Question 1

How to update only specific packages with npm-check-updates?

Accepted Answer

Use the --filter option with package names, wildcards, or regex—for example, 'ncu -f mocha' or 'ncu react-*' to target packages starting with 'react-'. This allows precise control over which dependencies are checked.

Question 2

Does npm-check-updates update yarn.lock or package-lock.json automatically?

Accepted Answer

No, it only modifies package.json. You must run your package manager's install command (e.g., npm install or yarn install) separately to update lock files and node_modules, as emphasized in the usage examples.

Question 3

npm-check-updates vs Dependabot: which should I use?

Accepted Answer

npm-check-updates offers more CLI control and safety features like doctor mode, ideal for manual or scripted updates. Dependabot is better for automated GitHub workflows with pull requests, so choose based on your integration needs.

Question 4

How to test for breaking changes before updating with npm-check-updates?

Accepted Answer

Use the --doctor mode with -u (e.g., ncu --doctor -u), which iteratively installs upgrades and runs your test script to identify and revert breaking changes, though it requires tests to be set up and can be time-consuming.

Question 5

Can npm-check-updates handle workspaces in monorepos?

Accepted Answer

Yes, it supports workspaces with --workspace or --workspaces options, allowing updates across multiple packages. Combine with --no-root to exclude the root project, but configuration can be complex for nested setups.

Question 6

How to set a cooldown period to avoid risky packages?

Accepted Answer

Use the -c or --cooldown option with a period like '7d' for 7 days, which ignores recently published versions to reduce supply chain attacks. However, as noted, this might block updates for fast-moving packages.

Question 7

Is npm-check-updates compatible with pnpm and bun?

Accepted Answer

Yes, it fully supports pnpm, bun, deno, yarn, and npm, automatically detecting the package manager based on lock files. Use -p to specify manually if needed, ensuring broad ecosystem coverage.

npm-check-updates

What is npm-check-updates?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions