如何将 package.json 中的每个依赖更新为最新版本?

I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.

What's the easiest way to do this?

The best way I know of now is to run npm info express version then update package.json manually for each one. There must be a better way.

{
  "name": "myproject",
  "description": "my node project",
  "version": "1.0.0",
  "engines": {
    "node": "0.8.4",
    "npm": "1.1.65"
  },
  "private": true,
  "dependencies": {
    "express": "~3.0.3", // how do I get these bumped to latest?
    "mongodb": "~1.2.5",
    "underscore": "~1.4.2",
    "rjs": "~2.9.0",
    "jade": "~0.27.2",
    "async": "~0.1.22"
  }
}

I am now a collaborator on npm-check-updates, which is a great solution to this problem.

转载于:https://stackoverflow.com/questions/16073603/how-do-i-update-each-dependency-in-package-json-to-the-latest-version

csdnceshi64
游.程 npm will correctly handle version conflicts between shared dependencies by downloading the correct one for each. So, if Dep A depends on Dep C v1.0.0 and Dep B depends on Dep C v2.0.0, they will each be installed and used appropriately. Therefore, you are free to install the latest of any packages you would like.
接近 4 年之前 回复
csdnceshi57
perhaps? There NEEDS to be some better answers here. Obviously with dependency resolution, you can't always have the latest version of everything. Maximizing the greatest number of latest versions of modules is just that, some sort of optimization problem. But NPM doesn't know which modules you want to be most recent more than others. It would be cool if there was something like this: npm update --latest x y z, where x y z are the modules you want to be as recent as possible and all other modules will follow with their most recent compatible version.
接近 4 年之前 回复
csdnceshi64
游.程 Great to see another approach to this problem. I really like Salita's output. Some nice features that the tool I contribute to now, github.com/tjunnone/npm-check-updates, are preservation of versioning semantics (like 1.x or >2.1.0) and filtering by name/regex/devDeps-only.
5 年多之前 回复
csdnceshi53
Lotus@ Every time I end up on this question is because I was looking for github.com/tbranyen/salita. Simple CLI tool to update all dependencies to the latest version.
5 年多之前 回复

30个回答

Looks like npm-check-updates is the only way to make this happen now.

npm i -g npm-check-updates
ncu -u
npm install

On npm <3.11:

Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).

Before:

  "dependencies": {
    "express": "*",
    "mongodb": "*",
    "underscore": "*",
    "rjs": "*",
    "jade": "*",
    "async": "*"
  }

After:

  "dependencies": {
    "express": "~3.2.0",
    "mongodb": "~1.2.14",
    "underscore": "~1.4.4",
    "rjs": "~2.10.0",
    "jade": "~0.29.0",
    "async": "~0.2.7"
  }

Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.

