How to update each dependency in package.json to the latest version?

Question

I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don\'t mind

Answer 1

I found another solution for recent version of NPM. What I want to do is to replace all the "*" dependencies with the explicit lastest version number. None of the methods discussed has worked for me.

What I did:

1. Replace all "*" with "^0.0.0"
2. Run npm-check-updates -u

Everything in package.json now is updated to the last version.

Answer 2

Solution without additional packages

Change every dependency's version to *:

"dependencies": {
    "react": "*",
    "react-google-maps": "*"
  }

Then run npm update --save.

Some of your packages were updated, but some not?

"dependencies": {
    "react": "^15.0.1",
    "react-google-maps": "*"
  }

This is the tricky part, it means your local version of "react" was lower than the newest one. In this case npm downloaded and updated "react" package. However your local version of "react-google-maps" is the same as the newest one.

If you still want to "update" unchanged *, you have to delete these modules from node_modules folder.

e.g. delete node_modules/react-google-maps.

Finally run again npm update --save.

"dependencies": {
    "react": "^15.0.1",
    "react-google-maps": "^4.10.1"
  }

Do not forget to run npm update --save-dev if you want to update development dependencies.

Answer 3

Greenkeeper if you're using Github. https://greenkeeper.io/

It's a Github integration and incredibly easy to set things up. When installed, it automatically creates pull requests in repositories you specify (or all if wanted) and keeps your code always up-to-date, without forcing you to do anything manually. PRs should then trigger a build on a CI service and depending on a successful or failed check you can keep figuring out what's triggering the issue or when CI passes simply merge the PR.

At the bottom, you can see that the first build failed at first and after a commit ("upgrade to node v6.9") the tests pass so I could finally merge the PR. Comes with a lot of emoji, too.

Another alternative would be https://dependencyci.com/, however I didn't test it intensively. After a first look Greenkeeper looks better in general IMO and has better integration.

Answer 4

Alternative is

"dependencies":{
    "foo" : ">=1.4.5"
}

everytime you use npm update , it automatically update to the latest version. For more version syntax, you may check here: https://www.npmjs.org/doc/misc/semver.html

Answer 5

Looks like npm-check-updates is the only way to make this happen now.

npm i -g npm-check-updates
ncu -u
npm install

---

On npm <3.11:

Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).

Before:

  "dependencies": {
    "express": "*",
    "mongodb": "*",
    "underscore": "*",
    "rjs": "*",
    "jade": "*",
    "async": "*"
  }

After:

  "dependencies": {
    "express": "~3.2.0",
    "mongodb": "~1.2.14",
    "underscore": "~1.4.4",
    "rjs": "~2.10.0",
    "jade": "~0.29.0",
    "async": "~0.2.7"
  }

---

Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.

On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

Answer 6

Here is a basic regex to match semantic version numbers so you can quickly replace them all with an asterisk.

Semantic Version Regex

([>|<|=|~|^|\s])*?(\d+\.)?(\d+\.)?(\*|\d+)

How to use

Select the package versions you want to replace in the JSON file.

Input the regex above and verify it's matching the correct text.

Replace all matches with an asterisk.

Run npm update --save