npm update | how it works

npm update update packages to their latest stable versions.

npm update also installs missing packages.

npm update respects semvar. This means if the latest version of dep1 is 1.3.0 but your package.json specifies "dep1" : "~1.2.3" you wont get the latest version. Instead, npm will install the latest version of dep1 that also satisfies semvar (if there is one).

npm update (no arguments)

If no packages are specified, npm update will update every (non-dev) dependency listed in package.json...

npm update

npm update devDependencies

Just like npm install, if the --save-dev flag is specified, npm update will update devDependencies as well...

npm update --save-dev
npm update --dev

Both --save-dev and --dev do the same thing.

npm update (with arguments)

If packages are specified then only those packages will be updated...

npm update express

npm update to specific version

If you want to update a package to specific version, use npm install with the specified @version tag instead...

npm install express@4.8.2 --save

Using the --save flag is important for updating the package.json.

For more information on updating packages to a specific version, see npm install | how it works.

npm update with --global

npm update will update packages globally if the global flag is specified...

npm update --global
npm update express --g

Both --global and -g do the same thing. Also notice how the --global flag works with both individual package arguments and no arguments. If no package arguments are specified, all global packages will be updated.

npm update package-lock.json

Any changes to the node_modules tree or package.json will automatically generate a package-lock.json file.

As of npm@5.0.0, the package.json file is updated when running npm update. This means npm update will update the package-lock.json file automatically with any corresponding updates to package.json.

npm update not working?

Remember that updates have to be available for a package that also respect your semvar definitions for npm update to do anything. A common mistake is to run npm update and think things are broken because nothing changes.

If you don't see npm update working, be sure to verify that an updated package exists that also satisfies your semvar specification for that package.

Your thoughts?