Skip to content
Latchkey

npm update: Usage, Options & Common Errors

Upgrade dependencies within their allowed semver ranges.

npm update bumps installed packages to the newest versions allowed by the ranges in package.json, updating node_modules and the lockfile.

What it does

Resolves each dependency to the highest version satisfying its package.json range and installs it, rewriting package-lock.json. It will not cross a range boundary (e.g. ^1.2.0 will not become 2.0.0) - that requires editing package.json or a tool like npm-check-updates.

Common usage

Terminal
npm update                  # update all in-range deps
npm update lodash           # update a single package
npm update --save           # also update ranges in package.json
npm outdated                # preview what would change first

Common CI error: lockfile drift after update

Running npm update in CI rewrites package-lock.json, which then differs from the committed lockfile and breaks the next npm ci. Run npm update locally, commit the new lockfile, and keep CI on npm ci so installs stay reproducible.

Terminal
# locally:
npm update && git add package-lock.json && git commit -m "deps"

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →