Working with node and npm for the last few years has taught us a thing or two about working with the npm community.
Initially, we kept all of our node_modules set to
latest figuring that would keep us most up to date with the community and reduce our technical debt by forcing us to upgrade and fix problems relating to upgrades as they arose. This worked for a while, but as our development team grew, we got to the point where running
npm install could spell the end of someone’s development day. An idle install and build could turn into hours spent debugging and attempting to identify problem packages.
Our solution was to lock down the modules and upgrade periodically. We opted for a weekly schedule so we could continue to keep that upgrade-related technical debt at its minimum.
There were several benefits to this approach:
1. Version controlled records – which modules were updated and when
2. Reproducibility – now every commit has their module versions defined explicitly
3. Faster debugging – knowing which modules upgraded let us focus on major releases and roll back specific modules easily
4. The option to defer specific module upgrades – sometimes it was better to push module upgrades out to better suit our release goals or to allow the community time to review bugs or feature changes
There were a few tools floating around git and npm when we enacted this weekly upgrade policy that facilitated npm module upgrades. We experimented with them, but in the end, we opted to produce our own simple tool in-house. All we wanted was something to automate npm’s own
npm view <module> version tool, which identifies the latest stable version. Our tool, dubbed
upgrade-node-modules, has gone through a few iterations in-house, but in its current form it iterates through the package.json “devDependencies” and “dependencies” in parallel, querying npm for the newest stable version, then it rewrites the package.json with the updated dependency versions. If there are any
fixedModules, for instance a more stable version of a module, or a module beta release, then the script will take those fixed versions into account when writing the package.json.
In an effort to support the open source community, we opted to publish the module publicly. We hope others find it as useful as we have and if you have feature recommendations, feel free to leave comments or submit a pull request!
Link to the module’s npm page: https://www.npmjs.com/package/upgrade-node-modules