Like npm-check-updates but supports Lerna monorepos and enforces strict semver values

Quick Take

Update all dependencies of all packages in a monorepo — or single repo — to be the latest as per npm:

calling upd

What update-versions does

This CLI will iterate all package.json in a given path and its sub-paths and process each dev- and normal dependency:

  • If it's a monorepo setup and if another package in monorepo exists with such name, that version is set in ^x.x.x format
  • In all other cases, a value from npm is fetched using pacote, and that value is set in ^x.x.x format

This CLI is a good idea in Lerna monorepos full of owned npm packages (where you bump versions often and effortlessly) but a bad idea in React SPA's (where single minor update might break many things and updating dependencies is a big, complex deal).

Opinionated part 1

Lerna bootstrap will not work properly if each dependency is not prefixed with ^, as in ^x.y.z. It's hard to manually enforce that all monorepo packages should have all dependencies in this format. update-versions will force this format.

One exception - if its dependency's value starts with file:.

Opinionated part 2

If any dependency is listed on both dependencies and devDependencies, it will be removed from the latter list. It's common sense, but we mention this "extra".

Opinionated part 3

If Lerna build goes wrong, a key called gitHead is created in package.json. Lerna normally cleans it up, but if things go wrong, the key might be left there. This CLI removes a key called gitHead if such exists, in every processed package.json.

Blacklist to avoid major semver bumps

Since v4.1.0, it's possible to stop bumping major semver ranges (like 2.x.x -> 3.x.x). Create a upd.config.json in the root of the package or monorepo and put all package names you don't want major-bumped, for example:

"noMajorBumping": [

All packages above won't get major semver bumps, only patch and minor.


See it in the monorepo opens in a new tab, on GitHub.


To report bugs or request features or assistance, raise an issue on GitHub opens in a new tab.

Any code contributions welcome! All Pull Requests will be dealt promptly.


MIT opens in a new tab

Copyright © 2010–2021 Roy Revelt and other contributors

Related packages:

📦 npm-check-updates opens in a new tab
Find newer versions of dependencies than what your package.json allows
📦 lerna-clean-changelogs-cli 2.0.1
CLI application to cleanse the lerna/commitizen-generated changelogs
📦 lerna-link-dep 2.0.0
Like lerna add but does just the symlinking, works on CLI bins too