MCPcopy Index your code
hub / github.com/raineorshine/npm-check-updates

github.com/raineorshine/npm-check-updates @v22.2.9

Chat with this repo
repository ↗ · DeepWiki ↗ · release v22.2.9 ↗ · + Follow
335 symbols 1,203 edges 171 files 77 documented · 23% 10 cross-repo links updated todayv22.2.9 · 2026-06-28★ 10,27749 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

npm-check-updates

npm version Build Status

npm-check-updates upgrades your package.json dependencies to the latest versions, ignoring specified versions.

  • maintains existing semantic versioning policies, i.e. "react": "^18.3.1" to "react": "^19.2.7".
  • only modifies package.json file. Run npm install to update your installed packages and package-lock.json.
  • sensible defaults, but highly customizable
  • compatible with npm, yarn, pnpm, deno, and bun
  • CLI and module usage
  • Pure ESM architecture with dual-build support (ESM/CJS)

ncu example output

$${\color{red}Red}$$ major upgrade (and all major version zero)

$${\color{cyan}Cyan}$$ minor upgrade

$${\color{green}Green}$$ patch upgrade

Requirements

  • Node.js: ^20.19.0 || ^22.12.0 || >=24.0.0
  • npm: >=10.0.0

Installation

Install globally to use npm-check-updates or the shorter ncu:

npm install -g npm-check-updates

Or run with npx (only the long form is supported):

npx npm-check-updates

Usage

Check the latest versions of all project dependencies:

$ ncu
Checking package.json
[====================] 5/5 100%

 eslint             7.32.0  →    8.0.0
 prettier           ^2.7.1  →   ^3.0.0
 svelte            ^3.48.0  →  ^3.51.0
 typescript         >3.0.0  →   >4.0.0
 untildify          <4.0.0  →   ^4.0.0
 webpack               4.x  →      5.x

Run ncu -u to upgrade package.json

Upgrade a project's package file:

Make sure your package file is in version control and all changes have been committed. This will overwrite your package file.

$ ncu -u
Upgrading package.json
[====================] 1/1 100%

 express           4.12.x  →   4.13.x

Run npm install to install new versions.

$ npm install      # update installed packages and package-lock.json

Check global packages:

ncu -g

Interactive Mode

Choose which packages to update in interactive mode:

ncu --interactive
ncu -i

ncu --interactive

Combine with --format group for a truly luxe experience:

ncu --interactive --format group

Keys

  • Select a package
  • Space Toggle selection
  • a Toggle all
  • Enter Upgrade

Filter packages

Filter packages using the --filter option or adding additional cli arguments:

# upgrade only mocha
ncu mocha
ncu -f mocha
ncu --filter mocha

# upgrade only chalk, mocha, and react
ncu chalk mocha react
ncu chalk, mocha, react
ncu -f "chalk mocha react"

Filter with wildcards or regex:

# upgrade packages that start with "react-"
ncu react-*
ncu "/^react-.*$/"

Exclude specific packages with the --reject option or prefixing a filter with !. Supports strings, wildcards, globs, comma-or-space-delimited lists, and regex:

# upgrade everything except nodemon
ncu \!nodemon
ncu -x nodemon
ncu --reject nodemon

# upgrade packages that do not start with "react-".
ncu \!react-*
ncu '/^(?!react-).*$/' # mac/linux
ncu "/^(?!react-).*$/" # windows

Advanced filters: filter, filterResults, filterVersion

How dependency updates are determined

  • Direct dependencies are updated to the latest stable version:
  • 2.0.12.2.0
  • 1.21.3
  • 0.1.01.0.1
  • Range operators are preserved and the version is updated:
  • ^1.2.0^2.0.0
  • 1.x2.x
  • >0.2.0>0.3.0
  • "Less than" is replaced with a wildcard:
  • <2.0.0^3.0.0
  • 1.0.0 < 2.0.0^3.0.0
  • "Any version" is preserved:
  • **
  • Prerelease versions are ignored by default.
  • Use --pre to include prerelease versions (e.g. alpha, beta, build1235)
  • Choose what level to upgrade to:
  • With --target semver, update according to your specified semver version ranges:
    • ^1.1.0^1.9.99
  • With --target minor, strictly update the patch and minor versions (including major version zero):
    • 0.1.00.2.1
  • With --target patch, strictly update the patch version (including major version zero):
    • 0.1.00.1.2
  • With --target @next, update to the version published on the next tag:
    • 0.1.0 -> 0.1.1-next.1

