Skip to content

Find newer versions of package dependencies than what your package.json allows

License

Notifications You must be signed in to change notification settings

MarxZhou/npm-check-updates

 
 

Repository files navigation

npm-check-updates npm version Build Status Coverage Status

npm-check-updates upgrades your package.json dependencies to the latest versions, ignoring specified versions.

  • maintains existing semantic versioning policies, i.e. "express": "^4.0.0" to "express": "^5.0.0".
  • only modifies package.json file. Run npm install to update your installed packages and package-lock.json.

npm-check-updates-screenshot

  • Red = major upgrade (and all major version zero)
  • Cyan = minor upgrade
  • Green = patch upgrade

You may also want to consider npm-check. Similar purpose, different features.

Installation

npm install -g npm-check-updates

Usage

Show any new dependencies for the project in the current directory:

$ ncu
Checking package.json
[====================] 5/5 100%

 express           4.12.x  →   4.13.x
 multer            ^0.1.8  →   ^1.0.1
 react-bootstrap  ^0.22.6  →  ^0.24.0
 react-a11y        ^0.1.1  →   ^0.2.6
 webpack          ~1.9.10  →  ~1.10.5

Run ncu -u to upgrade package.json

Upgrade a project's package file:

Make sure your package file is in version control and all changes have been committed. This will overwrite your package file.

$ ncu -u
Upgrading package.json
[====================] 1/1 100%

 express           4.12.x  →   4.13.x

Run npm install to install new versions.

$ npm install      # update installed packages and package-lock.json

Check global packages:

ncu -g           # add -u to get a one-line command for upgrading

You can include or exclude specific packages using the --filter and --reject options. They accept strings, comma-or-space-delimited lists, or regular expressions:

# match mocha and should packages exactly
$ ncu mocha             # shorthand for ncu -f mocha (or --filter)
$ ncu one, two, three

# exclude packages
$ ncu -x nodemon        # shorthand for ncu --reject nodemon

# match packages that start with "gulp-" using regex
$ ncu "/^gulp-.*$/"

# match packages that do not start with "gulp-".
$ ncu '/^(?!gulp-).*$/' # mac/linux
$ ncu "/^(?!gulp-).*$/" # windows

Options

--concurrency            max number of concurrent HTTP requests to npm registry
                         (default: 8)
--configFilePath         rc config file path (default: directory of
                         `packageFile` or ./ otherwise)
--configFileName         rc config file name (default: .ncurc.{json,yml,js}) --cwd
                         Used as current working directory for `spawn` in npm listing
--dep                    check only a specific section(s) of dependencies:
                         prod|dev|peer|optional|bundle (comma-delimited)
--engines-node           include only packages that satisfy engines.node as
                         specified in the package file
-e, --error-level        set the error-level. 1: exits with error code 0 if no
                         errors occur. 2: exits with error code 0 if no
                         packages need updating (useful for continuous
                         integration)
-f, --filter             include only package names matching the given string,
                         comma-or-space-delimited list, or /regex/
-g, --global             check global packages instead of in the current project
-i, --interactive        Enable interactive prompts for each dependency;
                         Implies -u unless one of the json options are set
-j, --jsonAll            output new package file instead of human-readable
                         message
--jsonDeps               returns output like `jsonAll` but only lists
                         `dependencies`, `devDependencies`, and
                         `optionalDependencies` of the new package data.
--jsonUpgraded           output upgraded dependencies in json
-l, --loglevel           what level of logs to report: silent, error, warn,
                         info, verbose, silly (default: warn)
-m, --minimal            do not upgrade to newer versions that are already
                         satisfied by the existing version range (v2 behavior).
-n, --newest             find the newest published versions available instead
                         of the latest stable versions
-p, --packageManager     npm|yarn (default: npm)
--packageData            include stringified package file (use stdin instead)
--packageFile            package file location (default: ./package.json)
--pre                    include -alpha, -beta, -rc. (default: 0; default
                         with --newest and --greatest: 1)
--prefix                 Used as current working directory in npm
-r, --registry           specify third-party NPM registry
--removeRange            remove version ranges from the final package version
-s, --silent             don't output anything (--loglevel silent)
--semverLevel            find the highest version within "major" or "minor"
-t, --greatest           find the highest versions available instead of the
                         latest stable versions
--timeout                a global timeout in milliseconds. (default: no global
                         timeout and 30 seconds per npm-registery-fetch)
-u, --upgrade            overwrite package file
-v, --version            get version
-V                       get version
-x, --reject             exclude packages matching the given string, comma-
                         delimited list, or regex

How dependency updates are determined

  • Direct dependencies are updated to the latest stable version:
    • 2.0.12.2.0
    • 1.21.3
    • 0.1.01.0.1
  • Range operators are preserved and the version is updated:
    • ^1.2.0^2.0.0
    • 1.x2.x
    • >0.2.0>0.3.0
  • "Less than" is replaced with a wildcard:
    • <2.0.0^3.0.0
    • 1.0.0 < 2.0.0^3.0.0
  • "Any version" is preserved:
    • **
  • with --semverLevel major, the major version is preserved:
    • 0.1.00.2.1
  • with --semverLevel minor, the major and minor versions are preserved:
    • 0.1.00.1.2

Configuration Files

Use a .ncurc.{json,yml,js} file to specify configuration information. You can specify file name and path using --configFileName and --configFilePath command line options.

For example, .ncurc.json:

{
  "upgrade": true,
  "filter": "express",
  "reject": [
    "@types/estree",
    "ts-node"
  ]
}

Module Use

npm-check-updates can be required:

const ncu = require('npm-check-updates');

ncu.run({
    // Any command-line option can be specified here.
    // These are set by default:
    jsonUpgraded: true,
    packageManager: 'npm',
    silent: true
}).then((upgraded) => {
    console.log('dependencies to upgrade:', upgraded);
});

Known Issues

  • Windows: If npm-check-updates hangs, run ncu --loglevel verbose to see if it is waiting for stdin. If so, try setting the package file explicitly: ncu --packageFile package.json. See #136.

Also search the issues page.

Problems?

Please file an issue! But always search existing issues first!

About

Find newer versions of package dependencies than what your package.json allows

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • JavaScript 99.9%
  • Dockerfile 0.1%