Using pnpm outdated to Check and Upgrade Dependencies
I used to manually upgrade dependencies one by one - run pnpm outdated, note which packages needed updates, then update each individually. Today I was about to write a script to automate this… only to discover pnpm already has everything built-in. Classic.
Checking for Outdated Packages
Run pnpm outdated to see a table of packages that have newer versions available:
pnpm outdatedThis shows the current version, wanted version (within semver range), and latest version for each outdated package.
Upgrading Dependencies
Use pnpm update (or its alias pnpm up) to upgrade dependencies listed as outdated. This command updates packages to the latest versions within the semver ranges in your package.json by default.
Safe Upgrade (Within Ranges)
Run pnpm update without arguments to update all outdated dependencies without breaking semver constraints:
pnpm updateFor production-only updates, use pnpm update --prod; for dev dependencies, pnpm update --dev.
Latest Versions (Major Upgrades)
To upgrade all outdated packages to their absolute latest stable versions (ignoring semver ranges), add the --latest flag:
pnpm up --latestThis may introduce breaking changes, so test thoroughly afterward.
Interactive Mode
Use pnpm update --interactive to review and selectively upgrade outdated packages:
pnpm update --interactiveIn monorepos, add -r for recursive updates across workspaces:
pnpm update -r --interactiveBest Practices
1. Review Before Upgrading
Always run pnpm outdated first to understand what will change. Look for major version bumps (e.g., 2.x → 3.x) which often contain breaking changes.
2. Upgrade Incrementally
Instead of upgrading everything at once, consider:
- Group by risk: Start with patch updates, then minor, then major
- One major at a time: Upgrade major versions individually so you can isolate breaking changes
- Test after each batch: Run your test suite after each upgrade group
# Upgrade a specific package
pnpm up <package-name>
# Upgrade to latest for a specific package
pnpm up <package-name> --latest3. Read Changelogs
Before major upgrades, check the package’s changelog or release notes. Look for:
- Breaking changes and migration guides
- Deprecated features you might be using
- New peer dependency requirements
4. Lock File Hygiene
- Commit your
pnpm-lock.yamlafter updates - Use
pnpm install --frozen-lockfilein CI to ensure reproducible builds - Consider running
pnpm dedupeafter updates to reduce duplicate packages
5. Automate Monitoring
Set up automated dependency monitoring:
- Dependabot or Renovate: Automatically create PRs for updates
- npm audit /
pnpm audit: Check for security vulnerabilities - Schedule regular dependency review sessions (e.g., monthly)
6. Test Thoroughly
After upgrading:
# Run your test suite
pnpm test
# Build your project
pnpm build
# Run type checking if using TypeScript
pnpm tsc --noEmit7. Use Version Ranges Wisely
In package.json, consider your version range strategy:
^1.2.3(caret): Allows minor and patch updates (most common)~1.2.3(tilde): Allows only patch updates (more conservative)1.2.3(exact): No automatic updates (maximum control)
Quick Reference
| Command | Description |
|---|---|
pnpm outdated | List outdated packages |
pnpm update | Update within semver ranges |
pnpm up --latest | Update to latest versions |
pnpm up -i | Interactive update |
pnpm up <pkg> | Update specific package |
pnpm audit | Check for vulnerabilities |
What I Learned
pnpm outdatedgives a clear view of what needs attention- Interactive mode (
-i) is great for selective, controlled upgrades - The
--latestflag is powerful but should be used carefully - Regular, incremental updates are safer than infrequent large updates
- Automation tools like Renovate can help maintain dependencies proactively