4 Essential Tools to Automate Safe npm Dependency Updates

When developing npm modules we often install various dependency packages using commands such as npm i xx --save, and then we stop paying attention to newer versions of those dependencies.

After several months the versions we rely on become outdated, and upgrading can be tricky because many dependencies may introduce breaking changes, potentially breaking our own module and leaving deprecated packages behind.

Frequent upgrades are a good practice, but manually checking each dependency for new releases is painful.

Here are four useful tools that help you upgrade dependencies painlessly.

npm-check-updates : Run ncu in the project directory to check for newer versions, and use ncu -u to update them directly in package.json .

updtr : Similar to ncu , but after each dependency update it runs the full test suite; if tests fail, the update is rolled back, providing a safer alternative that depends on having reliable unit tests and a working npm test command.

next-updater : Works like updtr by running tests before updating, but it does not modify package.json automatically; instead it offers the install command so developers can decide whether to apply the update.

Greenkeeper : A service rather than a CLI tool. After authorizing access to your GitHub account and selecting repositories to monitor, Greenkeeper creates a pull request whenever a dependency has a new version. You then decide whether to merge the PR, and it is recommended to run tests (e.g., via Travis CI) on each PR.

Click “Read the original article” for more detailed information.