Managing dependencies is a critical part of maintaining a modern JavaScript or TypeScript project. As packages evolve, bug fixes, performance improvements, and security patches are released. To ensure your project stays healthy and secure, regularly updating dependencies is essential.
If you’re using Yarn (Classic) — specifically Yarn 1.x (like version 1.22) — you have several commands and options to keep your dependencies up to date. This guide will walk you through everything you need to know.
Checking for Outdated Packages
Before updating, it’s good practice to see which packages are out of date. Yarn provides the yarn outdated command for this purpose:
yarn outdated
This outputs a table with:
• Package – The dependency name.
• Current – The currently installed version.
• Wanted – The highest version that satisfies the version range in your package.json.
• Latest – The latest version available on npm.
Example Output:
Package Current Wanted Latest Package Type lodash 4.17.20 4.17.21 4.17.21 dependencies react 17.0.1 17.0.2 18.2.0 dependencies
Upgrade Dependencies Within Semver Range
If you just want to upgrade your dependencies to the latest versions that match your existing package.json Semantic Versioning (semver) rules, run:
yarn upgrade
This will:
• Respect the version ranges specified (e.g., ^1.0.0).
• Update yarn.lock accordingly.
Upgrade to the Latest Versions (Ignoring Semver)
Sometimes you want to update to the latest versions, even if they go beyond your current semver range (e.g., upgrading react from 17.x to 18.x). Use:
yarn upgrade --latest
This:
• Ignores the version ranges in package.json.
• Updates both package.json and yarn.lock to the latest published versions.
Upgrade Specific Packages
To update a single package (or a set of packages) to the latest version, specify the package name:
yarn upgrade react
To upgrade a package to the absolute latest version (ignoring package.json range), add –latest:
yarn upgrade react --latest
Interactive Upgrades
For a more controlled experience, use:
yarn upgrade-interactive --latest
This opens an interactive terminal UI, letting you select which packages to upgrade. Use the keyboard:
• Space to select/deselect a package.
• A to select all.
• Enter to confirm.
Useful Options for yarn upgrade
Yarn provides additional flags to fine-tune upgrades:
• --pattern : Upgrade only matching dependencies (e.g., yarn upgrade –pattern lodash).
• --scope : Upgrade dependencies in a specific workspace (monorepos).
• --ignore-engines: Skip Node version checks during upgrades.
• --ignore-platform: Skip platform checks (os, cpu).
Updating All Dependencies Automatically
If you want to quickly bring all dependencies in your package.json to their latest versions:
yarn upgrade --latest
When to Use Tools Like npm-check-updates
For even more control and a simpler upgrade workflow, you can use npm-check-updates (ncu):
yarn global add npm-check-updates ncu -u && yarn install
This updates all dependency versions in package.json to their latest, then installs them.
Best Practices for Updating Dependencies
- Check changelogs for major version upgrades (to avoid breaking changes).
- Use a lockfile (yarn.lock) to ensure reproducible builds.
- Run tests after updates to verify nothing is broken.
- Update regularly instead of letting dependencies become outdated for years.
Closing Thoughts
Keeping dependencies up-to-date with Yarn is straightforward once you understand the available commands:
• Use yarn outdated to check for updates.
• Use yarn upgrade to respect your semver ranges.
• Use yarn upgrade –latest to jump to the newest versions.
• Use yarn upgrade-interactive –latest for a controlled update process.
By making dependency updates part of your regular development workflow, you’ll keep your project secure, performant, and maintainable.