Purpose
Manage dependencies safely: audit for vulnerabilities, check for updates, and update with test verification.
Arguments
- •
--check— Check for outdated packages (default if no args) - •
--audit— Run security audit - •
--update— Update patch/minor versions with test verification - •
--update-major— Show available major updates (requires manual review)
Workflow
Check (--check)
- •Run
npm outdated - •Categorize: patch, minor, major
- •Report packages with updates available
- •Flag packages with known issues
Audit (--audit)
- •Run
npm audit - •Report vulnerabilities by severity (critical, high, moderate, low)
- •Suggest fixes for critical/high
- •Check for patches available
Update (--update)
- •Show packages to update (patch + minor only)
- •Ask for approval
- •Update packages:
npm update - •Run tests:
npm test - •Run build:
npm run build - •If tests pass, commit changes
- •If tests fail, rollback and report
Major updates (--update-major)
- •List packages with major updates
- •Show changelogs/breaking changes (if available)
- •Recommend update order (dependencies first)
- •Do not auto-update — requires manual review
For universal safety rules and update priority order, see /shared-deps-safety.
NEAN-specific considerations
Angular updates
bash
# Use Angular CLI for framework updates ng update @angular/core @angular/cli ng update @angular/material # If using
NestJS updates
- •Check migration guides for major versions
- •Update @nestjs/* packages together
- •Test all modules after update
Nx updates
bash
# Use Nx migrate for workspace updates npx nx migrate latest npx nx migrate --run-migrations
TypeORM updates
- •Check migration compatibility
- •Test all database operations
- •Review breaking changes in query builder
Output
Check output
code
Outdated packages: Patch updates (safe): - @types/node: 20.10.0 → 20.10.5 - class-validator: 0.14.0 → 0.14.1 Minor updates (usually safe): - @nestjs/core: 10.3.0 → 10.4.1 - primeng: 17.15.0 → 17.18.0 Major updates (review required): - typescript: 5.4.0 → 5.5.0 ⚠️ Check compatibility - @angular/core: 17.3.0 → 18.0.0 ⚠️ Major version
Audit output
code
Security audit:
Critical: 0
High: 1
- axios <1.6.0 (SSRF vulnerability)
Fix: npm update axios
Moderate: 2
Low: 3
Run `npm audit fix` to auto-fix where possible.
Reference
For update strategies and common issues, see reference/nean-deps-reference.md