How to Keep Your Dependencies Up to Date with npm and Yarn
Introduction
Package managers have made everyday use of other’s code much smoother and more standardized. Gone are the days where there was no consistent way of doing common tasks including:
- Installing/uninstalling Node packages and their dependencies
- Creating/publishing dependencies
- Keeping up-to-date with package versions, as well as the versions of *their* dependencies
This last, bolded point is what this article will be discussing. Today, with package managers like npm and Yarn, there are ways of handily updating packages and their dependencies.
Dependencies and versioning
npm and Yarn both follow the rules of semantic versioning to notate a package’s given version. Each package version starts at 1.0.0 and progresses at various points, broken down like this.
Many packages use other existing packages to lend to their unique functionality. These packages are known as “dependencies”. The next section will show how to update a single dependency.
Updating a single package dependency
To check for outdated dependencies within a package, use the outdated command with either npm or Yarn:
$ npm outdated $ $ yarn outdatedThis will display a list of package dependencies that could be updated to a newer version. Here are some ways to update a single dependency.
npm
The npm update command, when used with a specific package name, updates that package. Some minor syntactical points to note:
Assuming we have an outdated version of already installed:
$ npm update lodash@4.17.10$ npm update lodash@latest
Yarn
In Yarn, the commands are similar. Instead of using update, use up.
Sticking with the lodash example, here is updating to a specific version:
And here’s updating to the latest version:
$ yarn up lodashUpdating all package dependencies
While we could use npm update or yarn upgrade to update all dependencies within the constraints of the package.json file, this section covers updating all dependencies to their latest major version.
There is a package known as npm-check-updates, which is designed to update all dependencies regardless of what was specified in package.json. It's shorthand alias is ncu.
Because both npm and Yarn have access to the npm Registry, npm-check-updates is compatible with both!
Originally published at https://blog.mydevdiary.net.
