npm-update

更新包

选择 CLI 版本：

概要

¥Synopsis

npm update [<pkg>...]

aliases: up, upgrade, udpate

描述

¥Description

此命令会将列出的所有包更新到最新版本（由 tag 配置指定），同时尊重包及其依赖的 semver 约束（如果它们也需要相同的包）。

¥This command will update all the packages listed to the latest version (specified by the tag config), respecting the semver constraints of both your package and its dependencies (if they also require the same package).

它还将安装缺少的包。

¥It will also install missing packages.

如果指定了 -g 标志，此命令将更新全局安装的包。

¥If the -g flag is specified, this command will update globally installed packages.

如果未指定包名称，则将更新指定位置（全局或本地）中的所有包。

¥If no package name is specified, all packages in the specified location (global or local) will be updated.

请注意，默认情况下 npm update 不会更新项目 package.json 中直接依赖的 semver 值。如果你还想更新 package.json 中的值，你可以运行：npm update --save（或将 save=true 选项添加到配置文件以使其成为默认行为）。

¥Note that by default npm update will not update the semver values of direct dependencies in your project package.json. If you want to also update values in package.json you can run: npm update --save (or add the save=true option to a configuration file to make that the default behavior).

示例

¥Example

对于下面的示例，假设当前包是 app，它依赖于依赖 dep1（dep2、.. 等）。dep1 的已发布版本是：

¥For the examples below, assume that the current package is app and it depends on dependencies, dep1 (dep2, .. etc.). The published versions of dep1 are:

{
  "dist-tags": { "latest": "1.2.2" },
  "versions": [
    "1.2.2",
    "1.2.1",
    "1.2.0",
    "1.1.2",
    "1.1.1",
    "1.0.0",
    "0.4.1",
    "0.4.0",
    "0.2.0"
  ]
}

插入符号依赖

¥Caret Dependencies

如果 app 的 package.json 包含：

¥If app's package.json contains:

"dependencies": {
  "dep1": "^1.1.1"
}

那么 npm update 会安装 dep1@1.2.2，因为 1.2.2 就是 latest，1.2.2 满足 ^1.1.1。

¥Then npm update will install dep1@1.2.2, because 1.2.2 is latest and 1.2.2 satisfies ^1.1.1.

波浪号依赖

¥Tilde Dependencies

但是，如果 app 的 package.json 包含：

¥However, if app's package.json contains:

"dependencies": {
  "dep1": "~1.1.1"
}

在这种情况下，运行 npm update 将安装 dep1@1.1.2。尽管 latest 标签指向 1.2.2，但这个版本不满足 ~1.1.1，相当于 >=1.1.1 <1.2.0。所以使用满足 ~1.1.1 的最高排序版本，即 1.1.2。

¥In this case, running npm update will install dep1@1.1.2. Even though the latest tag points to 1.2.2, this version does not satisfy ~1.1.1, which is equivalent to >=1.1.1 <1.2.0. So the highest-sorting version that satisfies ~1.1.1 is used, which is 1.1.2.

低于 1.0.0 的插入符号依赖

¥Caret Dependencies below 1.0.0

假设 app 对低于 1.0.0 的版本有插入符号依赖，例如：

¥Suppose app has a caret dependency on a version below 1.0.0, for example:

"dependencies": {
  "dep1": "^0.2.0"
}

npm update 将安装 dep1@0.2.0。

¥npm update will install dep1@0.2.0.

如果依赖于 ^0.4.0：

¥If the dependence were on ^0.4.0:

"dependencies": {
  "dep1": "^0.4.0"
}

那么 npm update 会安装 dep1@0.4.1，因为那是满足 ^0.4.0（>= 0.4.0 <0.5.0）的最高排序版本

¥Then npm update will install dep1@0.4.1, because that is the highest-sorting version that satisfies ^0.4.0 (>= 0.4.0 <0.5.0)

子依赖

¥Subdependencies

假设你的应用现在也依赖于 dep2

¥Suppose your app now also has a dependency on dep2

{
  "name": "my-app",
  "dependencies": {
    "dep1": "^1.0.0",
    "dep2": "1.0.0"
  }
}

而 dep2 本身就依赖于 dep1 的这个有限范围

¥and dep2 itself depends on this limited range of dep1

{
  "name": "dep2",
  "dependencies": {
    "dep1": "~1.1.1"
  }
}

然后 npm update 将安装 dep1@1.1.2，因为这是 dep2 允许的最高版本。当单个版本可以满足树中多个依赖的 semver 要求时，npm 将优先在树中拥有单个版本的 dep1，而不是两个。在这种情况下，如果你确实需要你的包来使用更新的版本，你需要使用 npm install。

¥Then npm update will install dep1@1.1.2 because that is the highest version that dep2 allows. npm will prioritize having a single version of dep1 in your tree rather than two when that single version can satisfy the semver requirements of multiple dependencies in your tree. In this case if you really did need your package to use a newer version you would need to use npm install.

