I copied package.json from another project and now want to bump all of the dependencies to their latest versions since this is a fresh project and I don't mind fixing something if it breaks.
What's the easiest way to do this?
The best way I know of now is to run npm info express version then update package.json manually for each one. There must be a better way.
{
"name": "myproject",
"description": "my node project",
"version": "1.0.0",
"engines": {
"node": "0.8.4",
"npm": "1.1.65"
},
"private": true,
"dependencies": {
"express": "~3.0.3", // how do I get these bumped to latest?
"mongodb": "~1.2.5",
"underscore": "~1.4.2",
"rjs": "~2.9.0",
"jade": "~0.27.2",
"async": "~0.1.22"
}
}
Edit 12/1/14: I am now a collaborator on npm-check-updates, which is a great solution to this problem.
Edit 8/9/15: I have been actively maintaining npm-check-updates for the last 8 months. v2 was released just a few weeks ago, containing a simplified output and many bug fixes and new options. Enjoy.
Simply change every dependency's version to *, then run npm update --save.
"dependencies": {
"express": "*",
"mongodb": "*",
"underscore": "*",
"rjs": "*",
"jade": "*",
"async": "*"
}
After:
"dependencies": {
"express": "~3.2.0",
"mongodb": "~1.2.14",
"underscore": "~1.4.4",
"rjs": "~2.10.0",
"jade": "~0.29.0",
"async": "~0.2.7"
}
Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.
On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.
To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.
npm-check-updates is a utility that automatically adjusts a package.json with the
latest version of all dependencies
see https://www.npmjs.org/package/npm-check-updates
$ npm install -g npm-check-updates
$ npm-check-updates -u
$ npm install
To update one dependency to its lastest version without having to manually open the package.json and change it, you can run
npm install {package-name}@* {save flags?}
i.e.
npm install express@* --save
For reference, npm-install
PS: I also hate having to manually edit package.json for things like that ;)
This works as of npm 1.3.15.
"dependencies": {
"foo": "latest"
}
The only caveat I have found with the best answer above is that it updates the modules to the latest version. This means it could update to an unstable alpha build.
I would use that npm-check-updates utility. My group used this tool and it worked effectively by installing the stable updates.
As Etienne stated above: install and run with this:
$ npm install -g npm-check-updates
$ npm-check-updates -u
$ npm install
I recently had to update several projects that were using npm and package.json for their gruntfile.js magic. The following bash command (multiline command) worked well for me:
npm outdated --json --depth=0 | \
jq --ascii-output --monochrome-output '. | keys | .[]' | \
xargs npm install $1 --save-dev
The idea here:
To pipe the npm outdated output as json, to jq
(jq is a json command line parser/query tool)
(notice the use of --depth argument for npm outdated)
jq will strip the output down to just the top level package name only.
finally xargs puts each LIBRARYNAME one at a time into a npm install LIBRARYNAME --save-dev command
The above is what worked for me on a machine runnning: node=v0.11.10 osx=10.9.2 npm=1.3.24
this required:
xargs http://en.wikipedia.org/wiki/Xargs (native to my machine I believe)
and
jq http://stedolan.github.io/jq/ (I installed it with brew install jq)
Note: I only save the updated libraries to package.json inside of the json key devDependancies by using --save-dev, that was a requirement of my projects, quite possible not yours.
Afterward I check that everything is gravy with a simple
npm outdated --depth=0
Also, you can check the current toplevel installed library versions with
npm list --depth=0
* as version definition for the latest version including unstable oneslatest as version definition for the latest stable versionLatestStablePackagesHere is an example:
"dependencies": {
"express": "latest" // using the latest STABLE version
, "node-gyp": "latest"
, "jade": "latest"
, "mongoose": "*" // using the newest version, may involve the unstable one
, "cookie-parser": "latest"
, "express-session": "latest"
, "body-parser": "latest"
, "nodemailer":"latest"
, "validator": "latest"
, "bcrypt": "latest"
, "formidable": "latest"
, "path": "latest"
, "fs-extra": "latest"
, "moment": "latest"
, "express-device": "latest"
},
The above commands are unsafe because you might break your module when switching versions. Instead I recommend the following
npm shrinkwrap command.npm install -g next-update // from your package next-update
npm shrinkwrapFor the curious who make it this far, here is what I recommend:
$ npm install -g npm-check-updates
$ npm-check-updates
$ npm-check-updates -u
$ rm -rf node_modules
$ npm install
npm shrinkwrap$ rm npm-shrinkwrap.json
$ npm shrinkwrap
Now, when someone does a npm install on your project, they will always have the exact same packages as when you ran npm shrinkwrap.
If you're working in Visual Studio -
If you created the package.json file through Visual Studio, npm will not update your dependencies because of the file format.
problem: Creating a file in Visual Studio will use "Encode in UTF-8".
solution: Create the file in Notepad++, or some other editing app, and choose "Encode in ANSI" for the Encoding. In Notepad++ --> Select 'Encoding' from the menu --> Select 'Encode in ANSI'. Once the file is created, go into VS and 'Add Existing File' to your project. It should now work as desired.
Here's where I found the info:
http://racingcow.wordpress.com/2012/10/
Alternative is
"dependencies":{
"foo" : ">=1.4.5"
}
everytime you use npm update , it automatically update to the latest version. For more version syntax, you may check here: https://www.npmjs.org/doc/misc/semver.html