Options

Options are merged with the following precedence:

  1. Command line options
  2. Local Config File (current working directory)
  3. Project Config File (next to package.json)
  4. User Config File ($HOME)

Options that take no arguments can be negated by prefixing them with --no-, e.g. --no-peer.

--cache Cache versions to a local cache file. Default --cacheFile is ~/.ncu-cache.json and default --cacheExpiration is 10 minutes.
--cacheClear Clear the default cache, or the cache file specified by --cacheFile.
--cacheExpiration <min> Cache expiration in minutes. Only works with --cache. (default: 10)
--cacheFile <path> Filepath for the cache file. Only works with --cache. (default: "~/.ncu-cache.json")
--color Force color in terminal.
--concurrency <n> Max number of concurrent HTTP requests to registry. (default: 8)
--configFileName <s> Config file name. (default: .ncurc or .ncurc.{json,yaml,yml,js,mjs,cjs})
--configFilePath <path> Directory of .ncurc config file. (default: directory of packageFile)
-c, --cooldown <period> Sets a minimum age for package versions to be considered for upgrade. Accepts a number (days) or a string with a unit: "7d" (days), "12h" (hours), "30m" (minutes). Reduces the risk of installing newly published, potentially compromised packages.
--cwd <path> Working directory in which npm will be executed.
--deep Run recursively in current working directory. Alias of (--packageFile '**/package.json').
--dep <value> Check one or more sections of dependencies only: dev, optional, peer, prod, or packageManager (comma-delimited). (default: ["prod","dev","optional","packageManager"])
--deprecated Include deprecated packages. Use --no-deprecated to exclude deprecated packages (20–25% slower). (default: true)
-d, --doctor Iteratively installs upgrades and runs tests to identify breaking upgrades. Requires -u to execute.
--doctorInstall <command> Specifies the install script to use in doctor mode. (default: npm install or the equivalent for your package manager)
--doctorTest <command> Specifies the test script to use in doctor mode. (default: npm test)
--enginesNode Include only packages that satisfy engines.node as specified in the package file.
-e, --errorLevel <n> Set the error level. 1: exits with error code 0 if no errors occur. 2: exits with error code 0 if no packages need updating (useful for continuous integration). (default: 1)
-f, --filter <p> Include only package names matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.
filterResults <fn> Filters results based on a user provided predicate function after fetching new versions.
--filterVersion <p> Filter on package version using comma-or-space-delimited list, /regex/, or predicate function.
--format <value> Modify the output formatting or show additional information. Specify one or more comma-delimited values: dep, group, ownerChanged, repo, time, lines, installedVersion, cooldown. (default: [])
-g, --global Check global packages instead of in the current project.
groupFunction <fn> Customize how packages are divided into groups when using --format group.
--install <value> Control the auto-install behavior: always, never, prompt. (default: "prompt")
-i, --interactive Enable interactive prompts for each dependency; implies -u unless one of the json options are set.
-j, --jsonAll Output new package file instead of human-readable message.
--jsonDeps Like jsonAll but only lists dependencies, devDependencies, optionalDependencies, etc of the new package data.
--jsonUpgraded Output upgraded dependencies in json.
-l, --loglevel <n> Amount to log: silent, error, minimal, warn, info, verbose, silly. (default: "warn")
--mergeConfig Merges nested configs with the root config file for --deep or --packageFile options. (default: false)
-m, --minimal Do not upgrade newer versions that are already satisfied by the version range according to semver.
--packageData <value> Package file data (you can also use stdin).
--packageFile <path|glob> Package file(s) location. (default: ./package.json)
-p, --packageManager <s> npm, yarn, pnpm, deno, bun, staticRegistry (default: npm).
--peer Check peer dependencies of installed packages and filter updates to compatible versions.
--pre <n> Include prerelease versions, e.g. -alpha.0, -beta.5, -rc.2. Automatically set to 1 when --target is newest or greatest, or when the current version is a prerelease. (default: 0)
--prefix <path> Current working directory of npm.
-r, --registry <uri> Specify the registry to use when looking up package versions.
--registryType <type> Specify whether --registry refers to a full npm registry or a simple JSON file or url: npm, json. (default: npm)
-x, --reject <p> Exclude packages matching the given string, wildcard, glob, comma-or-space-delimited list, /regex/, or predicate function.
--rejectVersion <p> Exclude package.json versions using comma-or-space-delimited list, /regex/, or predicate function.
--removeRange Remove version ranges from the final package version.
--retry <n> Number of times to retry failed requests for package info. (default: 3)
--root Runs updates on the root project in addition to specified workspaces. Only allowed with --workspace or --workspaces. (default: true)
-s, --silent Don't output anything. Alias for --loglevel silent.
--stdin Read package.json from stdin.
-t, --target <value> Determines the version to upgrade to: latest, newest, greatest, minor, patch, semver, @[tag], or [function]. (default: latest)
--timeout <ms> Global timeout in milliseconds. (default: no global timeout and 30 seconds per npm-registry-fetch)
-u, --upgrade Overwrite package file with upgraded versions instead of just outputting to console.
--verbose Log additional