更新全局安装的包

¥Updating Globally-Installed Packages

npm update -g 将对每个全局安装的 outdated 包应用 update 操作 - 也就是说，具有与 wanted 不同的版本。

¥npm update -g will apply the update action to each globally installed package that is outdated -- that is, has a version that is different from wanted.

注意：全局安装的包被视为安装时指定了插入符号 semver 范围。因此，如果你需要更新到 latest，你可能需要运行 npm install -g [<pkg>...]

¥Note: Globally installed packages are treated as if they are installed with a caret semver range specified. So if you require to update to latest you may need to run npm install -g [<pkg>...]

注意：如果包已升级到比 latest 更新的版本，它将被降级。

¥NOTE: If a package has been upgraded to a version newer than latest, it will be downgraded.

配置

¥Configuration

`save`

默认值：true 除非在使用 npm update 时默认为 false

¥Default: true unless when using npm update where it defaults to false
类型：布尔值

¥Type: Boolean

将已安装的包作为依赖保存到 package.json 文件中。

¥Save installed packages to a package.json file as dependencies.

与 npm rm 命令一起使用时，从 package.json 中删除依赖。

¥When used with the npm rm command, removes the dependency from package.json.

如果设置为 false，也会阻止写入 package-lock.json。

¥Will also prevent writing to package-lock.json if set to false.

`global`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean

在 "global" 模式下运行，以便将包安装到 prefix 文件夹而不是当前工作目录。有关行为差异的更多信息，请参见文件夹。

¥Operates in "global" mode, so that packages are installed into the prefix folder instead of the current working directory. See folders for more on the differences in behavior.

包安装到 {prefix}/lib/node_modules 文件夹，而不是当前工作目录。

¥packages are installed into the {prefix}/lib/node_modules folder, instead of the current working directory.
bin 文件链接到 {prefix}/bin

¥bin files are linked to {prefix}/bin
手册页链接到 {prefix}/share/man

¥man pages are linked to {prefix}/share/man

`install-strategy`

默认值："hoisted"

¥Default: "hoisted"
类型："hoisted"、"nested"、"shallow" 或 "linked"

¥Type: "hoisted", "nested", "shallow", or "linked"

设置在 node_modules 中安装包的策略。提升（默认）：在顶层安装非复制，并在目录结构中根据需要复制。nested:（以前的 --legacy-bundling）就地安装，无需提升。浅层（以前的 --global-style）只在顶层安装直接的 deps。linked:（实验）安装在 node_modules/.store 中，链接到位，未提升。

¥Sets the strategy for installing packages in node_modules. hoisted (default): Install non-duplicated in top-level, and duplicated as necessary within directory structure. nested: (formerly --legacy-bundling) install in place, no hoisting. shallow (formerly --global-style) only install direct deps at top-level. linked: (experimental) install in node_modules/.store, link in place, unhoisted.

`legacy-bundling`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean
DEPRECATED:此选项已被 --install-strategy=nested 弃用

¥DEPRECATED: This option has been deprecated in favor of --install-strategy=nested

不要在 node_modules 中提升包安装，而是以与它们所依赖的方式相同的方式安装包。这可能会导致非常深的目录结构和重复的软件包安装，因为没有数据去重。设置 --install-strategy=nested。

¥Instead of hoisting package installs in node_modules, install packages in the same manner that they are depended on. This may cause very deep directory structures and duplicate package installs as there is no de-duplicating. Sets --install-strategy=nested.

`global-style`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean
DEPRECATED:此选项已被 --install-strategy=shallow 弃用

¥DEPRECATED: This option has been deprecated in favor of --install-strategy=shallow

仅在顶层 node_modules 中安装直接依赖，但提升更深层次的依赖。设置 --install-strategy=shallow。

¥Only install direct dependencies in the top level node_modules, but hoist on deeper dependencies. Sets --install-strategy=shallow.

`omit`

默认值：'dev' 如果 NODE_ENV 环境变量设置为 'production'，否则为空。

¥Default: 'dev' if the NODE_ENV environment variable is set to 'production', otherwise empty.
类型："dev"、"optional"、"peer"（可多次设置）

¥Type: "dev", "optional", or "peer" (can be set multiple times)

要从磁盘上的安装树中省略的依赖类型。

¥Dependency types to omit from the installation tree on disk.

