npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aforemendude/upgrade-npm-packages

v2.1.1

Published

A CLI tool that recursively upgrades npm package dependencies to the latest eligible versions.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aforemendudeaforemendude

Keywords

npmpackagesdependenciespackage-jsoncli

Readme

Upgrade NPM Packages

A CLI that recursively finds package.json files below the current working directory, updates their dependencies and devDependencies, and optionally performs a clean reinstall from the current working directory.

The command treats every discovered package.json independently. It skips node_modules directories, but otherwise walks all subdirectories from the directory where the command is run.

Requirements

  • Node.js 18 or newer
  • npm

Installation

Install the published CLI globally from npm:

npm install --global @aforemendude/upgrade-npm-packages

Usage

Run the command from the directory you want to scan:

upgrade-npm-packages

By default, the CLI only updates discovered package.json files. It does not delete lockfiles, delete node_modules, or run npm install.

To force a clean reinstall after all package.json files are updated:

upgrade-npm-packages --force-reinstall

For each package.json file it finds, the tool:

  1. Reads dependencies and devDependencies.
  2. Looks up package versions with npm view <package> versions time --json.
  3. Checks eligible candidate versions with npm view <package>@<version> deprecated --json until it finds a non-deprecated version.
  4. Replaces each eligible dependency reference with an exact version string.
  5. Writes the package.json with two-space formatting and alphabetically sorted object keys.

When --force-reinstall is present, the tool then deletes every discovered package-lock.json file and node_modules directory below the current working directory, and runs npm install once in the current working directory. It does this once regardless of how many package.json files were found.

Version Selection

  • Deprecated candidate versions are excluded from selection. Candidates are checked newest first after age, range, prerelease, and same-major filters have been applied.
  • Packages in the @aforemendude namespace have no minimum required package age. Other packages prefer the newest version that was published at least 7 days ago.
  • Normal dependencies ignore prerelease versions. If the current dependency reference contains a prerelease version, prerelease versions are also eligible.
  • If the current dependency reference contains a SemVer version newer than the latest eligible candidate, that current SemVer version is pinned instead of being downgraded. Versions below the current SemVer version are not checked for deprecation.
  • If the current dependency reference does not contain a complete SemVer version but is a valid SemVer range, the selected version must satisfy that range. If no satisfying non-deprecated version is at least 7 days old, the earliest satisfying non-deprecated version is pinned.
  • Dependency references set to * are skipped.
  • Other dependency references are parsed by looking for a SemVer version inside the string. References that do not contain a SemVer version and are not valid SemVer ranges do not get downgrade or range protection.
  • Version ranges are not preserved; selected versions are written as exact pins. For example, ^1.2.3 can become 2.0.0.

The following packages are only upgraded within their current major version when the current reference contains or can be interpreted as a SemVer major version:

  • @eslint/js
  • @types/node
  • eslint

Failure Behavior

  • If no package.json files are found, the command logs an error and exits without changing files.
  • If version lookup fails for a dependency, that dependency is skipped.
  • If processing a package.json fails, the command stops and exits with an error.
  • When --force-reinstall is present, cleanup or npm install failure stops the command and exits with an error.

Development

# Compile TypeScript
npm run build

# Check formatting
npm run format:check

# Format code with Prettier
npm run format

# Run unit tests
npm run test

# Run tests in watch mode
npm run test:watch

# Run formatting, build, and tests
npm run verify