2013-04-18 02:39

如何将 package.json 中的每个依赖更新为最新版本?


I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.

What's the easiest way to do this?

The best way I know of now is to run npm info express version then update package.json manually for each one. There must be a better way.

  "name": "myproject",
  "description": "my node project",
  "version": "1.0.0",
  "engines": {
    "node": "0.8.4",
    "npm": "1.1.65"
  "private": true,
  "dependencies": {
    "express": "~3.0.3", // how do I get these bumped to latest?
    "mongodb": "~1.2.5",
    "underscore": "~1.4.2",
    "rjs": "~2.9.0",
    "jade": "~0.27.2",
    "async": "~0.1.22"

I am now a collaborator on npm-check-updates, which is a great solution to this problem.


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • weixin_41568196 撒拉嘿哟木头 8年前

    Looks like npm-check-updates is the only way to make this happen now.

    npm i -g npm-check-updates
    ncu -u
    npm install

    On npm <3.11:

    Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).


      "dependencies": {
        "express": "*",
        "mongodb": "*",
        "underscore": "*",
        "rjs": "*",
        "jade": "*",
        "async": "*"


      "dependencies": {
        "express": "~3.2.0",
        "mongodb": "~1.2.14",
        "underscore": "~1.4.4",
        "rjs": "~2.10.0",
        "jade": "~0.29.0",
        "async": "~0.2.7"

    Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.

    On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

    To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

    点赞 22 评论 复制链接分享
  • weixin_41568126 乱世@小熊 6年前

    TLDR; (updated for newer NPM versions)

    Things have changed a bit since these answers were originally written.

    npm 2+: npm outdated+npm update+npm shrinkwrap

    Older npm: npm-check-updates package + npm shrinkwrap

    Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run because my deps were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.


    For the curious who make it this far, here is what I recommend:

    Use npm-check-updates or npm outdated to suggest the latest versions.

    # `outdated` is part of newer npm versions (2+)
    $ npm outdated
    # If you agree, update.  
    $ npm update
    #       OR
    # Install and use the `npm-check-updates` package.
    $ npm install -g npm-check-updates
    # Then check your project
    $ npm-check-updates
    # If you agree, update package.json.
    $ npm-check-updates -u

    Then do a clean install (w/o the rm I got some dependency warnings)

    $ rm -rf node_modules
    $ npm install 

    Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap

    $ rm npm-shrinkwrap.json
    $ npm shrinkwrap

    Now, npm install will now use exact versions in npm-shrinkwrap.json

    If you check npm-shrinkwrap.json into git, all installs will use the exact same versions.

    This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).

    点赞 28 评论 复制链接分享
  • csdnceshi67 bug^君 7年前

    To update one dependency to its lastest version without having to manually open the package.json and change it, you can run

    npm install {package-name}@* {save flags?}


    npm install express@* --save

    For reference, npm-install

    As noted by user Vespakoen on a rejected edit, it's also possible to update multiple packages at once this way:

    npm install --save package-nave@* other-package@* whatever-thing@*

    He also apports a one-liner for the shell based on npm outdated. See the edit for code and explanation.

    PS: I also hate having to manually edit package.json for things like that ;)

    点赞 24 评论 复制链接分享
  • csdnceshi53 Lotus@ 7年前

    npm-check-updates is a utility that automatically adjusts a package.json with the latest version of all dependencies

    see https://www.npmjs.org/package/npm-check-updates

    $ npm install -g npm-check-updates
    $ ncu -u
    $ npm install 
    点赞 22 评论 复制链接分享
  • csdnceshi79 python小菜 4年前

    This is what I did to update all the dependencies in package.json to latest:

    npm install -g npm-check-updates
    ncu -u --packageFile package.json 
    点赞 10 评论 复制链接分享
  • csdnceshi71 Memor.の 4年前

    Try following command if you using npm 5 and node 8

    npm update --save

    点赞 8 评论 复制链接分享
  • csdnceshi73 喵-见缝插针 4年前

    I use npm-check to archive this.