请注意，这些依赖仍会被解析并添加到 package-lock.json 或 npm-shrinkwrap.json 文件中。它们只是没有物理安装在磁盘上。

¥Note that these dependencies are still resolved and added to the package-lock.json or npm-shrinkwrap.json file. They are just not physically installed on disk.

如果一个包类型同时出现在 --include 和 --omit 列表中，那么它将被包括在内。

¥If a package type appears in both the --include and --omit lists, then it will be included.

如果生成的省略列表包含 'dev'，则 NODE_ENV 环境变量将针对所有生命周期脚本设置为 'production'。

¥If the resulting omit list includes 'dev', then the NODE_ENV environment variable will be set to 'production' for all lifecycle scripts.

`include`

默认值：

¥Default:
类型："prod"、"dev"、"optional"、"peer"（可多次设置）

¥Type: "prod", "dev", "optional", or "peer" (can be set multiple times)

允许定义要安装的依赖类型的选项。

¥Option that allows for defining which types of dependencies to install.

这是 --omit=<type> 的倒数。

¥This is the inverse of --omit=<type>.

--include 中指定的依赖类型将不会被忽略，无论命令行中指定省略/包含的顺序如何。

¥Dependency types specified in --include will not be omitted, regardless of the order in which omit/include are specified on the command-line.

`strict-peer-deps`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean

如果设置为 true，而 --legacy-peer-deps 没有设置，那么任何冲突的 peerDependencies 都将被视为安装失败，即使 npm 可以根据非对等依赖合理地猜测出适当的解决方案。

¥If set to true, and --legacy-peer-deps is not set, then any conflicting peerDependencies will be treated as an install failure, even if npm could reasonably guess the appropriate resolution based on non-peer dependency relationships.

默认情况下，依赖图中的冲突 peerDependencies 将使用最近的非对等依赖规范来解决，即使这样做会导致某些包收到超出其包的 peerDependencies 对象中设置的范围的对等依赖。

¥By default, conflicting peerDependencies deep in the dependency graph will be resolved using the nearest non-peer dependency specification, even if doing so will result in some packages receiving a peer dependency outside the range set in their package's peerDependencies object.

当执行这样的覆盖时，会打印一条警告，解释冲突和涉及的包。如果设置了 --strict-peer-deps，则此警告被视为失败。

¥When such an override is performed, a warning is printed, explaining the conflict and the packages involved. If --strict-peer-deps is set, then this warning is treated as a failure.

`package-lock`

默认值：true

¥Default: true
类型：布尔值

¥Type: Boolean

如果设置为 false，则安装时忽略 package-lock.json 文件。如果 save 为真，这也将阻止写入 package-lock.json。

¥If set to false, then ignore package-lock.json files when installing. This will also prevent writing package-lock.json if save is true.

`foreground-scripts`

默认值：false 除非使用 npm pack 或 npm publish 时默认为 true

¥Default: false unless when using npm pack or npm publish where it defaults to true
类型：布尔值

¥Type: Boolean

在前台进程中运行已安装包的所有构建脚本（即 preinstall、install 和 postinstall）脚本，与主 npm 进程共享标准输入、输出和错误。

¥Run all build scripts (ie, preinstall, install, and postinstall) scripts for installed packages in the foreground process, sharing standard input, output, and error with the main npm process.

请注意，这通常会使安装运行速度变慢，并且噪音更大，但对调试很有用。

¥Note that this will generally make installs run slower, and be much noisier, but can be useful for debugging.

`ignore-scripts`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean

如果为 true，npm 不会运行 package.json 文件中指定的脚本。

¥If true, npm does not run scripts specified in package.json files.

请注意，如果设置了 ignore-scripts，则明确旨在运行特定脚本的命令（例如 npm start、npm stop、npm restart、npm test 和 npm run-script）仍将运行其预期的脚本，但它们不会运行任何前置或后置脚本。

¥Note that commands explicitly intended to run a particular script, such as npm start, npm stop, npm restart, npm test, and npm run-script will still run their intended script if ignore-scripts is set, but they will not run any pre- or post-scripts.

`audit`

默认值：true

¥Default: true
类型：布尔值

¥Type: Boolean

当 "true" 将审计报告与当前 npm 命令一起提交到默认注册表和为范围配置的所有注册表时。有关提交内容的详细信息，请参阅 npm audit 的文档。

¥When "true" submit audit reports alongside the current npm command to the default registry and all registries configured for scopes. See the documentation for npm audit for details on what is submitted.

