To check if any module in a project is 'old':

要检查项目中的任何模块是否“旧”：

npm outdated

'outdated' will check every module defined in package.jsonand see if there is a newer version in the NPM registry.

“过时”将检查定义的每个模块，package.json并查看 NPM 注册表中是否有更新的版本。

For example, say xml2js 0.2.6(located in node_modulesin the current project) is outdated because a newer version exists (0.2.7). You would see:

例如，假设xml2js 0.2.6（位于node_modules当前项目中）已过时，因为存在较新的版本 (0.2.7)。你会看到：

[email protected] node_modules/xml2js current=0.2.6

To updateall dependencies, if you are confident this is desirable:

要更新所有依赖项，如果您确信这是可取的：

npm update

Or, to update a single dependency such as xml2js:

或者，更新单个依赖项，例如xml2js：

npm update xml2js

npm outdatedwill identify packages that should be updated, and npm update <package name>can be used to update each package. But prior to [email protected], npm update <package name>will not update the versions in your package.json which is an issue.

npm outdated将标识应该更新的包，npm update <package name>并可用于更新每个包。但是在 [email protected] 之前，npm update <package name>不会更新 package.json 中的版本，这是一个问题。

The best workflow is to:

最好的工作流程是：

1. Identify out of date packages
2. Update the versions in your package.json
3. Run npm updateto install the latest versions of each package

1. 识别过时的包
2. 更新 package.json 中的版本
3. 运行npm update以安装每个包的最新版本

Check out npm-check-updatesto help with this workflow.

查看npm-check-updates以帮助完成此工作流程。

• Install npm-check-updates
• Run npm-check-updatesto list what packages are out of date (basically the same thing as running npm outdated)
• Run npm-check-updates -uto update all the versions in your package.json (this is the magic sauce)
• Run npm updateas usual to install the new versions of your packages based on the updated package.json

• 安装npm-check-updates
• 运行npm-check-updates以列出过时的包（与运行基本相同npm outdated）
• 运行npm-check-updates -u以更新 package.json 中的所有版本（这是魔法酱）
• npm update像往常一样运行以根据更新的 package.json 安装新版本的包

There is also a "fresh" module called npm-check:

还有一个名为“新鲜”的模块npm-check：

npm-check

Check for outdated, incorrect, and unused dependencies.

npm 检查

检查过时、不正确和未使用的依赖项。

It also provides a convenient interactive way to update the dependencies.

它还提供了一种方便的交互方式来更新依赖项。

One easy step:

一个简单的步骤：

$ npm i -g npm-check-updates && ncu -u && npm i

$ npm i -g npm-check-updates && ncu -u && npm i

That is all. All of the package versions in package.jsonwill be the latest major versions.

就这些。中的所有软件包版本都package.json将是最新的主要版本。

Edit:

编辑：

What is happening here?

这里发生了什么？

1. Installing a package that checks updates for you.

2. Use this package to update all package versions in your package.json(-u is short for --updateAll).

3. Install all of the new versions of the packages.

1. 安装为您检查更新的软件包。

2. 使用这个包来更新你的所有包版本package.json（-u 是 --updateAll 的缩写）。

3. 安装所有新版本的软件包。

• To update a single local package:

  1. First find out your outdated packages:

     npm outdated

  2. Then update the package or packages that you want manually as:

     npm update --save package_name

• 要更新单个本地包：

  1. 首先找出您过时的软件包：

     npm outdated

  2. 然后手动更新您想要的一个或多个软件包：

     npm update --save package_name

This way it is not necessary to update your local package.jsonfile.

这样就没有必要更新您的本地package.json文件。

Note that this will update your package to the latest version.

请注意，这会将您的软件包更新到最新版本。

• If you write some version in your package.jsonfile and do:

  npm update package_name

  In this case you will get just the next stable version (wanted) regarding the version that you wrote in your package.jsonfile.

• 如果您在package.json文件中编写一些版本并执行以下操作：

  npm update package_name

  在这种情况下，您将获得与您在package.json文件中编写的版本相关的下一个稳定版本（想要的）。

And with npm list (package_name)you can find out the current version of your local packages.

