Checks package.json for outdated or vulnerable dependencies
Checks project dependencies for outdated versions and known vulnerabilities.
npm audit
# or
yarn audit
Report all HIGH and CRITICAL findings. Suggest fixes with:
npm audit fix
# For breaking changes:
npm audit fix --force # ⚠️ review carefully
npm outdated
For each outdated package, categorize the update type:
| Type | Version Change | Risk | Action |
|---|
| Patch | 1.0.0 → 1.0.1 | Low | Update freely |
| Minor | 1.0.0 → 1.1.0 | Low-Medium | Update with test run |
| Major | 1.0.0 → 2.0.0 | High | Check changelog for breaking changes |
Output a prioritized list:
Security (fix immediately):
{package}@{version} — {vulnerability} — Fix: npm audit fixMajor updates (review changelog first):
{package}: {current} → {latest} — [Link to changelog/releases]Minor/patch updates (safe to update):
{package}: {current} → {latest}Dev dependencies:
For safe updates only (patch + minor):
npx npm-check-updates -u --target minor
npm install
npm test # verify nothing broke
peerDependencies when updating core libraries (React, React Native)