`bin-links`

默认值：true

¥Default: true
类型：布尔值

¥Type: Boolean

告诉 npm 为包的可执行文件创建符号链接（或 Windows 上的 .cmd 垫片）。

¥Tells npm to create symlinks (or .cmd shims on Windows) for package executables.

设置为 false 使其不执行此操作。这可以用来解决某些文件系统不支持符号链接的事实，即使在表面上是 Unix 系统上也是如此。

¥Set to false to have it not do this. This can be used to work around the fact that some file systems don't support symlinks, even on ostensibly Unix systems.

`fund`

默认值：true

¥Default: true
类型：布尔值

¥Type: Boolean

当 "true" 在每个 npm install 的末尾显示消息时，确认正在寻找资金的依赖的数量。详见 npm fund。

¥When "true" displays the message at the end of each npm install acknowledging the number of dependencies looking for funding. See npm fund for details.

`dry-run`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean

表示你不希望 npm 进行任何更改，并且它应该只报告它会做的事情。这可以传递到任何修改本地安装的命令中，例如 install、update、dedupe、uninstall 以及 pack 和 publish。

¥Indicates that you don't want npm to make any changes and that it should only report what it would have done. This can be passed into any of the commands that modify your local installation, eg, install, update, dedupe, uninstall, as well as pack and publish.

注意：其他网络相关命令不支持此功能，例如 dist-tags、owner 等。

¥Note: This is NOT honored by other network related commands, eg dist-tags, owner, etc.

`workspace`

默认值：

¥Default:
类型：字符串（可以设置多次）

¥Type: String (can be set multiple times)

启用在当前项目的已配置工作区的上下文中运行命令，同时通过仅运行此配置选项定义的工作区进行过滤。

¥Enable running a command in the context of the configured workspaces of the current project while filtering by running only the workspaces defined by this configuration option.

workspace 配置的有效值为：

¥Valid values for the workspace config are either:

工作区名称

¥Workspace names
工作区目录的路径

¥Path to a workspace directory
父工作区目录的路径（将导致选择该文件夹中的所有工作区）

¥Path to a parent workspace directory (will result in selecting all workspaces within that folder)

为 npm init 命令设置时，可以将其设置为尚不存在的工作区的文件夹，以创建文件夹并将其设置为项目中的全新工作区。

¥When set for the npm init command, this may be set to the folder of a workspace which does not yet exist, to create the folder and set it up as a brand new workspace within the project.

此值不会导出到子进程的环境中。

¥This value is not exported to the environment for child processes.

`workspaces`

默认值：null

¥Default: null
类型：空值或布尔值

¥Type: null or Boolean

设置为 true 可在所有已配置工作区的上下文中运行该命令。

¥Set to true to run the command in the context of all configured workspaces.

显式将此设置为 false 将导致像 install 这样的命令完全忽略工作区。未明确设置时：

¥Explicitly setting this to false will cause commands like install to ignore workspaces altogether. When not set explicitly:

在 node_modules 树上运行的命令（安装、更新等）会将工作区链接到 node_modules 文件夹。* 执行其他操作（测试、执行、发布等）的命令将在根项目上运行，除非在 workspace 配置中指定了一个或多个工作区。

¥Commands that operate on the node_modules tree (install, update, etc.) will link workspaces into the node_modules folder. - Commands that do other things (test, exec, publish, etc.) will operate on the root project, unless one or more workspaces are specified in the workspace config.

此值不会导出到子进程的环境中。

¥This value is not exported to the environment for child processes.

`include-workspace-root`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean

为命令启用工作区时包括工作区根。

¥Include the workspace root when workspaces are enabled for a command.

当为 false 时，通过 workspace 配置指定单个工作区，或通过 workspaces 标志指定所有工作区，将导致 npm 仅在指定的工作区上运行，而不是在根项目上运行。

¥When false, specifying individual workspaces via the workspace config, or all workspaces via the workspaces flag, will cause npm to operate only on the specified workspaces, and not on the root project.

此值不会导出到子进程的环境中。

¥This value is not exported to the environment for child processes.

`install-links`

默认值：false

¥Default: false
类型：布尔值

¥Type: Boolean

设置文件时：协议依赖将作为常规依赖打包和安装，而不是创建符号链接。此选项对工作区没有影响。

¥When set file: protocol dependencies will be packed and installed as regular dependencies instead of creating a symlink. This option has no effect on workspaces.

也可以看看

¥See Also