    npm i -g npm npm-check
    npm-check -ug #to update globals
    npm-check -u #to update locals

    enter image description here

    Another useful command list which will keep exact version numbers in package.json

    npm cache clean
    rm -rf node_modules/
    npm i -g npm npm-check-updates
    ncu -g #update globals
    ncu -ua #update locals
    npm i
    点赞 8 评论 复制链接分享
  • csdnceshi79 python小菜 4年前

    To see which packages have newer versions available, then use the following command:

    npm outdated

    to update just one dependency just use the following command:

    npm install yourPackage@latest --save

    For example:

    My package.json file has dependency:

    "@progress/kendo-angular-dateinputs": "^1.3.1",

    then I should write:

    npm install @progress/kendo-angular-dateinputs@latest --save
    点赞 8 评论 复制链接分享
  • csdnceshi64 游.程 6年前
    1. Use * as the version for the latest releases, including unstable
    2. Use latest as version definition for the latest stable version
    3. Modify the package.json with exactly the latest stable version number using LatestStablePackages

    Here is an example:

    "dependencies": {
            "express": "latest"  // using the latest STABLE version
        ,   "node-gyp": "latest"    
        ,   "jade": "latest"
        ,   "mongoose": "*" // using the newest version, may involve the unstable releases
        ,   "cookie-parser": "latest"
        ,   "express-session": "latest"
        ,   "body-parser": "latest"
        ,   "nodemailer":"latest"
        ,   "validator": "latest"
        ,   "bcrypt": "latest"
        ,   "formidable": "latest"
        ,   "path": "latest"
        ,   "fs-extra": "latest"
        ,   "moment": "latest"
        ,   "express-device": "latest"
    点赞 7 评论 复制链接分享
  • csdnceshi54 hurriedly% 5年前


    Based on npm outdated, updtr installs the latest version and runs npm test for each dependency. If the test succeeds, updtr saves the new version number to your package.json. If the test fails, however, updtr rolls back its changes.


    点赞 7 评论 复制链接分享
  • csdnceshi71 Memor.の 7年前

    This works as of npm 1.3.15.

    "dependencies": {
      "foo": "latest"
    点赞 7 评论 复制链接分享
  • csdnceshi52 妄徒之命 4年前

    Greenkeeper if you're using Github. https://greenkeeper.io/

    It's a Github integration and incredibly easy to set things up. When installed, it automatically creates pull requests in repositories you specify (or all if wanted) and keeps your code always up-to-date, without forcing you to do anything manually. PRs should then trigger a build on a CI service and depending on a successful or failed check you can keep figuring out what's triggering the issue or when CI passes simply merge the PR.

    greenkeeper PR 1 greenkeeper PR 2

    At the bottom, you can see that the first build failed at first and after a commit ("upgrade to node v6.9") the tests pass so I could finally merge the PR. Comes with a lot of emoji, too.

    Another alternative would be https://dependencyci.com/, however I didn't test it intensively. After a first look Greenkeeper looks better in general IMO and has better integration.

    点赞 6 评论 复制链接分享
  • csdnceshi62 csdnceshi62 5年前

    Here is a basic regex to match semantic version numbers so you can quickly replace them all with an asterisk.

    Semantic Version Regex


    How to use

    Select the package versions you want to replace in the JSON file.

    screenshot:select the text you want to replace

    Input the regex above and verify it's matching the correct text.

    screenshot:input the semver regex above

    Replace all matches with an asterisk.

    screenshot:replace package versions with an asterisk

    Run npm update --save

    点赞 6 评论 复制链接分享
  • csdnceshi58 Didn"t forge 3年前



    npm-check-updates allows you to upgrade your package.json dependencies to the latest versions, regardless of existing version constraints.

    $ npm install -g npm-check-updates
    $ ncu -u

    dependencies updated! thats all!

    点赞 5 评论 复制链接分享
  • csdnceshi79 python小菜 6年前

    The only caveat I have found with the best answer above is that it updates the modules to the latest version. This means it could update to an unstable alpha build.

    I would use that npm-check-updates utility. My group used this tool and it worked effectively by installing the stable updates.

