SemVer
This note requires knowledge of SemVer (Semantic Versioning Specification). The purpose of SemVer is to help communicate what changed when a new version of a package is released. It splits software version numbers into 3 integers (seperated by points). A release is categorised as 1 of the following:
Old Version | New Version | Category | Description |
---|---|---|---|
v1.0.0 | v1.0.1 | PATCH | Bug fixes were added in a backwards compatible manner. |
v1.0.0 | v1.1.0 | MINOR | Functionality was added in a backwards compatible manner. |
v1.0.0 | v2.0.0 | MAJOR | Incompatiable API changes were made. |

Outdated Packages
To list outdated packages within a project, in the terminal, enter:
> npm outdated_

For each package, this will display:
- ▪ Current: the current version of a package within the project.
- ▪ Wanted: the maximum version of the package that satisfies the SemVer range specified in package.json. For example:
- ▫
~1.0.1
tells npm to install1.0.1
or the latest PATCH version of a package. - ▫
^1.0.1
tells npm to install1.0.1
or the latest PATCH version or the latest MINOR version of a package.
- ▫
- ▪ Latest: the version of the package tagged as latest in the npm registry (publishers running
npm publish
with no special configuration will publish the package with a dist-tag of latest).
Update Packages
To update all packages, in the terminal, enter:
> npm update --dd_
This will update packages to the latest MINOR version.
If a publisher has done a MAJOR release since you installed it, npm update
will still only update to the lastest MINOR version.
This is to encourage doing major package upgrades 1 package at a time, manually.
There is a chance that a MAJOR upgrade will break your project.
Doing them 1 at a time makes it eaiser to identify and fix any resulting bugs.
The --dd
flag will provide error message if npm update
doesn’t work.

Audit Packages
When installing packages, npm install
, you sometimes see this message:

This displays packages in your project that have released a new version that fixes vulnerabilities. This means your codebase will contain vulnerabilities until you upgrade certain packages. To fix this, in the terminal, run:
> npm audit fix_
This will upgrade packages to a version that includes the vulnerability fixes.
Vulnerabilities can also be displayed in the terminal by entering the command: npm audit
.
Where to Next?


