GitHub Community
This shows:
\n- \n
- \n
Current: version installed in node_modules
\n \n - \n
Wanted: latest version that matches the semver in package.json
\n \n - \n
Latest: newest version available on the registry (even if outside your defined semver range)
\n \n
\n\nUse this to understand which updates are safe vs potentially breaking.
\n
2. Audit for Vulnerabilities
\nnpm audit- \n
- \n
This checks for known vulnerabilities in installed packages and gives recommendations.
\n \n - \n
To apply safe fixes (minor/patch):
\n \n
npm audit fix- \n
- For force-upgrades (may introduce breaking changes): \n
npm audit fix --force3. Upgrade All Packages Safely
\nInstall npm-check-updates (ncu):
\nnpm install -g npm-check-updatesCheck what can be upgraded:
\nncuUpdate your package.json with latest versions:
\nncu -uThen install them:
\nnpm install\n\n✅ ncu updates your package.json directly, unlike npm update which only changes package-lock.json and node_modules.
\n
4. Handle Peer Dependencies Carefully
\nRun:
\nnpm lsCheck for unmet peer dependencies or version mismatches.
\n- \n
- \n
Use npm info to investigate compatible versions.
\n \n - \n
Sometimes, upgrading one package (e.g., React) requires adjusting several peer packages.
\n \n
5. Test Before Committing
\nAfter updating:
\n- \n
- \n
Run all unit/integration tests.
\n \n - \n
Check app startup and build commands.
\n \n - \n
Use
\ngit diffto inspect package-lock.json for unwanted changes. \n
Summary Table
\n| Task | \nCommand | \n
|---|---|
| List outdated packages | \nnpm outdated | \n
| Run security audit | \nnpm audit | \n
| Fix safe issues | \nnpm audit fix | \n
| Force fix (may break things) | \nnpm audit fix --force | \n
| View upgradeable packages | \nncu | \n
Update package.json versions | \nncu -u | \n
| Install updated packages | \nnpm install | \n
| Check full dependency tree | \nnpm ls | \n
Safest and most reliable workflow? #160273
-
|
What is the safest and most reliable workflow to audit, check, and update all dependencies (including nested, peer, and devDependencies) in an npm project, while avoiding breaking changes, and how do tools like |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
🛠️ Step-by-Step Update Workflow:1. Check for Outdated PackagesRun: npm outdatedThis shows:
2. Audit for Vulnerabilitiesnpm audit
npm audit fix
npm audit fix --force3. Upgrade All Packages SafelyInstall npm-check-updates (ncu): npm install -g npm-check-updatesCheck what can be upgraded: ncuUpdate your package.json with latest versions: ncu -uThen install them: npm install
4. Handle Peer Dependencies CarefullyRun: npm lsCheck for unmet peer dependencies or version mismatches.
5. Test Before CommittingAfter updating:
Summary Table
|
Beta Was this translation helpful? Give feedback.
-
|
This is gold 🙌 Thanks a lot for breaking it down so clearly — really appreciate the tips and the commands table! |
Beta Was this translation helpful? Give feedback.
-
|
Is there a good alternative to Would prefer something that works well with large monorepos too. |
Beta Was this translation helpful? Give feedback.
-
|
If you want something CI-friendly, stick with Hope this helps! |
Beta Was this translation helpful? Give feedback.
-
|
Thanks! |
Beta Was this translation helpful? Give feedback.
🛠️ Step-by-Step Update Workflow:
1. Check for Outdated Packages
Run:
This shows:
Current: version installed in node_modules
Wanted: latest version that matches the semver in package.json
Latest: newest version available on the registry (even if outside your defined semver range)
2. Audit for Vulnerabilities
This checks for known vulnerabilities in installed packages and gives recommendations.
To apply safe fixes (minor/patch):
3. Upgrade All Packages Safely
Install npm-check-updates (ncu):