Ups your package.json dependencies to latest. Opinionated. Respectless.
Last updated 16 days ago by sverweij .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install upem 
SYNC missed versions from official npm registry.

Up'em updates your dependencies to latest, so you don't have to.


  • Pipe npm outdated --json through upem.
  • When it's done npm install and re-run your automated quality checks.
  • Done.


You can e.g. set up some npm scripts so you can npm run upem and watch cat videos in the mean time:

  "scripts": {
    "check": "npm-run-all --parallel lint lint:archi test",
    "lint": "eslint src test",
    "lint:archi": "depcruise --validate -- src test",
    "lint:fix": "eslint --fix src test",
    "test": "jest",
    "upem": "npm-run-all upem:update upem:install lint:fix check",
    "upem:update": "npm outdated --json | upem",
    "upem:install": "npm install"

A similar approach in a Makefile, gulpfile.js or Gruntfile would do the trick as well.


If you want to keep versions untouched by up'em, put an upem section in your package.json with a donotup key, listing the stuff you don't want to upgrade e.g.

  "upem": {
    "donotup": [{
      "package": "glowdash",
      "because": "version >2 of glowdash doesn't support node 6 anymmore, but we still have to"

So what's this opionated and respectless business?

Latest is best

up'em does not respect your current version preferences. ^, ~, * => they all get updated to the latest version. It will leave the ^ and ~ in place as per your npm config settings, though.

If npm outdated says:

Package    Current  Wanted  Latest  Location
midash       1.8.2  ^1.8.0   2.0.1  your-golden-package

With the default npm config, running npm outdated --json | upem will set midash' version to ^2.0.1

  "midash": "^2.0.1"

There's no warning system for major version upgrades. I've found the most reliable way to find out if nothing breaks is to run your automated QA after updates.

Still respecting save-exact and save-prefix

Up'em does respect the save-exact and save-prefix npm config settings, just like npm --save and npm --save-dev would do:

  • if save-exact = true it will pin the version. In the above example it will pin midash to 2.0.1
  • if save-exact = false it will look at save-prefix in your npm config:
    • if save-prefix = '^' or save-prefix isn't specified, it'll caret-prefix the version: ^2.0.1
    • if save-prefix = '~' it'll tilde-prefix the version: ~2.0.1

If you want to be sure of npm's 'default' behaviour over all machines and collaborators, use this one:

save-exact = false
save-prefix = '^'

Whatever your preferences: commit a .npmrc at the root of all your repos so npm, yarn and upem behavior is the same accross all machines and collaborators.


I've been a happy user of npm-check-updates for a long time. It's getting out of date, though. It's using npm 3 (which has not caused troubles yet, but it might) and its dependencies have serious security issues. I have been looking into jumping into fixing it, but I soon found out it would take a serious commitment to do so.

I realized I used only a subset of npm-check-updates' capabilities, and rolling my own would only take a sunday afternoon...



Build Status Maintainability Test Coverage npm stable version MIT licensed

Current Tags

  • 2.0.0-beta-1                                ...           beta (a year ago)
  • 4.0.1                                ...           latest (16 days ago)

15 Versions

  • 4.0.1                                ...           16 days ago
  • 4.0.0                                ...           a month ago
  • 3.1.2                                ...           9 months ago
  • 3.1.1                                ...           10 months ago
  • 3.1.0                                ...           10 months ago
  • 3.0.0                                ...           a year ago
  • 2.1.1                                ...           a year ago
  • 2.1.0                                ...           a year ago
  • 2.0.1                                ...           a year ago
  • 2.0.0                                ...           a year ago
  • 2.0.0-beta-1                                ...           a year ago
  • 1.0.2                                ...           2 years ago
  • 1.0.2-beta-0                                ...           2 years ago
  • 1.0.1                                ...           2 years ago
  • 1.0.0                                ...           2 years ago
Maintainers (1)
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 72
Dependencies (4)
Dependents (0)

Copyright 2014 - 2016 © taobao.org |