Update NPM Packages
A few months ago, I began using Node.js to compile my WordPress themes. Today, GitHub began warning me about security vulnerabilities in one of my projects. Whenever I do something for the first time, I document it. Here’s how to update NPM Packages.
I’m pretty new to GitHub and even newer to Node.js. Today was the first time I’d seen a GitHub security warning in a repository. Clicking through to an individual alert makes it clear I need to update my Node.js packages.
Like all of my notes-to-self, I’m writing this in real-time … here I go 🙂
Before making any changes, always create a backup – I’ve pushed the project to its repository and am ready to try this locally in VS Code.
npm audit & npm audit fix
When you’re really new to something, even figuring out what to Google can be a challenge. Before setting out, I consider what I do know …
- I know I’ve got packages installed globally and locally.
- I know I’ve got a
package-lock.jsonwhere package versions are managed.
- I know I’ve been prompted to run
npm audit fixafter installing some packages and that this relates to security vulnerabilities – the problem I’m being warned about.
- I’m willing to bet money there’s at least 3 ways to go about this 🙂
I decide to start with that 3rd point and run
npm audit and
npm audit fix.
npm outdated & npm update
At this point I’m not sure everything’s been updated – in fact, I’m pretty sure it hasn’t been. Google suggests
npm outdated to check and
npm update to update all or individual packages.
npm update, I look at
package-lock.json and see the new versions numbers in both.
But it’s clear that something still needs to happen with the
del-cli package – it’s shown in a different color in
npm outdated and it’s not listed at all in
A bit more Googling and I find the reason –
npm update only handles minor versions and patches. Major versions are a separate process because these, by definition, may introduce breaking changes into a project.
I deal with this further down – first I try
npm update -g to see if any global packages need updating … turns out some do.
Major Version: Manual Update
At this point I’m pretty sure everything except the
del-cli package has been updated. Looking in
package-lock.json, I see this package listed in my
npm uninstall del-cli --save-dev
npm install del-cli --save-dev
The shorthand for these commands is:
npm install del-cli@latest --save-dev
While this is an easy way to update a package or two, what if I had several, or even dozens, of packages to update?
Major Versions: npm-check-updates
I decide to try
npm-check-updates because it appears better maintained. The following screenshot shows running these commands:
npm install -g npm-check-updates to install the package.
ncu to check for updates.
ncu -u to update
npm install to update
At this point I think everything’s been updated, but I’m not exactly sure how to test that.
So I start with
npm audit and
npm outdated – I see no vulnerabilities or updates.
Next I test my scripts – the project compiles without errors.
Last, I commit the changes, push the project to GitHub, and check for the security warnings that started this journey – they’ve been resolved.
I’m as assured as I can be that everything’s been updated, but a little more Googling and I’m finding some great stuff about automating updates and tests … Since this is a simple project, I’m gonna stop here 🙂
I always include a ‘quick-grab’ in my notes. To update all NPM packages – local, global, major, minor, and patches, use these commands:
npm audit – Review security vulnerabilities.
npm outdated – See all packages with available updates.
npm update – Perform minor and patch updates on local packages.
npm update -g – Perform minor and patch updates on global packages.
npm install -g npm-check-updates – Install the
ncu – In this example, check for major version updates.
ncu -u – Update
package.json version numbers.
npm install – Install updates and update
I document this kind of stuff for my own benefit – 3 months from now I won’t remember what I did 😛 If you’ve made it this far, thanks and I hope it’s helped you in some way!