Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

npm-upgrade

th0r15.9kMIT3.1.0

Interactive CLI utility to easily update outdated NPM dependencies

npm, update, outdated, dependencies, cli, interactive, automatic, changelog, ignore

readme

npm-upgrade

Interactive CLI utility to easily update outdated NPM dependencies with changelogs inspection support.

NPM version Downloads

What is this for?

If you are tired of manually upgrading package.json every time your package dependencies are getting out of date then this utility is for you.

Take a look at this demo:

npm-upgrade outdated packages

Installation

First, install Node.js (at least v10.19).

Then install this utility as global npm-module:

npm i -g npm-upgrade

Usage

This utility is supposed to be run in the root directory of your Node.js project (that contains package.json). Run npm-upgrade --help to see all available top-level commands:

check [filter]          Check for outdated modules
ignore <command>        Manage ignored modules
changelog <moduleName>  Show changelog for a module

Run npm-upgrade <command> --help to see usage help for corresponding command. check is the default command and can be omitted so running npm-upgrade [filter] is the same as npm-upgrade check [filter].

check command

It will find all your outdated deps and will ask to updated their versions in package.json, one by one. For example, here is what you will see if you use outdated version of @angular/common module:

Update "@angular/common" in package.json from 2.4.8 to 2.4.10? (Use arrow keys)
❯ Yes
  No
  Show changelog
  Ignore
  Finish update process
  • Yes will update @angular/common version in package.json to 2.4.10, but not immediately (see explanation below)
  • No will not update this module version.
  • Show changelog will try to find changelog url for the current module and open it in default browser.
  • Ignore will add this module to the ignored list (see details in Ignoring module section below).
  • Finish update process will ...hm... finish update process and save all the changes to package.json.

A note on saving changes to package.json: when you choose Yes to update some module's version, package.json won't be immediately updated. It will be updated only after you will process all the outdated modules and confirm update or when you choose Finish update process. So if in the middle of the update process you've changed your mind just press Ctrl+C and package.json will remain untouched.

If you want to check only some deps, you can use filter argument:

# Will check only `babel-core` module:
npm-upgrade babel-core

# Will check all the deps with `babel` in the name:
npm-upgrade '*babel*'

# Note quotes around `filter`. They are necessary because without them bash may interpret `*` as wildcard character.

# Will check all the deps, excluding any with `babel` in the name:
npm-upgrade '!*babel*'

# You can combine including and excluding rules:
npm-upgrade '*babel* !babel-transform-* !babel-preset-*'

If you want to check only a group of deps use these options:

-p, --production   Check only "dependencies"
-d, --development  Check only "devDependencies"
-o, --optional     Check only "optionalDependencies"

Alternatively, you can use the -g (--global) flag to upgrade your global packages. Note that this flag is mutually exclusive and npm-upgrade will only recognise the global flag if supplied with others. Also Note that this option will automatically attempt to upgrade your global packages using npm install -g <package>@<new-version>.

Ignoring module

Sometimes you just want to ignore newer versions of some dependency for some reason. For example, you use jquery v2 because of the old IE support and don't want npm-upgrade to suggest you updating it to v3. Or you use `some-funky-module@6.6.5and know that the new version6.6.6` contains a bug that breaks your app.

You can handle these situations by ignoring such modules. You can do it in two ways: choosing Ignore during update process or using npm ignore add command.

You will asked two questions. First is a version range to ignore. It should be a valid semver version. Here are a few examples:

  • 6.6.6 - will ignore only version 6.6.6. When the next version after 6.6.6 will be published npm-upgrade will suggest to update it. Can be used in some-funky-module example above.
  • >2 - will ignore all versions starting from 3.0.0. Can be used in jquery v2 example above.
  • 6.6.x || 6.7.x - will ignore all 6.6.x and 6.7.x versions.
  • * - will ignore all new versions.

And after that npm-upgrade will ask about the ignore reason. The answer is optional but is strongly recommended because it will help to explain your motivation to your сolleagues and to yourself after a few months.

All the data about ignored modules will be stored in .npm-upgrade.json file next to your project's package.json.

ignore command

It will help you manage ignored modules. See Ignoring module section for more details. It has the following subcommands:

npm-upgrade ignore <command>

Commands:
  add [module]        Add module to ignored list
  list                Show the list of ignored modules
  reset [modules...]  Reset ignored modules
  • add - will add a module from your deps to ignored list. You can either provide module name as optional module argument or interactively select it from the list of project's deps.
  • list - will show the list of currently ignored modules along with their ignored versions and reasons.
  • reset - will remove modules from the ignored list. You can either provide module names as modules argument (separated by space) or interactively select them from the list of project's deps.

changelog command

npm-upgrade changelog <moduleName>

Will try to find changelog url for provided module and open it in default browser.

