Left Arrow



The letters 'npm'.



Status: decay

npm is a package manager for JavaScript.

The letters 'v1.0.1'.


This note requires knowledge of SemVer (Semantic Versioning Specification). The purpose of SemVer is to help communicate what changed when a new version of a package is released. It splits software version numbers into 3 integers (seperated by points). A release is categorised as 1 of the following:

Old VersionNew VersionCategoryDescription
v1.0.0v1.0.1PATCHBug fixes were added in a backwards compatible manner.
v1.0.0v1.1.0MINORFunctionality was added in a backwards compatible manner.
v1.0.0v2.0.0MAJORIncompatiable API changes were made.
A penny-farthing bicycle.

Outdated Packages

To list outdated packages within a project, in the terminal, enter:

> npm outdated_
A table of package names and versions.

For each package, this will display:

  • Current: the current version of a package within the project.
  • Wanted: the maximum version of the package that satisfies the SemVer range specified in package.json. For example:
    • ~1.0.1 tells npm to install 1.0.1 or the latest PATCH version of a package.
    • ^1.0.1 tells npm to install 1.0.1 or the latest PATCH version or the latest MINOR version of a package.
  • Latest: the version of the package tagged as latest in the npm registry (publishers running npm publish with no special configuration will publish the package with a dist-tag of latest).

Update Packages

To update all packages, in the terminal, enter:

> npm update --dd_

This will update packages to the latest MINOR version. If a publisher has done a MAJOR release since you installed it, npm update will still only update to the lastest MINOR version. This is to encourage doing major package upgrades 1 package at a time, manually. There is a chance that a MAJOR upgrade will break your project. Doing them 1 at a time makes it eaiser to identify and fix any resulting bugs. The --dd flag will provide error message if npm update doesn’t work.

An desert airfield with empty silos organised into rows and columns.

Audit Packages

When installing packages, npm install, you sometimes see this message:

A message in the terminal.

This displays packages in your project that have released a new version that fixes vulnerabilities. This means your codebase will contain vulnerabilities until you upgrade certain packages. To fix this, in the terminal, run:

> npm audit fix_

This will upgrade packages to a version that includes the vulnerability fixes. Vulnerabilities can also be displayed in the terminal by entering the command: npm audit.