Extension points exported contracts — how you extend this code

MinimumReleaseAgeLayer (Interface)
A single config layer's parsed minimumReleaseAge settings. minimumReleaseAge is optional since a layer may only define e
src/package-managers/pnpm.ts
CreateMockParams (Interface)
(no doc)
test/helpers/createMockVersion.ts
PackageInfo (Interface)
(no doc)
src/types/PackageInfo.ts
UpgradeOptions (Interface)
(no doc)
src/lib/version-util.ts
PnpmWorkspaceMinimumReleaseAge (Interface)
(no doc)
src/package-managers/pnpm.ts
Assertion (Interface)
(no doc)
test/helpers/chai.d.ts
PackageFile (Interface)
(no doc)
src/types/PackageFile.ts
UpgradeSpec (Interface)
(no doc)
src/lib/upgradeDependencies.ts

Core symbols most depended-on inside this repo

stubVersions
called by 164
test/helpers/stubVersions.ts
removeDir
called by 112
test/helpers/removeDir.ts
print
called by 85
src/lib/logging.ts
createMockVersion
called by 74
test/helpers/createMockVersion.ts
chaiSetup
called by 47
test/helpers/chaiSetup.ts
getCurrentDependencies
called by 44
src/lib/getCurrentDependencies.ts
programError
called by 36
src/lib/programError.ts
entries
called by 35
src/lib/figgy-pudding/index.js

Shape

Function 294
Interface 31
Method 8
Class 2

Languages

TypeScript100%

Modules by API surface

src/lib/version-util.ts37 symbols
src/package-managers/npm.ts26 symbols
src/cli-options.ts20 symbols
src/package-managers/yarn.ts17 symbols
src/lib/figgy-pudding/index.js15 symbols
src/lib/logging.ts14 symbols
src/package-managers/pnpm.ts11 symbols
vite.config.ts9 symbols
scripts/build-options.ts8 symbols
src/package-managers/gitTags.ts6 symbols
src/package-managers/filters.ts6 symbols
src/lib/getAllPackages.ts6 symbols

Dependencies from manifests, versioned

@eslint/compat2.1.0 · 1×
@eslint/js10.0.1 · 1×
@microsoft/api-extractor7.58.9 · 1×
@streamparser/json0.0.22 · 1×
@types/bun1.3.14 · 1×
@types/chai5.2.3 · 1×
@types/chai-as-promised8.0.2 · 1×
@types/chai-string1.4.5 · 1×
@types/hosted-git-info3.0.5 · 1×
@types/ini4.1.1 · 1×
@types/jsonlines0.1.5 · 1×

For agents

$ claude mcp add npm-check-updates \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact