使用 npm-check-updates 快速升级前端项目 package.json 依赖版本

通过使用 npm outdated 和 npm update 命令，可以对前端项目中的第三方依赖版本进行分析与升级。但他们可用的参数较少，有些过于简单。

在 Microsoft Visual Code 编辑器中，当鼠标停留在依赖行并保持不动时，它会去查询该行依赖的最新版本。这在对单个的第三方依赖版本升级上会有比较简单快捷的辅助。

对于依赖众多的中大型项目，其第三方依赖包可能多达上百个。当希望进行大的版本和依赖升级时，手动逐个去检测和修改版本号也会是一个比较麻烦的事情。利用 npm-check-updates 可以协助应对这种场景。它是一个帮助你升级 package.json 中的依赖至最新版本，并且提供多个参数以满足不同的升级需求。

1 使用 npm-check-updates

npm-check-updates 的使用很简单。进入项目目录中，然后使用 npx 执行其命令，即可进行最新依赖版本的检测：

npx npm-check-updates

当然，你也可以全局安装它，然后就可以使用其提供的 ncu 命令：

npm i -g npm-check-updates
ncu --help

默认情况下，执行 ncu -u 即可将 package.json 中的所有第三方依赖版本修改为其最新的版本。

一些示例：

# 交互式升级：每一个依赖的修改都需手工确认
ncu -u -i
# 只更新补丁版本 -- 按指定的<target>级别更新。target 可选值：latest, newest, greatest, minor, patch
ncu -u --target patch
# 仅更新 devDependenties 下的依赖。dep 可选参数： prod, dev, peer, optional, bundle（多个可用逗号分隔）
ncu -u --dep dev
# 仅更新包名称包含 react 字符串的依赖
ncu -u --filter /react/
# 不更新包名称包含 electron 字符串的依赖
ncu -u --reject /electron/
# 检查更新是否可以通过测试(npm test)，并指定项目管理器为 yarn
ncu -u --doctor -p yarn

2 调用 npm-check-updates 模块化 API 接口方式

此外，你也可以通过命令行方式调用其 API 接口，以实现定制的辅助工具或脚本：

const ncu = require('npm-check-updates');

const upgraded = await ncu.run({
  // Pass any cli option.
  // Defaults:
  jsonUpgraded: true,
  silent: true
});

console.log(upgraded)

3 npm-check-updates 相关参数参考

Usage: cli [options] [filter]

[filter] is a list or regex of package names to check (all others will be ignored).

Options:
--concurrency Max number of concurrent HTTP requests to registry. (default: 8)
--configFilePath Directory of .ncurc config file (default: directory of packageFile).
--configFileName Config file name (default: .ncurc.{json,yml,js})
--cwd Working directory in which npm will be executed.
--dep Check one or more sections of dependencies only: prod, dev, peer, optional, bundle (comma-delimited).
--deprecated Include deprecated packages.
--doctor Iteratively installs upgrades and runs tests to identify breaking upgrades. Run "ncu --doctor" for detailed help. Add "-u" to execute.
--enginesNode Include only packages that satisfy engines.node as specified in the package file.
-e, --errorLevel Set the error level. 1: exits with error code 0 if no errors occur. 2: exits with error code 0 if no packages need updating (useful for continuous integration). (default: 1)
-f, --filter Include only package names matching the given string, comma-or-space-delimited list, or /regex/.
-g, --global Check global packages instead of in the current project.
--greatest DEPRECATED. Renamed to "--target greatest".
-i, --interactive Enable interactive prompts for each dependency; implies -u unless one of the json options are set,
-j, --jsonAll Output new package file instead of human-readable message.
--jsonDeps Like jsonAll but only lists dependencies, devDependencies, optionalDependencies, etc of the new package data.
--jsonUpgraded Output upgraded dependencies in json.
-l, --loglevel Amount to log: silent, error, minimal, warn, info, verbose, silly. (default: "warn")
-m, --minimal Do not upgrade newer versions that are already satisfied by the version range according to semver.
-n, --newest DEPRECATED. Renamed to "--target newest".
-p, --packageManager npm, yarn (default: "npm")
-o, --ownerChanged Check if the package owner changed between current and upgraded version.
--packageData Package file data (you can also use stdin).
--packageFile Package file location (default: ./package.json).
--pre Include -alpha, -beta, -rc. (default: 0; default with --newest and --greatest: 1).
--prefix Current working directory of npm.
-r, --registry Third-party npm registry.
--removeRange Remove version ranges from the final package version.
--semverLevel DEPRECATED. Renamed to --target.
-s, --silent Don't output anything (--loglevel silent).
-t, --target Target version to upgrade to: latest, newest, greatest, minor, patch.
--timeout Global timeout in milliseconds. (default: no global timeout and 30 seconds per npm-registery-fetch).
-u, --upgrade Overwrite package file with upgraded versions instead of just outputting to console.
-x, --reject Exclude packages matching the given string, comma-or-space-delimited list, or /regex/.
-V, --version output the version number
-h, --help display help for command