npm-outdated

Check for outdated packages

Select CLI Version:

See Details

Table of contents

Synopsis

npm outdated[[<@scope>/]<pkg>...]

Description

This command will check the registry to see if any (or, specific) installed packages are currently outdated.

In the output:

wanted is the maximum version of the package that satisfies the semver range specified inpackage.json. If there's no available semver range (i.e. you're runningnpm outdated --global, or the package isn't included inpackage.json), thenwanted shows the currently-installed version.
latest is the version of the package tagged as latest in the registry. Runningnpm publish with no special configuration will publish the package with a dist-tag oflatest. This may or may not be the maximum version of the package, or the most-recently published version of the package, depending on how the package's developer manages the latestdist-tag.
location is where in the dependency tree the package is located. Note thatnpm outdated defaults to a depth of 0, so unless you override that, you'll always be seeing only top-level dependencies that are outdated.
package type (when using--long /-l) tells you whether this package is adependency or adevDependency. Packages not included inpackage.json are always markeddependencies.
homepage (when using--long /-l) is thehomepage value contained in the package'spackage.json
Red means there's a newer version matching your semver requirements, so you should update now.
Yellow indicates that there's a newer version above your semver requirements (usually new major, or new 0.x minor) so proceed with caution.

An example

$npm outdated
Package      Current   Wanted   Latest  Location
glob5.0.155.0.156.0.1  test-outdated-output
nothingness0.0.3gitgit  test-outdated-output
npm3.5.13.5.23.5.1  test-outdated-output
local-dev0.0.3   linked   linked  test-outdated-output
once1.3.21.3.31.3.3  test-outdated-output

With thesedependencies:

{
"glob":"^5.0.15",
"nothingness":"github:othiym23/nothingness#master",
"npm":"^3.5.1",
"once":"^1.3.1"
}

A few things to note:

glob requires^5, which prevents npm from installingglob@6, which is outside the semver range.
Git dependencies will always be reinstalled, because of how they're specified. The installed committish might satisfy the dependency specifier (if it's something immutable, like a commit SHA), or it might not, sonpm outdated andnpm update have to fetch Git repos to check. This is why currently doing a reinstall of a Git dependency always forces a new clone and install.
npm@3.5.2 is marked as "wanted", but "latest" isnpm@3.5.1 because npm uses dist-tags to manage itslatest andnext release channels.npm update will install thenewest version, butnpm install npm (with no semver range) will install whatever's tagged aslatest.
once is just plain out of date. Reinstallingnode_modules from scratch or runningnpm update will bring it up to spec.