Technology Blogs by SAP
Learn how to extend and personalize SAP applications. Follow the SAP technology blog for insights into SAP BTP, ABAP, SAP Analytics Cloud, SAP HANA, and more.
Showing results for 
Search instead for 
Did you mean: 
Product and Topic Expert
Product and Topic Expert


A few days back, my team was involved in updating project dependencies, as part of the project code maintenance activity. This included updating the Node, and other core packages that were outdated. In this post, I will be sharing the steps that we followed during the process, and I believe this would help you one day!

Node.js is a cross-platform, open-source JavaScript runtime environment, which is actively maintained by a huge community and gives feature-rich releases twice a year.

NPM is the default package manager of Node, which offers a command-line interface and an online repository of public and private packages. Each package is a Node module (set of files containing mostly JavaScript codes) that is capable enough to perform a specific set of actions.

e.g. Lodash, a utility module that makes it easy w.r.t Object/Array manipulation. During the time of writing this post, there were a total of 30 releases, and it was used by 174672 projects!


When to Update?

As a prerequisite, here are some considerations that one must look for, before updating the packages:

  1. Outdated packages can have security vulnerabilities, that can be exploited. So, it's always good to update an outdated package.

  2. Package updates often contain bug fixes or enhancements. Although it's always good to get the bug fixes, the feature enhancements can be installed on-need basis.

  3. As the packages become old, there may arise version compatibility issues. It's always to keep the packages comparable to the underlying Node engine version.


How to update?

Looking at the initial phase of the updating process, it's ideal to start by checking the Node version in use and making sure to pick the nearest Long-Term Support(LTS) version. The LTS releases are usually maintained for a much higher extended period of time! These LTS releases are cherry-picked for the production environment, as they are focused on stability and reliability. While writing this post, v20.5.0 was the latest release, and v.18.17.0 was the LTS release.

Step 1: Create a new branch for this process, and make a note of the current node and npm versions

Step 2: It's ideal to maintain the same `node` and `npm` versions across all the environments, to ensure smooth functioning of the project. The `engines` property in the main package.json file must have this version-specific information (make changes if needed).
"engines": {
"node": "18.17.0",
"npm": "9.8.1"

(Always verify the `node` and `npm` versions before proceeding further)

If you work on multiple projects that use different Node versions, then Node Version Manager (NVM) comes in handy, which helps you maintain and switch between different versions of Node.


Step 3: Identify the outdated packages in your project.
 npm outdated

In the above image, we can see the packages highlighted in red color indicates, that there is a new version available and that package must be updated.


Step 4: To update a package uses the below command.
 npm update <package-name>

As a best practice, it is always good to update one package at a time and verify if there are any breaking features. Test cases come very much in handy during this process, if not one must manually verify for the dependent feature that the package could affect!

To update the global packages, use -g flag


A note on the prefixes that we used with the package versions:

  • Caret notation (default in npm) updates the Minor and Patch versions, i.e., ^1.1.1 will be updated to 1.2.2

  • Tilde notation updates only the Patch version, bringing the bug fixes. i.e., ~1.1.1 will be updated to 1.1.3


Further reading:


It would be helpful to know some of the best practices that you are following, in this perspective through your comments!


Happy reading!