javascript - How to determine path to deep outdated/deprecated packages (NPM)?

Question

How to determine, which packages (deep-dependencies, not top-level) are outdated in my local NPM installation?

I run the following command:

npm install

having this in my package.json:

"dependencies": {
    "bluebird": "^3.3.4",
    "body-parser": "~1.15.0",
    "connect-flash": "^0.1.1",
    "cookie-parser": "~1.4.1",
    "debug": "~2.2.0",
    "express": "~4.13.1",
    "express-session": "^1.13.0",
    "hbs": "~4.0.0",
    "lodash": "^4.6.1",
    "mkdirp-bluebird": "^1.0.0",
    "morgan": "~1.7.0",
    "opener": "^1.4.1",
    "sequelize": "^3.19.3",
    "serve-favicon": "~2.3.0",
    "sqlite3": "^3.1.1"
},

and get the following output:

$ npm install
npm WARN deprecated graceful-fs@3.0.8: graceful-fs version 3 and before will fail on newer node releases. Please update to graceful-fs@^4.0.0 as soon as possible.
npm WARN deprecated lodash@1.0.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0.
npm WARN deprecated graceful-fs@1.2.3: graceful-fs version 3 and before will fail on newer node releases. Please update to graceful-fs@^4.0.0 as soon as possible.

In my package.json all packages are fresh, but some of deep dependencies are outdated, and I don't know, how to determine WHICH of them.. And I want to do it quickly;)

Answer 1

you want ...

npm install -g npm-check-updates

then to show available updates

ncu

also ...

ncu -u

which actually change package.json to reflect the output of ncu.

And if that wasn't enough ...

ncu -m bower

check for new bower packages too!

Package npm-check-updates and more documentation is here

Edit for DEEP dependencies

npm-check-updates does not provide a depth option. With further research I found that npm now provides a CLI utitility to do what you want.

This essentially allows you to do ...

npm outdated --depth=5

which provides a similar output to npm-check-updates but also checks depth.

Note the default depth is 0 viz top level packages only. Also note that npm outdated only lists

• current version
• wanted version
• latest version

it does not actually do the update.

To update packages use:

npm update --depth=5

npm warns against using the depth option in conjunction with npm-update