Table of contents

npm-update

Update packages

Select CLI Version:

Table of contents

Synopsis

npmupdate[<pkg>...]


aliases: up, upgrade, udpate

Description

This command will update all the packages listed to the latest version (specified by thetagconfig), respecting the semver constraints of both your package and its dependencies (if they also require the same package).

It will also install missing packages.

If the-gflag is specified, this command will update globally installed packages.

If no package name is specified, all packages in the specified location (global or local) will be updated.

Note that by defaultnpm updatewill not update the semver values of direct dependencies in your projectpackage.json.If you want to also update values inpackage.jsonyou can run:npm update --save(or add thesave=trueoption to aconfiguration fileto make that the default behavior).

Example

For the examples below, assume that the current package isappand it depends on dependencies,dep1(dep2,.. etc.). The published versions ofdep1are:

{
"dist-tags":{"latest":"1.2.2"},
"versions":[
"1.2.2",
"1.2.1",
"1.2.0",
"1.1.2",
"1.1.1",
"1.0.0",
"0.4.1",
"0.4.0",
"0.2.0"
]
}

Caret Dependencies

Ifapp'spackage.jsoncontains:

"dependencies":{
"dep1":"^1.1.1"
}

Thennpm updatewill install[email protected],because1.2.2islatestand1.2.2satisfies^1.1.1.

Tilde Dependencies

However, ifapp'spackage.jsoncontains:

"dependencies":{
"dep1":"~1.1.1"
}

In this case, runningnpm updatewill install[email protected].Even though thelatesttag points to1.2.2,this version does not satisfy~1.1.1,which is equivalent to>=1.1.1 <1.2.0.So the highest-sorting version that satisfies~1.1.1is used, which is1.1.2.

Caret Dependencies below 1.0.0

Supposeapphas a caret dependency on a version below1.0.0,for example:

"dependencies":{
"dep1":"^0.2.0"
}

npm updatewill install[email protected].

If the dependence were on^0.4.0:

"dependencies":{
"dep1":"^0.4.0"
}

Thennpm updatewill install[email protected],because that is the highest-sorting version that satisfies^0.4.0(>= 0.4.0 <0.5.0)

Subdependencies

Suppose your app now also has a dependency ondep2

{
"name":"my-app",
"dependencies":{
"dep1":"^1.0.0",
"dep2":"1.0.0"
}
}

anddep2itself depends on this limited range ofdep1

{
"name":"dep2",
"dependencies":{
"dep1":"~1.1.1"
}
}

Thennpm updatewill install[email protected]because that is the highest version thatdep2allows. npm will prioritize having a single version ofdep1in your tree rather than two when that single version can satisfy the semver requirements of multiple dependencies in your tree. In this case if you really did need your package to use a newer version you would need to usenpm install.

Updating Globally-Installed Packages

npm update -gwill apply theupdateaction to each globally installed package that isoutdated-- that is, has a version that is different fromwanted.

Note: Globally installed packages are treated as if they are installed with a caret semver range specified. So if you require to update tolatestyou may need to runnpm install -g [<pkg>...]

NOTE: If a package has been upgraded to a version newer thanlatest,it will bedowngraded.

Configuration

save

  • Default:trueunless when usingnpm updatewhere it defaults tofalse
  • Type: Boolean

Save installed packages to apackage.jsonfile as dependencies.

When used with thenpm rmcommand, removes the dependency frompackage.json.

Will also prevent writing topackage-lock.jsonif set tofalse.

global

  • Default: false
  • Type: Boolean

Operates in "global" mode, so that packages are installed into theprefixfolder instead of the current working directory. Seefoldersfor more on the differences in behavior.

  • packages are installed into the{prefix}/lib/node_modulesfolder, instead of the current working directory.
  • bin files are linked to{prefix}/bin
  • man pages are linked to{prefix}/share/man

install-strategy

  • Default: "hoisted"
  • Type: "hoisted", "nested", "shallow", or "linked"

Sets the strategy for installing packages in node_modules. hoisted (default): Install non-duplicated in top-level, and duplicated as necessary within directory structure. nested: (formerly --legacy-bundling) install in place, no hoisting. shallow (formerly --global-style) only install direct deps at top-level. linked: (experimental) install in node_modules/.store, link in place, unhoisted.

legacy-bundling

  • Default: false
  • Type: Boolean
  • DEPRECATED: This option has been deprecated in favor of--install-strategy=nested

Instead of hoisting package installs innode_modules,install packages in the same manner that they are depended on. This may cause very deep directory structures and duplicate package installs as there is no de-duplicating. Sets--install-strategy=nested.

global-style

  • Default: false
  • Type: Boolean
  • DEPRECATED: This option has been deprecated in favor of--install-strategy=shallow

Only install direct dependencies in the top levelnode_modules,but hoist on deeper dependencies. Sets--install-strategy=shallow.

omit

  • Default: 'dev' if theNODE_ENVenvironment variable is set to 'production', otherwise empty.
  • Type: "dev", "optional", or "peer" (can be set multiple times)

Dependency types to omit from the installation tree on disk.

