Upgrading packages with npm#

There’s a new version of Vite out (3.0) and I wanted to upgrade my datasette-table package to use it.

I mainly followed the guide on Update all the Node.js dependencies to their latest version to work out how to do this.

My package.json started out containing this:

1
  "dependencies": {
2
    "lit": "^2.0.0"
3
  },
4
  "devDependencies": {
5
    "vite": "^2.6.4"
6
  }

The ^ syntax here pins to a major version - running npm update will update the package-lock.json file to point to the highest 2.x version of the package but won’t increase the major version to 3.x.

npm outdated shows if there are any releases that go beyond my pinned packages. npm help outdated explains how it works in detail (npm outdated --help shows a less useful summary).

Running it against my project shows:

1
datasette-table % npm outdated
2
Package  Current  Wanted  Latest  Location           Depended by
3
vite      2.9.14  2.9.14   3.0.0  node_modules/vite  datasette-table

OK, so there’s a major version upgrade available.

The npm tool itself doesn’t have a way of applying that automatically - you need to install an extra tool, npm-check-updates:

1
npm install -g npm-check-updates

Then run npm-check-updates -u to apply those upgrades directly to package.json:

1
datasette-table % npm-check-updates -u
2
Upgrading .../datasette-table/package.json
3
[====================] 2/2 100%
4

5
 lit   ^2.0.0  →  ^2.2.7
6
 vite  ^2.6.4  →  ^3.0.0
7

8
Run npm install to install new versions.

git diff shows the changes it made:

1
datasette-table % git diff
2
diff --git a/package.json b/package.json
3
index 7682f38..43bfa14 100644
4
--- a/package.json
5
+++ b/package.json
6
@@ -13,10 +13,10 @@
7
     "serve": "vite preview"
8
   },
9
   "dependencies": {
10
-    "lit": "^2.0.0"
11
+    "lit": "^2.2.7"
12
   },
13
   "devDependencies": {
14
-    "vite": "^2.6.4"
15
+    "vite": "^3.0.0"
16
   },
17
   "repository": {
18
     "type": "git",

Note that it upgraded lit as well - npm-check-updates “upgrades your package.json dependencies to the latest versions, ignoring specified versions”.

Finally, run npm install to install the new versions:

1
datasette-table % npm install
2

3
changed 1 package, and audited 21 packages in 901ms
4

5
4 packages are looking for funding
6
  run `npm fund` for details
7

8
found 0 vulnerabilities