npm update: Usage, Options & Common Errors
Upgrade dependencies within their allowed semver ranges.
npm update bumps installed packages to the newest versions allowed by the ranges in package.json, updating node_modules and the lockfile.
What it does
Resolves each dependency to the highest version satisfying its package.json range and installs it, rewriting package-lock.json. It will not cross a range boundary (e.g. ^1.2.0 will not become 2.0.0) - that requires editing package.json or a tool like npm-check-updates.
Common usage
npm update # update all in-range deps
npm update lodash # update a single package
npm update --save # also update ranges in package.json
npm outdated # preview what would change firstCommon CI error: lockfile drift after update
Running npm update in CI rewrites package-lock.json, which then differs from the committed lockfile and breaks the next npm ci. Run npm update locally, commit the new lockfile, and keep CI on npm ci so installs stay reproducible.
# locally:
npm update && git add package-lock.json && git commit -m "deps"