I would like a way to upgrade a specific package version while changing the fewest packages in node_modules. I think this is what npm audit --fix already does, but it only updates packages with vulnerabilities reported by the registry.

Could npm expose the audit fix engine? Something like npm update --ban [email protected] <1.2.3

• If all the direct dependencies on example can be satisfied by a version >=1.2.3, then only example would be upgrade.
• If a package depends on a range that is a subset or a downgrade of 1.0.0 < 1.2.3, but that package can be upgraded while preserving all requirements on it, then example and that package would be upgraded.
• ect.

I agree that it's best to update all dependencies, but I help maintain legacy packages, or contribute fixes to other peoples packages that may not agree. It can be useful to make targeted upgrades that introduce fewer breaking changes.