    As Etienne stated above: install and run with this:

    $ npm install -g npm-check-updates
    $ npm-check-updates -u
    $ npm install 
    点赞 5 评论 复制链接分享
  • weixin_41568196 撒拉嘿哟木头 7年前

    I recently had to update several projects that were using npm and package.json for their gruntfile.js magic. The following bash command (multiline command) worked well for me:

    npm outdated --json --depth=0 | \
    jq --ascii-output --monochrome-output '. | keys | .[]' | \
    xargs npm install $1 --save-dev

    The idea here: To pipe the npm outdated output as json, to jq
    (jq is a json command line parser/query tool)
    (notice the use of --depth argument for npm outdated)
    jq will strip the output down to just the top level package name only.
    finally xargs puts each LIBRARYNAME one at a time into a npm install LIBRARYNAME --save-dev command

    The above is what worked for me on a machine runnning: node=v0.11.10 osx=10.9.2 npm=1.3.24

    this required:
    xargs http://en.wikipedia.org/wiki/Xargs (native to my machine I believe)
    jq http://stedolan.github.io/jq/ (I installed it with brew install jq)

    Note: I only save the updated libraries to package.json inside of the json key devDependancies by using --save-dev, that was a requirement of my projects, quite possible not yours.

    Afterward I check that everything is gravy with a simple

    npm outdated --depth=0

    Also, you can check the current toplevel installed library versions with

    npm list --depth=0
    点赞 4 评论 复制链接分享
  • weixin_41568196 撒拉嘿哟木头 4年前
    • npm outdated
    • npm update

    Should get you the latest wanted versions compatible for your app. But not the latest versions.

    点赞 4 评论 复制链接分享
  • csdnceshi69 YaoRaoLov 4年前

    A very late reply. but may help someone.

    this feature has been introduced in npm v5. update to npm using npm install -g npm@latest and

    to update package.json

    1. delete /node_modules and package-lock.json (if you have any)

    2. run npm update. this will update the dependencies package.json to the latest, based on semver.

    to update to very latest version. you can go with npm-check-updates

    点赞 4 评论 复制链接分享
  • csdnceshi60 ℡Wang Yan 5年前

    Solution without additional packages

    Change every dependency's version to *:

    "dependencies": {
        "react": "*",
        "react-google-maps": "*"

    Then run npm update --save.

    Some of your packages were updated, but some not?

    "dependencies": {
        "react": "^15.0.1",
        "react-google-maps": "*"

    This is the tricky part, it means your local version of "react" was lower than the newest one. In this case npm downloaded and updated "react" package. However your local version of "react-google-maps" is the same as the newest one.

    If you still want to "update" unchanged *, you have to delete these modules from node_modules folder.

    e.g. delete node_modules/react-google-maps.

    Finally run again npm update --save.

    "dependencies": {
        "react": "^15.0.1",
        "react-google-maps": "^4.10.1"

    Do not forget to run npm update --save-dev if you want to update development dependencies.

    点赞 4 评论 复制链接分享
  • csdnceshi80 胖鸭 7年前

    Alternative is

        "foo" : ">=1.4.5"

    everytime you use npm update , it automatically update to the latest version. For more version syntax, you may check here: https://www.npmjs.org/doc/misc/semver.html

    点赞 4 评论 复制链接分享
  • csdnceshi61 derek5. 7年前

    The above commands are unsafe because you might break your module when switching versions. Instead I recommend the following

    • Set actual current node modules version into package.json using npm shrinkwrap command.
    • Update each dependency to the latest version IF IT DOES NOT BREAK YOUR TESTS using https://github.com/bahmutov/next-update command line tool
    npm install -g next-update
    // from your package
    点赞 3 评论 复制链接分享
  • csdnceshi61 derek5. 4年前

    One easy step:

    $ npm install -g npm-check-updates && ncu -a && npm i
    点赞 3 评论 复制链接分享
  • weixin_41568183 零零乙 4年前

    Ncu is a new alias to check for updates. By doing so you do not have to manually update ur version numbers in package.json ncu does it for you . Follow the method below if you are on a Linux machine

    sudo npm i -g npm-check-updates
    // decide between -u or -a
    ncu -u, --upgrade and overwrite package file
    ncu -a, --upgradeAll include even those dependencies whose latest 
              version satisfies the declared server dependency
    sudo npm install
    点赞 2 评论 复制链接分享
  • csdnceshi73 喵-见缝插针 4年前

    I really like how npm-upgrade works. It is a simple command line utility that goes through all of your dependencies and lets you see the current version compared to the latest version and update if you want.

