The Marketing Technologist.

We talk about analytics, code, data science and everything related to marketing technology. Backed by the tech geeks of Greenhouse.

How to update out of date npm dependencies

As projects get older, the dependencies used at the time get older too. If you don't update these packages regularly they could get out of date and might cease to work over time.

Most modern web projects contain dependency management through npm. When the project is setup and worked on by its regular developers not much might change on their machines. Imagine stepping in later on in the process and having to install ancient versions of the chosen tools. This could give quite some problems.

Concerns

When trying to run npm install on older projects the most occuring problem is that the local version of node and npm do not meet the required versions of the declared dependencies. The local versions might be way too new for the old dependencies to work or even install.

Old versions of dependencies might also contain older unsecure code which has been improved over time. The chance that bugs have been solved since is also quite large.

Things to consider before updating

Be careful when updating major versions of a dependency. This might change the API altogether, possibly breaking the programatic use of the dependency.

For plugins used in Grunt or Gulp this is not the case most of the time since the plugin itself is a layer between your code and the actual library.

Some stuff might break, don't be afraid to do some work. Not everything is backwards compatible, so take precaution when you're about to update. Store your previous work and begin updating in a seperate branch. Make your work at least reversible.

Updating the quick (lazy) way

The quick way to update your project is to open the package.json file in the project and replace all the version numbers with "*".

This will force all dependencies to get the latest versions. After this, update all the version numbers in the package.json file so they match the latest again. The following command does exactly that.

npm install --save

Or use the --save-dev flag if you dependencies are in devDependencies.

Be careful: This will update all dependencies in one go, so you might not know which dependency broke your project later on.

Updating the safer way

A safer way to update your project is go over all the dependencies declared in package.json one by one.

This will give you the opportunity to take a look at all the dependencies. You might find some unused or dead projects on your way. It's better to have maintained dependencies in your project so they keep getting improved.

Depending on the type of dependency (--save-dev or --save) execute the following per existing dependency:

npm install package-name --save

This will update the package.json file with the latest version as well as update the dependency in node_modules.

Test your outcome

Finally you can run your tests and see if everything is doing what it did before. Check your builds for errors and if you have a development workflow: give it a quick spin to see if it still functions.

Now you can sleep safely again with a better, improved and safer project. People will thank you for your effort.