.

reectrix
  • 5,419
  • 15
  • 44
  • 74
Watchmaker
  • 3,478
  • 31
  • 32
19

NPM commands to update or fix vulnerabilities in some dependency manifest files

  • Use below command to check outdated or vulnerabilities in your node modules.

    npm audit

  • If any vulnerabilities found, use below command to fix all issues.

    npm audit fix

  • If it doesn't work for you then try

    npm audit fix -f, this command will almost fix all vulnerabilities. Some dependencies or devDependencies are locked in package-lock.json file, so we use -f flag to force update them.

  • If you don't want to use force audit fix then you can manually fix your dependencies versions by changing them in package-lock.json and package.json file. Then run

npm update && npm upgrade

Smit Patel
  • 1,456
  • 10
  • 19
19

No additional packages, to just check outdated and update those which are, this command will do:

npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)

MikeMajara
  • 661
  • 6
  • 16
  • 4
    This is a great answer because it can be put in any shell script to automate this step without relying on having any further package installed. – Jankapunkt Mar 18 '20 at 07:44
15

Check outdated packages

npm outdated

Check and pick packages to update

npx npm-check -u

npm oudated img

npx npm-check -u img

Long Tran
  • 843
  • 8
  • 10
6

As of npm@5.0.0+ you can simply do:

npm update <package name>

This will automatically update the package.json file. We don't have to update the latest version manually and then use npm update <package name>

You can still get the old behavior using 

npm update --no-save

(Reference)

adiga
  • 28,937
  • 7
  • 45
  • 66
5

When installing npm packages (both globally or locally) you can define a specific version by using the @version syntax to define a version to be installed.

In other words, doing: npm install -g karma@0.9.2 will ensure that only 0.9.2 is installed and won't reinstall if it already exists.

As a word of a advice, I would suggest avoiding global npm installs wherever you can. Many people don't realize that if a dependency defines a bin file, it gets installed to ./node_modules/.bin/. Often, its very easy to use that local version of an installed module that is defined in your package.json. In fact, npm scripts will add the ./node_modules/.bin onto your path.

As an example, here is a package.json that, when I run npm install && npm test will install the version of karma defined in my package.json, and use that version of karma (installed at node_modules/.bin/karma) when running the test script:

{
 "name": "myApp",
 "main": "app.js",
 "scripts": {
   "test": "karma test/*",
 },
 "dependencies": {...},
 "devDependencies": {
   "karma": "0.9.2"
 }
}

This gives you the benefit of your package.json defining the version of karma to use and not having to keep that config globally on your CI box.

addisonj
  • 1,926
  • 1
  • 14
  • 16
  • 1
    what's in the `test` script? Can you please give me a clue how you install it with a script. – iLemming May 13 '13 at 18:04
  • 2
    Look at the package.json. Under the "scripts" property, you can define another property, "test" whose value is a command you want to be run when you type `npm test`. npm docs are pretty good here: https://npmjs.org/doc/scripts.html – addisonj May 14 '13 at 17:23
2

To really update just one package install NCU and then run it just for that package. This will bump to the real latest.

npm install -g npm-check-updates

ncu -f your-intended-package-name -u
Community
  • 1
  • 1
regisbsb
  • 3,455
  • 2
  • 30
  • 40
-1

A very nice approach is to update the version names(version number) of packages in package.json file using,

ncu -u

the above command will update the names(version number) of the packages to the latest version in package.json file and then we just have to install the updated version of all the packages as,

npm install

after this all the packages will be updated to the latest version.

soraku02
  • 39
  • 1
  • 7