A Developer's Guide to Safely Upgrading NPM Dependencies

A Developer's Guide to Safely Upgrading NPM Dependencies
Photo by Mimi Thian / Unsplash

Keeping dependencies up to date is crucial for security, performance, and compatibility. However, blindly upgrading can break your project. This guide will help you safely upgrade NPM packages, focusing on major version updates and important considerations.


1. What is NCU?

ncu stands for npm-check-updates, a tool that helps you check and upgrade dependencies in your package.json. Unlike npm outdated, which only suggests updates within the same major version, ncu can update packages to their latest versions, including breaking changes.

Installing NCU

If you haven’t installed it yet, run:

npm install -g npm-check-updates

Basic Usage

Upgrade all dependencies, including major versions:

ncu -u

Upgrade minor and patch versions only:

ncu -u --target minor

Check available updates:

ncu

2. Understand the Types of Version Updates

NPM follows Semantic Versioning (SemVer):

  • MAJOR (Breaking Changes): 2.8.8 → 3.0.0
  • MINOR (New Features, Backward-Compatible): 2.8.8 → 2.9.0
  • PATCH (Bug Fixes, Backward-Compatible): 2.8.8 → 2.8.9

Use the command:

ncu -u --target minor

This upgrades only minor and patch versions, reducing the risk of breaking changes.

If major versions remain, extra caution is needed before updating them.


3. Reviewing Breaking Changes

Before upgrading a package to a new major version, check its release notes or changelog:

  • @types/node – Verify compatibility with your Node.js version (node -v).
  • jiti – Ensure your build tools or scripts still work as expected.
  • prettier – Major formatting changes might affect your code style.
  • tsup – New defaults may affect your build process.

These packages are just examples of dependencies that have major version updates. Other dependencies in your project may also introduce breaking changes, so always review the changelogs before upgrading.

For each package, check the GitHub releases or documentation for migration steps.


4. Upgrade One Package at a Time

Instead of upgrading all at once, upgrade and test each package individually:

Step 1: Upgrade @types/node

npm install @types/node@latest

If you're using TypeScript, check for errors:

tsc --noEmit

Step 2: Upgrade jiti

npm install jiti@latest

Then, test your project.

Step 3: Upgrade prettier

npm install prettier@latest

Then, reformat your code:

npx prettier --write .

Step 4: Upgrade tsup

npm install tsup@latest

Then, rebuild your project:

npm run build

After each upgrade, run your tests and check for issues.


5. Additional Considerations

  • Use Version Control: Before upgrading, commit your current package.json and package-lock.json.
  • Check for Deprecated Features: Some upgrades might remove features you depend on.
  • Ensure All Dependencies Are Compatible: Some updates may require upgrading related packages.
  • Backup Your Code: If something goes wrong, you can revert using:
git reset --hard HEAD

6. Final Testing

After upgrading, thoroughly test your project:

  • Run Tests: If you have automated tests, run them.
npm test
  • Check TypeScript Errors (if applicable):
tsc --noEmit
  • Manually Test Key Features to ensure everything still works as expected.

If everything works fine, commit the changes and enjoy your updated dependencies! 🚀

Finally

Upgrading dependencies is necessary but should be done cautiously. By following this step-by-step approach, you can ensure that updates improve your project without introducing unexpected bugs.

Support Us