npm check and update package if needed
node.jsTeamcityNpmKarma Runnernode.js Problem Overview
We need to integrate Karma test runner into TeamCity and for that I'd like to give sys-engineers small script (powershell or whatever) that would:
-
pick up desired version number from some config file (I guess I can put it as a comment right in the
karma.conf.js
) -
check if the defined version of karma runner installed in npm's global repo
-
if it's not, or the installed version is older than desired: pick up and install right version
-
run it:
karma start .\Scripts-Tests\karma.conf.js --reporters teamcity --single-run
So my real question is: "how can one check in a script, if desired version of package installed?". Should you do the check, or it's safe to just call npm -g install
everytime?
I don't want to always check and install the latest available version, because other config values may become incompatible
node.js Solutions
Solution 1 - node.js
To check if any module in a project is 'old':
npm outdated
'outdated' will check every module defined in package.json
and see if there is a newer version in the NPM registry.
For example, say xml2js 0.2.6
(located in node_modules
in the current project) is outdated because a newer version exists (0.2.7). You would see:
[email protected] node_modules/xml2js current=0.2.6
To update all dependencies, if you are confident this is desirable:
npm update
Or, to update a single dependency such as xml2js
:
npm update xml2js
To update package.json
version numbers, append the --save
flag:
npm update --save
Solution 2 - node.js
npm outdated
will identify packages that should be updated, and npm update <package name>
can be used to update each package. But prior to [email protected], npm update <package name>
will not update the versions in your package.json which is an issue.
The best workflow is to:
- Identify out of date packages
- Update the versions in your package.json
- Run
npm update
to install the latest versions of each package
Check out npm-check-updates
to help with this workflow.
- Install npm-check-updates
- Run
npm-check-updates
to list what packages are out of date (basically the same thing as runningnpm outdated
) - Run
npm-check-updates -u
to update all the versions in your package.json (this is the magic sauce) - Run
npm update
as usual to install the new versions of your packages based on the updated package.json
Solution 3 - node.js
There is also a "fresh" module called npm-check
:
> npm-check > > Check for outdated, incorrect, and unused dependencies.
It also provides a convenient interactive way to update the dependencies with npm-check -u
.
Solution 4 - node.js
One easy step:
$ npm i -g npm-check-updates && ncu -u && npm i
That is all. All of the package versions in package.json
will be the latest major versions.
Edit:
What is happening here?
>1. Installing a package that checks updates for you.
>
>2. Use this package to update all package versions in your package.json
(-u is short for --updateAll).
>
>3. Install all of the new versions of the packages.
Solution 5 - node.js
-
To update a single local package:
-
First find out your outdated packages:
npm outdated
-
Then update the package or packages that you want manually as:
npm update --save package_name
-
This way it is not necessary to update your local package.json
file.
Note that this will update your package to the latest version.
-
If you write some version in your
package.json
file and do:`npm update package_name`
In this case you will get just the next stable version (wanted) regarding the version that you wrote in your
package.json
file.
And with npm list (package_name)
you can find out the current version of your local packages.
Solution 6 - node.js
You can try either of these options:
Solution 7 - node.js
No additional packages, to just check outdated and update those which are, this command will do:
npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)
Solution 8 - node.js
#NPM commands to update or fix vulnerabilities in some dependency manifest files
-
Use below command to check outdated or vulnerabilities in your node modules. >
npm audit
-
If any vulnerabilities found, use below command to fix all issues. >
npm audit fix
-
If it doesn't work for you then try >
npm audit fix -f
, this command will almost fix all vulnerabilities. Some dependencies or devDependencies are locked in package-lock.json file, so we use-f
flag to force update them. -
If you don't want to use force audit fix then you can manually fix your dependencies versions by changing them in package-lock.json and package.json file. Then run
npm update && npm upgrade
Solution 9 - node.js
When installing npm packages (both globally or locally) you can define a specific version by using the @version
syntax to define a version to be installed.
In other words, doing:
npm install -g [email protected]
will ensure that only 0.9.2 is installed and won't reinstall if it already exists.
As a word of a advice, I would suggest avoiding global npm installs wherever you can. Many people don't realize that if a dependency defines a bin file, it gets installed to ./node_modules/.bin/. Often, its very easy to use that local version of an installed module that is defined in your package.json. In fact, npm scripts will add the ./node_modules/.bin onto your path.
As an example, here is a package.json that, when I run npm install && npm test
will install the version of karma defined in my package.json, and use that version of karma (installed at node_modules/.bin/karma) when running the test
script:
{
"name": "myApp",
"main": "app.js",
"scripts": {
"test": "karma test/*",
},
"dependencies": {...},
"devDependencies": {
"karma": "0.9.2"
}
}
This gives you the benefit of your package.json defining the version of karma to use and not having to keep that config globally on your CI box.
Solution 10 - node.js
As of [email protected]+ you can simply do:
npm update <package name>
This will automatically update the package.json
file. We don't have to update the latest version manually and then use npm update <package name>
You can still get the old behavior using
npm update --no-save
Solution 11 - node.js
A different approach would be to first uprade the package.json file using,
ncu -u
npm install
to update all the packages to the latest version. ps: It will update all the packages to the latest version however if the package is already up to date that package will not be affected at all.
Solution 12 - node.js
Just do this to update everything to the latest version -
npx npm-check-updates -u
Note - You'll be prompted to install npm-check-updates
. Press y
and enter.
Now run npm i
. You're good to go.
Solution 13 - node.js
To really update just one package install NCU and then run it just for that package. This will bump to the real latest.
npm install -g npm-check-updates
ncu -f your-intended-package-name -u
Solution 14 - node.js
3 simple steps you can use for update all outdated packages
First, check the packages which are outdated
sudo npm i -g npm-check-updates
Second, put all of them in ready
ncu -u
Results in Terminal will be like this:
Third, just update all of them.
npm install
That's it.
Solution 15 - node.js
One more for bash:
npm outdated -parseable|cut -d: -f5|xargs -L1 npm i
Solution 16 - node.js
I'm just interested in updating the outdated packages using the semantic versioning rules in my package.json
.
Here's a one-liner that takes care of that
npm update `npm outdated | awk '{print $1}' | tr '\n' ' '`
What it does:
- takes the output from
npm outdated
and - pipes that into
awk
where we're grabbing just the name of the package (in column 1) - then we're using
tr
to convert newline characters into spaces - finally -- using backticks -- we're using the output of the preceding steps as arguments to
npm update
so we get all our needed updates in one shot.
One would think that there's a way to do this using npm
alone, but it wasn't here when I looked, so I'm just dropping this here in case it's helpful to anyone .
** I believe there's an answer that MikeMajara provides here that does something similar, but it's appending @latest
to the updated package name, which I'm not really interested in as a part of my regularly scheduled updates.