Menu
What is the difference between the command npm update and the package npm-check-updates? Is it fully safe to use the latter?
It seems after executing npm update not all packages are updated, thus it seem it is incomplete. Many other popular SO answers refer to use first the prior command and then the latter, but I still do not understand what the latter does that the prior does not.
418
npm update -g will apply the update action to each globally installed package that is outdated -- that is, has a version that is different from wanted . Note: Globally installed packages are treated as if they are installed with a caret semver range specified.
The npm install installs all modules that are listed on package. json file and their dependencies. npm update updates all packages in the node_modules directory and their dependencies.
A bit late to the party but I felt like the previously accepted answer is outdated and slightly lacking.
npm update - updates the dependencies both in package.json and package-lock.json in accordance to the semantic version rules defined in package.json.
Key features of npm update:
package.json file with npm update --package-lock false. However, this flag will completely ignore package-lock.json and hence automatic pruning of extraneous modules will also be disabled.npm update will perform with the flag --dry-run, without actually updating.npm outdated - shows all the packages that have newer versions available, this includes breaking changes.
It prints a table that includes the package, the current version, the wanted version - according to the semver rules in the package.json - the latest version and the location of the package.
Running ncu without any flags will print a list of all the outdated packages and the version to which it would update, but will not apply any changes.
ncu --update - apply changes to the package.json file only. It will change the versions of all the dependencies in package.json to the latest (even if it's a breaking version!), but will not modify the package-lock.json file. For that, you will need to run npm install.
ncu --target [patch, minor, latest, newest, greatest] - choose which type of version to list/update.
| Feature | npm | ncu |
|---|---|---|
| Show Outdated Packages |
npm outdated - shows wanted & latest versions |
ncu - shows latest by default, can be customised |
| Update Packages | npm update |
ncu -u |
| Breaking Versions | Never updates to a breaking version, but shows them in npm outdated
|
Updates to and shows breaking version by default, can be customised |
package.json SemVer Rules |
npm outdated shows the "wanted" version according to SemVer rules, updates to "wanted" version |
Disregards SemVer rules (unless explicitly specified), can be customised to update to different types of versions |
| Files Modified | Modifies package.json and package-lock.json and installs the updated modules |
Modifies package.json, doesn't change package-lock.json and doesn't automatically install |
| Customisation | Can ignore package-lock.json (npm@7) and choose which packages to update |
Can choose what kind of version to update to (minor, patch, latest, greatest, newest) and which packages to update |
131
npm-check-updates will only modify your package.json file. Once you've run that command, you'll then need to run a separate npm install to grab those changes. On the other hand, npm update will do all of that, and not give you the chance to check what is being updated beforehand.
There used to be an annoyance that npm update did not update the package.json file but this is no longer the case from 5.0.0. And way back when, it also looked at package dependencies which caused no end of problems for a lot of people.
The key difference between the two is that you can run ncu (the alias for npm-check-updates) and, by default, it will not update your packages - merely tell you what packages need to be updated.
For example, below is the output from one of my legacy projects. Here, you can see that a few grunt packages are out of date, mainly because I no longer work on this project, prefer write build scripts in npm, and haven't had the time to update older projects.
λ ncu
Checking D:\Github\XQSF_Master\web\package.json
[====================] 10/10 100%
grunt ^1.0.3 → ^1.0.4
grunt-contrib-clean ^1.0.0 → ^2.0.0
grunt-contrib-cssmin ^2.2.1 → ^3.0.0
grunt-contrib-uglify ^3.2.1 → ^4.0.1
grunt-sass ~2.0.0 → ~3.0.2
Run ncu -u to upgrade package.json
No changes to my project were made - it simply told me what needed to be updated. This is why I prefer npm-check-updates. By default it doesn't make any changes.
If you DO want changes to be made by ncu, simply run ncu -u. This will update your package.json, but you will still need to run npm install for the node_modules folder to be updated to your new packages.
22
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
