Update NPM packages for frontend projects with npm-check-updates

Update NPM packages for frontend projects with npm-check-updates

Frontend libraries progress very rapidly. After just one month, a project can see all its packages needing an upgrade. Today how we can achieve that in ways:

  1. install vs update
  2. Using npm-check-updates

1. Install vs Update

1.1 npm install

npm install will install packages which are found in package.json but aren’t downloaded.

For example, we have a project where we installed Primeng 6.0.0 with npm install --save primeng@6.0.0. The semantic versioning rule placed in package.json is as followed:

"dependencies": {
    ... some packages,
    "primeng": "^6.0.0"
}

The ^ (caret) specifies that minor or patches upgrades are allowed for packages above 1.0.0. For 0.x.x changes, minor changes are considered major therefore only patches upgrades are allowed. Official documentation of the versioning can be found on npm site https://docs.npmjs.com/misc/semver.

If we run npm ls primeng, we will see that 6.0.0 is installed:

$ npm ls primeng
my-app@0.0.0 C:\Projects\my-app
`-- primeng@6.0.0

Now primeng@6.0.2 is out, and following the semantic, our project should be able to support it without breaking change. But running npm install will only try to install packages that aren’t installed yet therefore will skip primeng. What we need to do is to run npm update.

View latest available version

We can know that a newer version is available by hovering over the package.json dependency line in Visual studio code or we can run the following command:

$ npm view primeng version
6.0.2

npm view primeng would show the data of the package and version allows to show a single property of it.

Notes: view and show are aliases in NPM.

1.2 npm update

npm update will download the latest version of the package while honoring the versioning specified in package.json.

$ npm update               
+ primeng@6.0.2             
updated 1 package in 7.724s 

$ npm ls primeng
my-app@0.0.0 C:\Projects\my-app
`-- primeng@6.0.2

As we can see now we have installed 6.0.2. And if we look at our package.json we will see that it has changed to ^6.0.2.

Now lets step back and downgrade to 5.0.0 by modifying package.json to ^5.0.0 and running npm install.

$ npm ls primeng
my-app@0.0.0 C:\Projects\my-app
`-- primeng@5.2.7

$ npm view primeng versions                                     
[ '0.1.0',                         
  '0.2.0',                         
  ...,
  '5.2.5',
  '5.2.6',
  '5.2.7',
  '6.0.0-alpha.1',
  '6.0.0-alpha.2',
  '6.0.0-beta.1',
  '6.0.0-rc.1',
  '6.0.0',
  '6.0.1',
  '6.0.2' ]

We can see that 5.2.7 was installed which make sense since 5.2.7 is the latest allowed for ^5.0.0. Now in this case, we wouldn’t be able to bump the major, therefore we would have to install the new version of primeng by running:

npm install --save primeng@6.0.2

And we would be back to the latest version with the proper semantic rule in package.json. But the problem with that is that we had to know that a newer version was released. And if we have multiple packages, it can be difficult. For that we can use npm-check-updates.

Notes: upgrade and update are aliases in NPM.

2. Using npm-check-updates

Finding which packages to need upgrade can be difficult. In order to achieve that in a easy way, we can use npm-check-updates https://www.npmjs.com/package/npm-check-updates.
We start by installing it globally.

npm install -g npm-check-updates

This will give us access to the ncu command, next we can move to the root of the repository where the package.json file is and run ncu.