Troubleshooting

Wrong changelog shown for <moduleName> or not shown at all!

Yes, It can happen sometimes. This is because there is no standardized way to specify changelog location for the module, so it tries to guess it, using these rules one by one:

  1. Check db/changelogUrls.json from master branch on GitHub or the local copy if it's unreachable.
  2. Check changelog field from module's package.json.
  3. Parse module's repository.url field and if it's on GitHub, try to request some common changelog files (CHANGELOG.md, History.md etc.) from master branch and if it fails, open Releases page.

So, if it guessed wrong it would be great if you could either fill an issue about this or submit a PR which adds proper changelog URL to db/changelogUrls.json. There is a tool in the repository for you to make it as easy as possible:

./tools/addModuleChangelogUrlToDb.js <moduleName> <changelogUrl>

License

MIT

changelog

Changelog

Tags:

  • [Breaking Change]
  • [New Feature]
  • [Improvement]
  • [Bug Fix]
  • [Internal]
  • [Documentation]

Note: Gaps between patch versions are faulty, broken or test releases.

3.1.0

  • New Feature
    • --global flag that allows to upgrade global packages (#70, @Medallyon)

3.0.0

  • Breaking Change

    • Drop support for Node.js <= 10.19

  • Internal

    • Update deps

2.0.4

2.0.3

  • Internal
    • Update deps

2.0.2

  • Bug Fix
    • Fix handling of dependency group flags (--production, --development etc.)

2.0.1

  • Improvement

2.0.0

  • Breaking Change

    • Drop support for Node.js <= 8.10

  • Improvement

    • Show @types/* packages right below their corresponding modules (closes #32)

  • Internal

    • Update deps

1.4.1

  • Improvement
    • Preserve indentation in package.json (#21, @cascornelissen)

1.4.0

  • Internal
    • Update deps

1.3.0

  • New Feature

    • Show list of packages that will be updated in the end of upgrade process (#18)

  • Internal

    • Drop support for Node 4
    • Update deps

1.2.0

  • Internal
    • Update deps

1.1.0

  • New Feature

    • Added changelog command

  • Internal

    • Update deps

1.0.4

  • Bug Fix

    • Fix Node 8 compatibility issue

  • Internal

    • Use prepare npm script instead of prepublish
    • Update inquirer

1.0.2

  • Bug Fix

    • Fix ignore reset command
    • Remove irrelevant webpack changelog url from db

  • Internal

    • Use babel-preset-env instead of babel-preset-es2015
    • Update deps

1.0.1

  • New Feature

    • Ignore modules feature

  • Internal

    • Update deps

0.7.0

  • New Feature

    • Ability to finish upgrade process on every step

  • Bug Fix

    • Fix npm loader shown during upgrade process

0.6.2

  • Bug Fix
    • Fixes #5: Changelogs do not work anymore

0.6.1

  • Improvement
    • Add CHANGELOG to the list of common changelog files

0.6.0

  • New Feature

    • Added filter CLI argument (see Usage section in README.md)

  • Internal

    • Update deps

0.5.1

  • Bug Fix
    • Fixed URL to the issues page for the "couldn't find the changelog" message
    • Fixed detection of the repository's "Releases" page on GitHub if it contains dot in the name

0.5.0

  • New Feature
    • CLI options added to only check for specified groups of dependencies (see Options section in README.md)

0.4.4

  • Bug Fix
    • Fixed bug with requesting remote changelog URLs database

0.4.3

  • Breaking Change

    • Changelog URLs database have been moved from data/homepages.json to db/changelogUrls.json

  • Improvement

    • Utility now tries to find changelog URL for modules hosted on GitHub. It will check for some common changelog filenames like CHANGELOG.md, History.md etc. and open them in browser if they are present in the repository. If not, it will open project's releases page.

  • New Feature

    • Added dev CLI utility to easily add module's changelog URL to the database (tools/addModuleChangelogUrlToDb.js). Run it without arguments for more info.

0.3.0

  • New Feature
    • Option to open module's homepage or changelog during update process.

0.2.0

  • New Feature

    • Colorize new/old module versions diff.

  • Internal

    • Split code into ES2015 modules.