Note that these dependenciesarestill resolved and added to thepackage-lock.jsonornpm-shrinkwrap.jsonfile. They are just not physically installed on disk.

If a package type appears in both the--includeand--omitlists, then it will be included.

If the resulting omit list includes'dev',then theNODE_ENVenvironment variable will be set to'production'for all lifecycle scripts.

include

  • Default:
  • Type: "prod", "dev", "optional", or "peer" (can be set multiple times)

Option that allows for defining which types of dependencies to install.

This is the inverse of--omit=<type>.

Dependency types specified in--includewill not be omitted, regardless of the order in which omit/include are specified on the command-line.

strict-peer-deps

  • Default: false
  • Type: Boolean

If set totrue,and--legacy-peer-depsis not set, thenanyconflictingpeerDependencieswill be treated as an install failure, even if npm could reasonably guess the appropriate resolution based on non-peer dependency relationships.

By default, conflictingpeerDependenciesdeep in the dependency graph will be resolved using the nearest non-peer dependency specification, even if doing so will result in some packages receiving a peer dependency outside the range set in their package'speerDependenciesobject.

When such an override is performed, a warning is printed, explaining the conflict and the packages involved. If--strict-peer-depsis set, then this warning is treated as a failure.

package-lock

  • Default: true
  • Type: Boolean

If set to false, then ignorepackage-lock.jsonfiles when installing. This will also preventwritingpackage-lock.jsonifsaveis true.

foreground-scripts

  • Default:falseunless when usingnpm packornpm publishwhere it defaults totrue
  • Type: Boolean

Run all build scripts (ie,preinstall,install,andpostinstall) scripts for installed packages in the foreground process, sharing standard input, output, and error with the main npm process.

Note that this will generally make installs run slower, and be much noisier, but can be useful for debugging.

ignore-scripts

  • Default: false
  • Type: Boolean

If true, npm does not run scripts specified in package.json files.

Note that commands explicitly intended to run a particular script, such asnpm start,npm stop,npm restart,npm test,andnpm run-scriptwill still run their intended script ifignore-scriptsis set, but they willnotrun any pre- or post-scripts.

audit

  • Default: true
  • Type: Boolean

When "true" submit audit reports alongside the current npm command to the default registry and all registries configured for scopes. See the documentation fornpm auditfor details on what is submitted.

bin-links

  • Default: true
  • Type: Boolean

Tells npm to create symlinks (or.cmdshims on Windows) for package executables.

Set to false to have it not do this. This can be used to work around the fact that some file systems don't support symlinks, even on ostensibly Unix systems.

fund

  • Default: true
  • Type: Boolean

When "true" displays the message at the end of eachnpm installacknowledging the number of dependencies looking for funding. Seenpm fundfor details.

dry-run

  • Default: false
  • Type: Boolean

Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg,install,update,dedupe,uninstall,as well aspackandpublish.

Note: This is NOT honored by other network related commands, egdist-tags,owner,etc.

workspace

  • Default:
  • Type: String (can be set multiple times)

Enable running a command in the context of the configured workspaces of the current project while filtering by running only the workspaces defined by this configuration option.

Valid values for theworkspaceconfig are either:

  • Workspace names
  • Path to a workspace directory
  • Path to a parent workspace directory (will result in selecting all workspaces within that folder)

When set for thenpm initcommand, this may be set to the folder of a workspace which does not yet exist, to create the folder and set it up as a brand new workspace within the project.

This value is not exported to the environment for child processes.

workspaces

  • Default: null
  • Type: null or Boolean

Set to true to run the command in the context ofallconfigured workspaces.

Explicitly setting this to false will cause commands likeinstallto ignore workspaces altogether. When not set explicitly:

  • Commands that operate on thenode_modulestree (install, update, etc.) will link workspaces into thenode_modulesfolder. - Commands that do other things (test, exec, publish, etc.) will operate on the root project,unlessone or more workspaces are specified in theworkspaceconfig.

This value is not exported to the environment for child processes.

include-workspace-root

  • Default: false
  • Type: Boolean

Include the workspace root when workspaces are enabled for a command.

When false, specifying individual workspaces via theworkspaceconfig, or all workspaces via theworkspacesflag, will cause npm to operate only on the specified workspaces, and not on the root project.

This value is not exported to the environment for child processes.

install-links

  • Default: false
  • Type: Boolean

When set file: protocol dependencies will be packed and installed as regular dependencies instead of creating a symlink. This option has no effect on workspaces.

See Also

Edit this page on GitHub
2contributorsDanKaplanSESDanKaplanSESlukekarryslukekarrys
Last edited byDanKaplanSESonJanuary 19, 2024