$ ncu
Using C:\Projects\my-app\package.json
[..................] \ :
 tslint  ~5.9.0  ?  ~5.11.0

The following dependency is satisfied by its declared version range, but the installed version is behind. You can install the latest version without modifying your package file by using npm update. If you want to update the dependency in your package file anyway, run ncu -a.

 primeng  ^6.0.0  ?  ^6.0.2

Run ncu with -u to upgrade package.json

For example here, tslint can’t be upgraded as the ~ (tilde) restrain to only patch updates. Therefore the version must be set manually. For primeng, we can update without changing the package.json and that is what the message tells us:

The following dependency is satisfied by its declared version range, but the installed version is behind is telling us that the constrain we have is honored and we can install the newest version 6.0.2. We have two choices from here, either upgrade all packages or just upgrade those that have a major change.
To update only the packages considered major we would do the following:

$ ncu -u
$ npm install

$ npm ls primeng
`-- primeng@6.0.0

$ npm ls tslint
`-- tslint@5.11.0

This will update tslint and install 5.11.0 while it will not change primeng. To upgrade all packages, we can run the following:

$ ncu -a
$ npm install

$ npm ls primeng
`-- primeng@6.0.2

$ npm ls tslint
`-- tslint@5.11.0

Which should be equivalent to:

$ ncu -u
$ npm install
$ npm update

And we should end up with all latest package. npm-check-updates is a great tool allowing us to upgrade all packages at once without having to know prior hand what is the current lastest release.

Conclusion

Today we saw how the upgrade of package is managed for NPM. We saw the differences between npm install and npm update and saw how we could easily manage upgrades with npm-check-updates with ncu, ncu -u and ncu -a commands. Hope you liked this post, see you next time!

Comments

Post a Comment

Popular posts from this blog

A complete SignalR with ASP Net Core example with WSS, Authentication, Nginx

SignalR with ASP Net Core SignalR is a framework from ASP NET Core allowing us to establish a two way communication between client and server. This two way communication allows the client to send messages to the server but more importantly allows the server to push messages to the client. SignalR makes use of Websocket when available else it falls back to SSE or pulling. Today we will focus on how to setup SignalR to work with WSS, Websocket secure and how we can authenticate the user requesting to connect to our SignalR hub via Webscoket. Getting started with SignalR SSL encryption for Websocket Secure WSS Websocket Authentication with Identity Server 4 SignalR behind Nginx 1. Getting started with SignalR The Hubs are the main components of SignalR. It is an abstraction of a two way communication available for both client and server. Public functions from the hub can be called from the server code and can be called from the client. The frontend NPM package @aspnet/signalr
Keep reading

Verify dotnet SDK and runtime version installed

Verify dotnet SDK and runtime version installed To check your dotnet version installed, use dotnet --info . This command will display the SDKs and runtimes installed on your system together with the path where they can be found. For example on my Windows 10 development machine, dotnet --info will yield the following: > dotnet --info .NET Core SDK (reflecting any global.json): Version: 2.1 . 301 Commit: 59524873 d6 Runtime Environment: OS Name: Windows OS Version: 10.0 . 17134 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\ 2.1 . 301 \ Host (useful for support): Version: 2.1 . 1 Commit: 6985 b9f684 .NET Core SDKs installed: 2.1 . 4 [C:\Program Files\dotnet\sdk] 2.1 . 201 [C:\Program Files\dotnet\sdk] 2.1 . 300 [C:\Program Files\dotnet\sdk] 2.1 . 301 [C:\Program Files\dotnet\sdk] .NET Core runtimes installed: Microsoft.AspNetCore.All 2.1 . 0 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.A
Keep reading

SDK-Style project and project.assets.json

SDK-Style project and project.assets.json Last week I encountered an issue with MSBuild while trying to run it from command line. The issue did not appear when using VisualStudio right click + build but only appeared when using msbuild.exe CLI directly with a clean project. Assets file 'C:\[...]\obj\project.assets.json' not found. Run a NuGet package restore to generate this file. When I first saw the error, few questions came to my mind which I will share today in 3 points: Overview of project.assets.json Slim SDK-Style project Mixing SDK-Style project and old projects Special shoutout to @enricosada who provided me with all the answers regarding the SDK-Style project. 1. Overview of project.assets.json project.assets.json lists all the dependencies of the project. It is created in the /obj folder when using dotnet restore or dotnet build as it implicitly calls restore before build, or msbuid.exe /t:restore with msbuild CLI. To simulate dotnet build (re
Keep reading