npm check and update package if needed
We need to integrate Karma test runner into TeamCity and for that I'd like to give sys-engineers small script (powershell or whatever) that would:
pick up desired version number from some config file (I guess I can put it as a comment right in the karma.conf.js) check if the defined version of karma runner installed in npm's global repo if it's not, or the installed version is older than desired: pick up and install right version run it: karma start .\Scripts-Tests\karma.conf.js --reporters teamcity --single-run
So my real question is: "how can one check in a script, if desired version of package installed?". Should you do the check, or it's safe to just call npm -g install everytime?
I don't want to always check and install the latest available version, because other config values may become incompatible
To check if any module in a project is 'old':
npm outdated
'outdated' will check every module defined in package.json and see if there is a newer version in the NPM registry.
For example, say xml2js 0.2.6 (located in node_modules in the current project) is outdated because a newer version exists (0.2.7). You would see:
xml2js@0.2.7 node_modules/xml2js current=0.2.6
To update all dependencies, if you are confident this is desirable:
npm update
Or, to update a single dependency such as xml2js:
npm update xml2js
To update package.json version numbers, append the --save flag:
npm update --save
npm outdated will identify packages that should be updated, and npm update <package name> can be used to update each package. But prior to npm@5.0.0, npm update <package name> will not update the versions in your package.json which is an issue.
The best workflow is to:
Identify out of date packages Update the versions in your package.json Run npm update to install the latest versions of each package
Check out npm-check-updates to help with this workflow.
Install npm-check-updates
Run npm-check-updates to list what packages are out of date (basically the same thing as running npm outdated)
Run npm-check-updates -u to update all the versions in your package.json (this is the magic sauce)
Run npm update as usual to install the new versions of your packages based on the updated package.json
npm outdated will show ALL packages.. even inside other packages.. but those won't get updated with this procedure so they will always appear.. so just use npm-check-updates (as you actually recommended) which only shows main packages from package.json ... this is relevant
npm install --all-outdated but it isn't...
npm update --save package_name to save the latest change to package.json.
npm update vs npm-check-updates?
There is also a "fresh" module called npm-check:
npm-check Check for outdated, incorrect, and unused dependencies.
https://i.stack.imgur.com/InFAV.png
It also provides a convenient interactive way to update the dependencies with npm-check -u.
One easy step:
$ npm i -g npm-check-updates && ncu -u && npm i
That is all. All of the package versions in package.json will be the latest major versions.
Edit:
What is happening here?
Installing a package that checks updates for you. Use this package to update all package versions in your package.json (-u is short for --updateAll). Install all of the new versions of the packages.
ncu stands for node-check-updates and -a is the 'upgradeAll' option. Find all options here: npmjs.com/package/npm-check-updates
npx -p npm-check-updates ncu -u
npm-check-updates makes major updates, according to semver, which might have breaking changes. Use it carefully: stackoverflow.com/a/48917961/1243247
To update a single local package: First find out your outdated packages: npm outdated Then update the package or packages that you want manually as: npm update --save package_name
First find out your outdated packages: npm outdated
Then update the package or packages that you want manually as: npm update --save package_name
This way it is not necessary to update your local package.json file.
Note that this will update your package to the latest version.
If you write some version in your package.json file and do: npm update package_name In this case you will get just the next stable version (wanted) regarding the version that you wrote in your package.json file.
And with npm list (package_name) you can find out the current version of your local packages.
You can try either of these options:
Check outdated packages npm outdated Check and pick packages to update npx npm-check -u
npm-check is awesome, thanks for sharing!
No additional packages, to just check outdated and update those which are, this command will do:
npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)
NPM commands to update or fix vulnerabilities in some dependency manifest files
Use below command to check outdated or vulnerabilities in your node modules. npm audit
If any vulnerabilities found, use below command to fix all issues. npm audit fix
If it doesn't work for you then try npm audit fix -f, this command will almost fix all vulnerabilities. Some dependencies or devDependencies are locked in package-lock.json file, so we use -f flag to force update them.
If you don't want to use force audit fix then you can manually fix your dependencies versions by changing them in package-lock.json and package.json file. Then run
npm update && npm upgrade
npm audit fix --force. Now I have more vulnerabilities than before. I can run it again, but it will not change. Now what?
When installing npm packages (both globally or locally) you can define a specific version by using the @version syntax to define a version to be installed.
In other words, doing: npm install -g karma@0.9.2 will ensure that only 0.9.2 is installed and won't reinstall if it already exists.
As a word of a advice, I would suggest avoiding global npm installs wherever you can. Many people don't realize that if a dependency defines a bin file, it gets installed to ./node_modules/.bin/. Often, its very easy to use that local version of an installed module that is defined in your package.json. In fact, npm scripts will add the ./node_modules/.bin onto your path.
