When you install a package using npm install <packagename>, the latest available version of the package is downloaded and put in the node_modules folder, and a corresponding entry is added to the package.json and package-lock.json files that are present in your current folder.

npm calculates the dependencies and installs the latest available version of those as well.

Let’s say you install cowsay, a cool command line tool that lets you make a cow say things.

When you npm install cowsay, this entry is added to the package.json file:

{
  "dependencies": {
    "cowsay": "^1.3.1"
  }
}

and this is an extract of package-lock.json, where I removed the nested dependencies for clarity:

{
  "requires": true,
  "lockfileVersion": 1,
  "dependencies": {
    "cowsay": {
      "version": "1.3.1",
      "resolved": "https://registry.npmjs.org/cowsay/-/cowsay-1.3.1.tgz",
      "integrity": "sha512-3PVFe6FePVtPj1HTeLin9v8WyLl+VmM1l1H/5P+BTTDkMAjufp+0F9eLjzRnOHzVAYeIYFF5po5NjRrgefnRMQ==",
      "requires": {
        "get-stdin": "^5.0.1",
        "optimist": "~0.6.1",
        "string-width": "~2.1.1",
        "strip-eof": "^1.0.0"
      }
    }
  }
}

Now those 2 files tell us that we installed version 1.3.1 of cowsay, and our rule for updates is ^1.3.1, which for the npm versioning rules means that npm can update to patch and minor releases: 1.3.2, 1.4.0 and so on.

But not for major version changes that break compatibility, which means, in this example, 2.0 and higher.

If there is a new minor or patch release and we type npm update, the installed version is updated, and the package-lock.json file diligently filled with the new version.

package.json remains unchanged.

To discover new releases of the packages, you run npm outdated.

Here’s the list of a few outdated packages in one repository I didn’t update for quite a while:

Some of those updates are major releases. Running npm update won’t update the version of those. Major releases are never updated in this way because they (by definition) introduce breaking changes, and npm want to save you trouble.

To update to a new major version all the packages, install the npm-check-updates package globally:

npm install -g npm-check-updates

then run it:

ncu -u

this will upgrade all the version hints in the package.json file, to dependencies and devDependencies, so npm can install the new major version.

You are now ready to run the update:

npm update

If you just downloaded the project without the node_modules dependencies and you want to install the shiny new versions first, just run

npm install

Lessons in this unit:

0:	Introduction
1:	How to use or execute a package installed using npm
2:	npm dependencies and devDependencies
3:	How to fix the "Missing write access" error when using npm
4:	npm can install packages in the parent folder
5:	Install an older version of an npm package
6:	Find the installed version of an npm package
7:	How to test an npm package locally
8:	npm global or local packages
9:	What are peer dependencies in a Node module?
10:	`npm run dev` is a long-running program
11:	Semantic Versioning using npm
12:	Uninstalling npm packages with `npm uninstall`
13:	An introduction to the npm package manager
14:	The npx Node Package Runner
15:	The package.json guide
16:	The package-lock.json file
17:	What is pnpm?
18:	Should you commit the node_modules folder to Git?
19:	▶︎ Update all the Node dependencies to their latest version
20:	Where does npm install the packages?
21:	Bumping Node.js dependencies
22:	Run package.json scripts upon any file changes in a folder