On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

csdnceshi79
python小菜 Worked perfectly for me, thank you!
大约 2 年之前 回复
csdnceshi73
喵-见缝插针 on second step, you will have to do ncu -ua in case you want version to persist in package.json
2 年多之前 回复
csdnceshi78
程序go Wow, there is no official way? No feature in npm to update ALL to the LATEST version? That's weak.
2 年多之前 回复
weixin_41568184
叼花硬汉 Nope. Running npx npm-check-updates gives me require.extensions.hasOwnProperty is not a function
2 年多之前 回复
csdnceshi51
旧行李 Seriously, it is 2018 and I still need to install an additional npm package to do something simple as updating a package.
2 年多之前 回复
csdnceshi76
斗士狗 The * option does not work for me. I forced to change the module version number to a small number, for example, 0.0.1, then run ncu -u and it worked.
2 年多之前 回复
csdnceshi61
derek5. That works fine.
2 年多之前 回复
csdnceshi66
必承其重 | 欲带皇冠 If you're running npm >= 5.2 you can just run npx npm-check-updates as a single command without having to install globally first
接近 3 年之前 回复
weixin_41568131
10.24 npm update --save (and --save-dev) works fine in 5.3.0 (current version at the moment)
大约 3 年之前 回复
weixin_41568208
北城已荒凉 In text editor, use regexp replace(i used Eclipse Find/Replace with checked Regular Expressions) to quickly go thru all entries Find: : ".*?" Replace with: : "*" Put cursor to first dependency, and tap Replace/Find until reach end of list
接近 5 年之前 回复
weixin_41568126
乱世@小熊 delete npm_modules folder just in case you have the updated version already (it will keep the * if so)
5 年多之前 回复
weixin_41568196
撒拉嘿哟木头 npm update --save seems to destroy git dependencies. Turns them into local file: dependencies.
5 年多之前 回复
csdnceshi58
Didn"t forge Yes, poor choice of words. It's the "best" solution that I know of. Not official.
接近 6 年之前 回复
csdnceshi54
hurriedly% that's a third-party module. While useful, I don't see anything that indicates it's officially supported by npm.
接近 6 年之前 回复
csdnceshi58
Didn"t forge npm-check-updates is now the officially supported method for updating your package version numbers to the latest.
接近 6 年之前 回复
csdnceshi55
~Onlooker Your problem is probably coming from the fact that you try to update dev packages by typing npm update --save instead of npm update --save-dev.
大约 6 年之前 回复
csdnceshi75
衫裤跑路 Is there a way to get npm outdated to only show outdated dependencies that are direct dependencies of your project? It seems to also show outdated dependencies for packages in your node_modules directory.
6 年多之前 回复
csdnceshi59
ℙℕℤℝ It looks like it only updates package.json for packages that actually get updated. I found that if I deleted node_modules before running the command, it performed as described in the original answer.
6 年多之前 回复
csdnceshi57
perhaps? A bit old but that might help other people: github.com/tjunnone/npm-check-updates | Use npm install -g npm-check-updates to install, then npm-check-updates to check if your dependencies have updates, and npm-check-updates -u to update your package.json versions. Then it's just npm install and it will download new versions.
6 年多之前 回复
csdnceshi62
csdnceshi62 Unfortunately, using update doesn't work either, for me. I'm still left with the wildcards. Is there any documentation about this that you know of, or any other resources I might look at?
接近 7 年之前 回复
csdnceshi54
hurriedly% Yes, npm 1.3 (released with node 0.10.13) made changes that result in npm install --save not updating package.json. Fortunately, npm update --save still works.
接近 7 年之前 回复
csdnceshi62
csdnceshi62 I'm not able to get this to work. Has something changed with npm since this answer was posted? When I use the wildcard and then npm install --save the wildcard is left in my package.json.
接近 7 年之前 回复
csdnceshi58
Didn"t forge Tip: Change version numbers like "~3.2.0" to "~3" after the install. This will allow minor version and patch updates (which are backwards compatible in semver) and ignore major version updates (which may be breaking). The magic of '~'!
接近 7 年之前 回复
csdnceshi54
hurriedly% You generally shouldn't leave * in package.json since you might end up automatically installing a new module version with breaking changes that break your app. Since we're using --save here, the * is replaced with each package's current version.
大约 7 年之前 回复
weixin_41568174
from.. Looks like using * is not recommended package.json.nodejitsu.com. Is that any specific reason?
大约 7 年之前 回复
csdnceshi58
Didn"t forge Great answer, thank you. npm outdated doesn't seem to work for me, unless I'm misunderstanding what it does. I changed async to "0.2.5", reinstalled it, and ran npm outdated and it returned an empty line.
7 年多之前 回复

TLDR; (updated for newer NPM versions)

Things have changed a bit since these answers were originally written.

npm 2+: npm outdated+npm update+npm shrinkwrap

Older npm: npm-check-updates package + npm shrinkwrap

Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run because my deps were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.


Details

For the curious who make it this far, here is what I recommend:

Use npm-check-updates or npm outdated to suggest the latest versions.

# `outdated` is part of newer npm versions (2+)
$ npm outdated
# If you agree, update.  
$ npm update

#       OR

# Install and use the `npm-check-updates` package.
$ npm install -g npm-check-updates
# Then check your project
$ npm-check-updates
# If you agree, update package.json.
$ npm-check-updates -u

Then do a clean install (w/o the rm I got some dependency warnings)

$ rm -rf node_modules
$ npm install 

Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap

$ rm npm-shrinkwrap.json
$ npm shrinkwrap

Now, npm install will now use exact versions in npm-shrinkwrap.json

If you check npm-shrinkwrap.json into git, all installs will use the exact same versions.