As an example, here is a package.json that, when I run npm install && npm test will install the version of karma defined in my package.json, and use that version of karma (installed at node_modules/.bin/karma) when running the test script:
{
"name": "myApp",
"main": "app.js",
"scripts": {
"test": "karma test/*",
},
"dependencies": {...},
"devDependencies": {
"karma": "0.9.2"
}
}
This gives you the benefit of your package.json defining the version of karma to use and not having to keep that config globally on your CI box.
test script? Can you please give me a clue how you install it with a script.
npm test. npm docs are pretty good here: npmjs.org/doc/scripts.html
As of npm@5.0.0+ you can simply do:
npm update <package name>
This will automatically update the package.json file. We don't have to update the latest version manually and then use npm update <package name>
You can still get the old behavior using
npm update --no-save
npm@7.21.1 and it is not automatically updating my package.json. Running npm update <package name> --save did not help either!
A different approach would be to first uprade the package.json file using,
ncu -u
https://i.stack.imgur.com/mH2f1.png
npm install
to update all the packages to the latest version. ps: It will update all the packages to the latest version however if the package is already up to date that package will not be affected at all.
3 simple steps you can use for update all outdated packages
First, check the packages which are outdated
sudo npm i -g npm-check-updates
Second, put all of them in ready
ncu -u
Results in Terminal will be like this:
https://i.stack.imgur.com/3ySIe.png
Third, just update all of them.
npm install
That's it.
Just do this to update everything to the latest version - npx npm-check-updates -u
Note - You'll be prompted to install npm-check-updates. Press y and enter.
Now run npm i. You're good to go.
To really update just one package install NCU and then run it just for that package. This will bump to the real latest.
npm install -g npm-check-updates
ncu -f your-intended-package-name -u
One more for bash:
npm outdated -parseable|cut -d: -f5|xargs -L1 npm i
I'm just interested in updating the outdated packages using the semantic versioning rules in my package.json.
Here's a one-liner that takes care of that
npm update `npm outdated | awk '{print $1}' | tr '\n' ' '`
What it does:
takes the output from npm outdated and pipes that into awk where we're grabbing just the name of the package (in column 1) then we're using tr to convert newline characters into spaces finally -- using backticks -- we're using the output of the preceding steps as arguments to npm update so we get all our needed updates in one shot.
One would think that there's a way to do this using npm alone, but it wasn't here when I looked, so I'm just dropping this here in case it's helpful to anyone 😀.
** I believe there's an answer that MikeMajara provides here that does something similar, but it's appending @latest to the updated package name, which I'm not really interested in as a part of my regularly scheduled updates.
If you want to upgrade a package to the latest release, (major, minor and patch), append the @latest keyword to the end of the package name, ex:
npm i express-mongo-sanitize@latest
this will update express-mongo-sanitize from version 1.2.1 for example to version 2.2.0.
If you want to know which packages are outdated and which can be updated, use the npm outdated command
ex:
$ npm outdated
Package Current Wanted Latest Location Depended by
express-rate-limit 3.5.3 3.5.3 6.4.0 node_modules/express-rate-limit apiv2
helmet 3.23.3 3.23.3 5.1.0 node_modules/helmet apiv2
request-ip 2.2.0 2.2.0 3.3.0 node_modules/request-ip apiv2
validator 10.11.0 10.11.0 13.7.0 node_modules/validator apiv2
Follow WeChat
Success story sharing
Want to stay one step ahead of the latest teleworks?
Subscribe Now相似问题
- How can I update NodeJS and NPM to their latest versions?
- Find the version of an installed npm package
- How can I uninstall npm modules in Node.js?
- How to install a previous exact version of a NPM package?
- How to update each dependency in package.json to the latest version?
- What is the difference between Bower and npm?
- What's the difference between dependencies, devDependencies and peerDependencies in npm package.json file?
- What is the --save option for npm install?
- What's the difference between tilde(~) and caret(^) in package.json?
- Do I commit the package-lock.json file created by npm 5?
npm updateespecially withnpm update -g... it does not what most peaole expect it to do! See: github.com/npm/npm/issues/6247 and gist.github.com/othiym23/4ac31155da23962afd0enpm -g updateis safe to use again. github.com/npm/npm/issues/6247#issuecomment-92182814As of npm@5.0.0, 'npm update' will change package.json to save the new version as the minimum required dependencydocs.npmjs.com/cli/update.htmlnpm updateon my npm 5.6.0 and it broke all code; luckily I backed up my files before doing that