Looks like npm-check-updates is the only way to make this happen now.

npm i -g npm-check-updatesncu -unpm install

On npm <3.11:

Simply change every dependency's version to *, then run npm update --save. (Note: broken in recent (3.11) versions of npm).

Before:

  "dependencies": {    "express": "*",    "mongodb": "*",    "underscore": "*",    "rjs": "*",    "jade": "*",    "async": "*"  }

After:

  "dependencies": {    "express": "~3.2.0",    "mongodb": "~1.2.14",    "underscore": "~1.4.4",    "rjs": "~2.10.0",    "jade": "~0.29.0",    "async": "~0.2.7"  }

Of course, this is the blunt hammer of updating dependencies. It's fine if—as you said—the project is empty and nothing can break.

On the other hand, if you're working in a more mature project, you probably want to verify that there are no breaking changes in your dependencies before upgrading.

To see which modules are outdated, just run npm outdated. It will list any installed dependencies that have newer versions available.

For Yarn specific solution, refer to this StackOverflow answer.

npm-check-updates is a utility that automatically adjusts a package.json with the latest version of all dependencies

see https://www.npmjs.org/package/npm-check-updates

$ npm install -g npm-check-updates$ ncu -u$ npm install 

[EDIT] A slightly less intrusive (avoids a global install) way of doing this if you have a modern version of npm is:

$ npx npm-check-updates -u$ npm install 

Updated for npm v2+

npm 2+ (Node 0.12+):

npm outdatednpm updategit commit package-lock.json

Ancient npm (circa 2014):

npm install -g npm-check-updatesnpm-check-updatesnpm shrinkwrapgit commit package-lock.json

Be sure to shrinkwrap your deps, or you may wind up with a dead project. I pulled out a project the other day and it wouldn't run because my deps were all out of date/updated/a mess. If I'd shrinkwrapped, npm would have installed exactly what I needed.

Details

For the curious who make it this far, here is what I recommend:

Use npm-check-updates or npm outdated to suggest the latest versions.

# `outdated` is part of newer npm versions (2+)$ npm outdated# If you agree, update.  $ npm update#       OR# Install and use the `npm-check-updates` package.$ npm install -g npm-check-updates# Then check your project$ npm-check-updates# If you agree, update package.json.$ npm-check-updates -u

###Then do a clean install (w/o the rm I got some dependency warnings)

$ rm -rf node_modules$ npm install 

Lastly, save exact versions to npm-shrinkwrap.json with npm shrinkwrap

$ rm npm-shrinkwrap.json$ npm shrinkwrap

Now, npm install will now use exact versions in npm-shrinkwrap.json

If you check npm-shrinkwrap.json into git, all installs will use the exact same versions.

This is a way to transition out of development (all updates, all the time) to production (nobody touch nothing).

• npm outdated

• npm-check-updates

• npm shrinkwrap

p.s. Yarn is sending your package list to Facebook.