This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).

csdnceshi76
斗士狗 Would be great if npm update actually updated package.json. Per github.com/npm/npm/issues/13555 this is a bug which is not fixed after 2 years. npmjs.com/package/npm-check-updates is the current way to go
2 年多之前 回复
csdnceshi63
elliott.david Can you answer if there is an alternative to yarn upgrade package@version?
接近 3 年之前 回复
weixin_41568184
叼花硬汉 this does not answer the question. The question is how to update the latest version. npm update only updates to the semver version, not the latest.
大约 4 年之前 回复
weixin_41568127
?yb? For sure. If you create and npm-shrinkwrap.json into source, and commit whenever you update, you can always 'go back to where you were'. I overlooked shrinkwrap feature when I started.
4 年多之前 回复
csdnceshi75
衫裤跑路 From experience, the advice to always update all packages at once can be dangerous.
4 年多之前 回复
csdnceshi66
必承其重 | 欲带皇冠 this is the actual correct answer. with dozens of deps installed, this is def a better way
接近 5 年之前 回复

To update one dependency to its lastest version without having to manually open the package.json and change it, you can run

npm install {package-name}@* {save flags?}

i.e.

npm install express@* --save

For reference, npm-install


As noted by user Vespakoen on a rejected edit, it's also possible to update multiple packages at once this way:

npm install --save package-nave@* other-package@* whatever-thing@*

He also apports a one-liner for the shell based on npm outdated. See the edit for code and explanation.


PS: I also hate having to manually edit package.json for things like that ;)

weixin_41568183
零零乙 I just used something similar that worked, from possibly more recent docs... uses "latest" instead of "*" npm install {package-name}@latest {save flags}
大约 2 年之前 回复
csdnceshi61
derek5. If using bash, an alias with the following oneliner to update devDeps npm outdated -lp|awk -F':' '$5~/^dev/{print $4}'|xargs npm i -D and this for update deps npm outdated -lp|awk -F':' '$5~/^dep/{print $4}'|xargs npm i -P.
2 年多之前 回复
weixin_41568126
乱世@小熊 ncu can easily target a single or several packages with ncu express mocha chai. You can also exclude packages with ncu -x mocha. I agree the above is the simplest solution though for updating a single package.
接近 4 年之前 回复
csdnceshi55
~Onlooker Use npm outdated -l to show whether each package is a dependency or devDependency. Use npm install --save-dev to save as a devDependency.
接近 4 年之前 回复
weixin_41568134
MAO-EYE this doesn't work for me npm install react-native-image-picker@* --save
接近 5 年之前 回复
csdnceshi58
Didn"t forge This solution is great. Quick and easy way to explicitly update a single package to the latest version without installing any new modules. I like npm-check-updates, but afaik it tries to keep all packages up to date, which isn't always what you want.
5 年多之前 回复

npm-check-updates is a utility that automatically adjusts a package.json with the latest version of all dependencies