并且npm list (package_name)您可以找到本地软件包的当前版本。

NPM commands to update or fix vulnerabilities in some dependency manifest files

更新或修复某些依赖清单文件中的漏洞的 NPM 命令

• Use below command to check outdated or vulnerabilities in your node modules.

  npm audit

• If any vulnerabilities found, use below command to fix all issues.

  npm audit fix

• If it doesn't work for you then try

  npm audit fix -f, this command will almost fix all vulnerabilities. Some dependencies or devDependencies are locked in package-lock.jsonfile, so we use -fflag to force update them.

• If you don't want to use force audit fix then you can manually fix your dependencies versions by changing them in package-lock.jsonand package.jsonfile. Then run

• 使用以下命令检查节点模块中的过时或漏洞。

  npm audit

• 如果发现任何漏洞，请使用以下命令修复所有问题。

  npm audit fix

• 如果它不适合你然后尝试

  npm audit fix -f，这个命令几乎可以修复所有漏洞。一些依赖或 devDependencies 被锁定在package-lock.json文件中，所以我们使用-fflag 来强制更新它们。

• 如果您不想使用强制审核修复，那么您可以通过在package-lock.json和package.json文件中更改它们来手动修复您的依赖项版本。然后运行

npm update && npm upgrade

npm update && npm upgrade

Check outdated packages

检查过时的软件包

npm outdated

Check and pick packages to update

检查并选择要更新的包

npx npm-check -u

npm oudated img

npm 更新的 img

npx npm-check -u img

npx npm-check -u img

No additional packages, to just check outdated and update those which are, this command will do:

没有额外的软件包，只需检查过时并更新那些，此命令将执行以下操作：

npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)

npm install $(npm outdated | cut -d' ' -f 1 | sed '1d' | xargs -I '$' echo '$@latest' | xargs echo)

When installing npm packages (both globally or locally) you can define a specific version by using the @versionsyntax to define a version to be installed.

在安装 npm 包（全局或本地）时，您可以通过使用@version语法定义要安装的版本来定义特定版本。

In other words, doing: npm install -g [email protected]will ensure that only 0.9.2 is installed and won't reinstall if it already exists.

换句话说，npm install -g [email protected]do : 将确保只安装 0.9.2，如果它已经存在，则不会重新安装。

As a word of a advice, I would suggest avoiding global npm installs wherever you can. Many people don't realize that if a dependency defines a bin file, it gets installed to ./node_modules/.bin/. Often, its very easy to use that local version of an installed module that is defined in your package.json. In fact, npm scripts will add the ./node_modules/.bin onto your path.

作为一个建议，我建议尽可能避免全局 npm 安装。许多人没有意识到如果依赖项定义了一个 bin 文件，它会被安装到 ./node_modules/.bin/。通常，使用 package.json 中定义的已安装模块的本地版本非常容易。实际上，npm 脚本会将 ./node_modules/.bin 添加到您的路径中。

As an example, here is a package.json that, when I run npm install && npm testwill install the version of karma defined in my package.json, and use that version of karma (installed at node_modules/.bin/karma) when running the testscript:

例如，这里有一个 package.json，当我运行时npm install && npm test将安装在我的 package.json 中定义的 karma 版本，并在运行test脚本时使用该版本的 karma（安装在 node_modules/.bin/karma）：

{
 "name": "myApp",
 "main": "app.js",
 "scripts": {
   "test": "karma test/*",
 },
 "dependencies": {...},
 "devDependencies": {
   "karma": "0.9.2"
 }
}

This gives you the benefit of your package.json defining the version of karma to use and not having to keep that config globally on your CI box.

这为您提供了 package.json 定义要使用的 karma 版本的好处，而不必在 CI 框中全局保留该配置。

As of [email protected]+you can simply do:

从[email protected]+ 开始，您可以简单地执行以下操作：

npm update <package name>

This will automaticallyupdate the package.jsonfile. We don't have to update the latest version manually and then use npm update <package name>

这将自动更新package.json文件。我们不必手动更新最新版本然后使用npm update <package name>

You can still get the old behavior using

您仍然可以使用

npm update --no-save

(Reference)

（参考）