    Here is a screenshot of what happens after running npm-upgrade in the root of your project (next to the package.json file):

    npm upgrade example

    For each dependency you can choose to upgrade, ignore, view the changelog, or finish the process. It has worked great for me so far.

    点赞 2 评论 复制链接分享
  • csdnceshi71 Memor.の 3年前

    The following code (which was accepted) wrote me something like "it takes too long blah-blah" and did nothing. Probably using the global flag was the problem, idk.

    npm i -g npm-check-updates
    ncu -u
    npm install

    I decided to use my text editor and follow a semi-manual approach instead.

    I copied a list like this (just a lot longer) from the dev dependencies of my package.json to the notepad++ text editor:

    "browserify": "10.2.6",
    "expect.js": "^0.3.1",
    "karma": "^0.13.22",
    "karma-browserify": "^5.2.0",

    I set the search mode to regular expression, used the ^\s*"([^"]+)".*$ pattern to get the package name and replaced it with npm uninstall \1 --save-dev \nnpm install \1 --save-dev. Clicked on "replace all". The otput was this:

    npm uninstall browserify --save-dev 
    npm install browserify --save-dev
    npm uninstall expect.js --save-dev 
    npm install expect.js --save-dev
    npm uninstall karma --save-dev 
    npm install karma --save-dev
    npm uninstall karma-browserify --save-dev 
    npm install karma-browserify --save-dev

    I copied it back to bash and hit enter. Everything was upgraded and working fine. That's all.

    "browserify": "^16.1.0",
    "expect.js": "^0.3.1",
    "karma": "^2.0.0",
    "karma-browserify": "^5.2.0",

    I don't think it is a big deal, since you have to do it only every now and then, but you can easily write a script, which parses the package.json and upgrades your packages. I think it is better this way, because you can edit your list if you need something special, for example keeping the current version of a lib.

    点赞 2 评论 复制链接分享
  • csdnceshi70 笑故挽风 4年前

    If you are using yarn, yarn upgrade-interactive is a really sleek tool that can allow you to view your outdated dependencies and then select which ones you want to update.

    More reasons to use Yarn over npm. Heh.

    点赞 2 评论 复制链接分享
  • csdnceshi62 csdnceshi62 4年前

    Commands that I had to use to update package.json for NPM 3.10.10:

    npm install -g npm-check-updates
    ncu -a
    npm install


    I was using the latest command from @josh3736 but my package.json was not updated. I then noticed the description text when running npm-check-updates -u:

    The following dependency is satisfied by its declared version range, but the installed version is behind. You can install the latest version without modifying your package file by using npm update. If you want to update the dependency in your package file anyway, run ncu -a.

    Reading the documentation for npm-check-updates you can see the difference:


    -u, --upgrade: overwrite package file

    -a, --upgradeAll: include even those dependencies whose latest version satisfies the declared semver dependency

    ncu is an alias for npm-check-updates as seen in the message when typing npm-check-updates -u:

    [INFO]: You can also use ncu as an alias
    点赞 1 评论 复制链接分享
  • weixin_41568110 七度&光 4年前

    If you happen to be using Visual Studio Code as your IDE, this is a fun little extension to make updating package.json a one click process.

    Version Lense

    enter image description here

    点赞 1 评论 复制链接分享
  • csdnceshi80 胖鸭 3年前

    If you use yarn, the following command updates all packages to their latest version:

    yarn upgrade --latest

    From their docs:

    The upgrade --latest command upgrades packages the same as the upgrade command, but ignores the version range specified in package.json. Instead, the version specified by the latest tag will be used (potentially upgrading the packages across major versions).

    点赞 评论 复制链接分享
  • csdnceshi78 程序go 3年前

    I solved this by seeing the instructions from https://github.com/tjunnone/npm-check-updates

    $ npm install -g npm-check-updates
    $ ncu
    $ ncu -u # to update all the dependencies to latest
    $ ncu -u "specific module name"  #in case you want to update specific dependencies to latest
    点赞 评论 复制链接分享