npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

npm outdated - wanted (group by dep & dev-dep)

Current behavior: npm outdated gives a list of dependencies listed alphabetically, grouping packages that are defined as dependencies with those defined as devDependencies. If the developer has many packages, they are forced to look in their IDE at package.json to confirm the installation location for a particular package, which takes extra time and complicates the process. Additionally, this increases the risk that the developer mistakenly installs a package in the wrong group in package.json – which may happen if they choose --save and include a development package in a long list of dependencies, or vice versa with --save-dev and a package needed for production.

npm outdated --long does provide the location info for each outdated package, but again production and development dependencies are listed together.

Potential Future Behavior: npm outdated would provide two lists as an output, grouped by dependencies and then by devDependencies, with each list sorted alphabetically. Additionally, npm outdated --long would be grouped and sorted in the same way.

What workflow are you using to perform the updates?

I haven’t found this to be a problem as npm does the work to manage package.json and package-lock.json for me. For example these are the steps I take to update a package listed in devDependencies:

$ npm outdated
typescript          3.2.4     3.3.3   3.3.3  @shadowspawn/forest-arborist
$ npm update typescript
+ typescript@3.3.3
$ git status --short
 M package-lock.json
 M package.json

And typescript stays in devDependencies.

to follow the example in your post, the workflow is usually something like npm update typescript@3.3.3 --save

…so the upgrade is pinned to a specific version, and saved to dependencies (vs devDependencies with --save-dev)

npm has gotten better and smarter. From:

As of npm@5.0.0 , the npm update will change package.json to save the new version as the minimum required dependency. To get the old behavior, use npm update --no-save .

@shadowspawn – thanks! I had been in the habit of appending --save or --save-dev when upgrading. However, it seems like a better workflow would be to just leave that out when upgrading existing packages – and only use it when adding new packages to production or dev respectively.