The npm community forum has been discontinued.
To discuss usage of npm, visit the GitHub Support Community.
npm outdated - wanted (group by dep & dev-dep)
Current behavior: npm outdated gives a list of dependencies listed alphabetically, grouping packages that are defined as dependencies with those defined as devDependencies. If the developer has many packages, they are forced to look in their IDE at package.json to confirm the installation location for a particular package, which takes extra time and complicates the process. Additionally, this increases the risk that the developer mistakenly installs a package in the wrong group in package.json – which may happen if they choose
--save and include a development package in a long list of dependencies, or vice versa with
--save-dev and a package needed for production.
npm outdated --long does provide the location info for each outdated package, but again production and development dependencies are listed together.
Potential Future Behavior: npm outdated would provide two lists as an output, grouped by
dependencies and then by
devDependencies, with each list sorted alphabetically. Additionally,
npm outdated --long would be grouped and sorted in the same way.
What workflow are you using to perform the updates?
I haven’t found this to be a problem as
npm does the work to manage package.json and package-lock.json for me. For example these are the steps I take to update a package listed in devDependencies:
$ npm outdated typescript 3.2.4 3.3.3 3.3.3 @shadowspawn/forest-arborist $ npm update typescript + email@example.com ... $ git status --short M package-lock.json M package.json
typescript stays in devDependencies.
to follow the example in your post, the workflow is usually something like npm update firstname.lastname@example.org --save
…so the upgrade is pinned to a specific version, and saved to
devDependencies with --save-dev)
npm has gotten better and smarter. From: https://docs.npmjs.com/cli/update.html
npm updatewill change
package.jsonto save the new version as the minimum required dependency. To get the old behavior, use
npm update --no-save.
@shadowspawn – thanks! I had been in the habit of appending
--save-dev when upgrading. However, it seems like a better workflow would be to just leave that out when upgrading existing packages – and only use it when adding new packages to production or dev respectively.