Command "npm update" vs package "npm-check-updates"
What is the difference between the command npm update and the package npm-check-updates? Is it fully safe to use the latter?
It seems after executing npm update not all packages are updated, thus it seem it is incomplete. Many other popular SO answers refer to use first the prior command and then the latter, but I still do not understand what the latter does that the prior does not.
A bit late to the party but I felt like the previously accepted answer is outdated and slightly lacking.
What npm Offers
npm update - updates the dependencies both in package.json and package-lock.json in accordance to the semantic version rules defined in package.json.
Key features of npm update:
- It will never update to a breaking version.
- (npm@7 and above) You can choose to update only the
package.jsonfile withnpm update --package-lock false. However, this flag will completely ignorepackage-lock.jsonand hence automatic pruning of extraneous modules will also be disabled. - (npm@7 and above) You can see the changes
npm updatewill perform with the flag--dry-run, without actually updating.
npm outdated - shows all the packages that have newer versions available, this includes breaking changes.
It prints a table that includes the package, the current version, the wanted version - according to the semver rules in the package.json - the latest version and the location of the package.
What npm-check-updates Offers
Running ncu without any flags will print a list of all the outdated packages and the version to which it would update, but will not apply any changes.
ncu --update - apply changes to the package.json file only. It will change the versions of all the dependencies in package.json to the latest (even if it's a breaking version!), but will not modify the package-lock.json file. For that, you will need to run npm install.
ncu --target [patch, minor, latest, newest, greatest] - choose which type of version to list/update.
npm vs. ncu
| Feature | npm | ncu |
|---|---|---|
| Show Outdated Packages | npm outdated - shows wanted & latest versions |
ncu - shows latest by default, can be customised |
| Update Packages | npm update |
ncu -u |
| Breaking Versions | Never updates to a breaking version, but shows them in npm outdated |
Updates to and shows breaking version by default, can be customised |
package.json SemVer Rules |
npm outdated shows the "wanted" version according to SemVer rules, updates to "wanted" version |
Disregards SemVer rules (unless explicitly specified), can be customised to update to different types of versions |
| Files Modified | Modifies package.json and package-lock.json and installs the updated modules |
Modifies package.json, doesn't change package-lock.json and doesn't automatically install |
| Customisation | Can ignore package-lock.json (npm@7) and choose which packages to update |
Can choose what kind of version to update to (minor, patch, latest, greatest, newest) and which packages to update |
- How to update package.json to latest version of each package?
- "Error: error:0308010C:digital envelope routines::unsupported" Node version error
- React: create-react-app creates a "problem-filled" project
- Unable to fix npm vulnerabilities
- What is the difference between ng update and npm update?
- Command "npm update" vs package "npm-check-updates"
- I don't know what 'npm update' means
- Error: Local workspace file ('angular.json') could not be found when upgraded to Angular 6
- Angular NPM - No matching version found for mime@1.6.0
- Difference between `npm update` and `remove package-lock.json` plus `npm install`?
- git new branch without npm update Angular 10
- npm WARN saveError EPERM: operation not permitted, rename 'C:\...\package.json.3542172463' -> 'C:\...\package.json'
- How to do `npm update` without modifying package.json?
- NPM crashes when I try to update a package with --depth 21
- Which package versions can I use in Firebase?
- Angular 6 updating outdated dependencies in package.json
- npm version mismatchs command line vs control panel
- How to fix Npm missing peer dependency
- How do I npm update dependency versions in the package-lock.json?
- Angular | Chunk asset optimisation
- npm - Semver versioning - Updating a package with a caret "^"
- Angular new project creation through ng new command is creating package.json with old versions
- Update intermediary npm dependencies with package-lock.json
- npm update is not honoring the results of npm outdated
- Reverting to Previous Version of Package.json When a Dependency Bug Arises