Sometimes, my friends ask “Why my package.json not updated by npm install? I want make up to date my package.json”. I answered a lot of times, but still people asking to me this. So I write this post.
First, npm install will NOT update your package.json, unless you specify package name. npm install means “Install compatible packages with package.json”. That’s why npm install not update package.json file.
package.json contains “compatible library list”, not “installed library list”. “installed library list” contained at package-lock.json instead of package.json.
But npm install package-name is a bit different. It means “Install latest version of package-name”, so package.json is updated.
For example, package.json contains "lib": "^1.3.2", and npm has lib version “1.5.7” and “2.3.1”. In this situation, npm install will install “1.5.7” version. But npm install lib will install “2.3.1” version.
You can update package.json by using npm-check-updates a.k.a ncu. But this will update all of your packages, So you must careful with is version compatible.