see https://www.npmjs.org/package/npm-check-updates

$ npm install -g npm-check-updates
$ ncu -u
$ npm install 
csdnceshi52
妄徒之命 useless package, updating only part of packages with ncu -a, not updating package.json also.
2 年多之前 回复
csdnceshi62
csdnceshi62 I didn't try the steps above with save-prefix options.
接近 3 年之前 回复
csdnceshi62
csdnceshi62 This worked for me with any version of NPM: 1) Delete node_modules, 2) ncu -a, 3) npm install. @Lukas Liesis, if you first delete your NPM cache: npm cache clean <path_to_npmcache_your_local_module> or npm cache --force (for the whole cache) and specify the file path instead of * ("bar": "file:../foo/bar"), then I think that should work.
接近 3 年之前 回复
csdnceshi57
perhaps? Didn't work for private packages. All packages still have * instead of version. Tried to remove node_modules
接近 3 年之前 回复
weixin_41568174
from.. BAD: it doesn't respect semver settings in ~/.npmrc!!! I have save-prefix=~ but it bumped me from convict ~1.5.0 → ~2.0.0 -- that's not what I have set in npmrc.
3 年多之前 回复
csdnceshi79
python小菜 Yes if you didn't install before. Otherwise use npm update. ncu just updates package.json. It doesn't install or update 'node_modules'.
接近 5 年之前 回复
csdnceshi56
lrony* would you also have to run npm install after the package.json file is updated?
接近 5 年之前 回复
csdnceshi79
python小菜 $ ncu //checking for updates. $ ncu -a //updating package.json
接近 5 年之前 回复
weixin_41568127
?yb? i assume you fellows are pushing [HARD] to get this into the core npm?
5 年多之前 回复
csdnceshi68
local-host I am now a collaborator on npm-check-updates and can wholeheartedly endorse it.
接近 6 年之前 回复
csdnceshi67
bug^君 Should be part of npm natively, fully agree. However, it is not and this solution comes in like a breeze. Thank you.
6 年多之前 回复
csdnceshi77
狐狸.fox This should be available natively through npm command itself, indeed best solution so far to update the dependencies.
6 年多之前 回复

This is what I did to update all the dependencies in package.json to latest:

npm install -g npm-check-updates
ncu -u --packageFile package.json 

To see which packages have newer versions available, then use the following command:

npm outdated

to update just one dependency just use the following command:

npm install yourPackage@latest --save

For example:

My package.json file has dependency:

"@progress/kendo-angular-dateinputs": "^1.3.1",

then I should write:

npm install @progress/kendo-angular-dateinputs@latest --save
csdnceshi59
ℙℕℤℝ Nice but it looks like that --save (or --save-dev) is not mandatory for update.
大约 2 年之前 回复

I use npm-check to archive this.

npm i -g npm npm-check
npm-check -ug #to update globals
npm-check -u #to update locals

enter image description here

Another useful command list which will keep exact version numbers in package.json

npm cache clean
rm -rf node_modules/
npm i -g npm npm-check-updates
ncu -g #update globals
ncu -ua #update locals
npm i

Try following command if you using npm 5 and node 8

npm update --save

csdnceshi76
斗士狗 The update command does not seem to bump dependencies beyond the original definition. If package.json declares "1.2.3" exactly you won't get 1.2.4. That can be good or bad :)
2 年多之前 回复

This works as of npm 1.3.15.

"dependencies": {
  "foo": "latest"
}
weixin_41568174
from.. I like using this along with npm shrinkwrap to freeze deps.
大约 6 年之前 回复
csdnceshi71
Memor.の You can always freeze deps on prod. Theres a command for that. -2 sounds ok.
6 年多之前 回复
csdnceshi60
℡Wang Yan Good to know. My guess is that this would generally be a bad practice on any production site because it will update to potentially backwards-incompatible versions automatically. The '~2' syntax locks you into a given major version number, which following semver will be backwards compatible.
6 年多之前 回复
  1. Use * as the version for the latest releases, including unstable
  2. Use latest as version definition for the latest stable version
  3. Modify the package.json with exactly the latest stable version number using LatestStablePackages

Here is an example:

"dependencies": {
        "express": "latest"  // using the latest STABLE version
    ,   "node-gyp": "latest"    
    ,   "jade": "latest"
    ,   "mongoose": "*" // using the newest version, may involve the unstable releases
    ,   "cookie-parser": "latest"
    ,   "express-session": "latest"
    ,   "body-parser": "latest"
    ,   "nodemailer":"latest"
    ,   "validator": "latest"
    ,   "bcrypt": "latest"
    ,   "formidable": "latest"
    ,   "path": "latest"
    ,   "fs-extra": "latest"
    ,   "moment": "latest"
    ,   "express-device": "latest"
},
csdnceshi73
喵-见缝插针 This is the best answer.
大约 2 年之前 回复
weixin_41568184
叼花硬汉 And don't forget npm update --save
3 年多之前 回复
csdnceshi58
Didn"t forge This is the better approach than * one. Thanks
大约 5 年之前 回复
共30条数据 1 3 尾页
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问
相关内容推荐