macOS
brew install npm-check-updateslocal Homebrew formula metadata
brew
Find newer versions of dependencies than what your package.json allows. Version 22.2.9 via Homebrew; verified 2026-06-29.
install
brew install npm-check-updateslocal Homebrew formula metadata
nix profile install nixpkgs#npm-check-updatesnixpkgs package indexes · pkgs/by-name/np/npm-check-updates/package.nix · source: api.github.com
sudo pacman -S npm-check-updatesArch Linux sync databases · npm-check-updates · source: geo.mirror.pkgbuild.com
overview
Find newer versions of dependencies than what your package.json allows
history
npm-check-updates, usually invoked as ncu, is a long-running Node.js CLI for finding newer dependency versions than the ranges recorded in package.json and optionally rewriting those ranges. Its GitHub repository and npm registry package were both created on 2013-09-07.
The project's core behavior has stayed focused: compare project dependency declarations with registry versions, preserve the user's version-range style where possible, and write the package file only when asked with -u/--upgrade. The README describes support for npm, yarn, pnpm, deno, and bun, plus CLI and module usage.
By 2026 the project had a large option surface for dependency sections, registries, JSON output, workspaces, interactive upgrades, owner-change reporting, and doctor mode. The npm registry metadata consulted for this batch reported 532 published versions and latest version 22.2.9 published on 2026-06-28.
ncu is a mainstream utility in JavaScript dependency maintenance because it covers a workflow that npm outdated and npm update do not fully replace: reviewing and changing declared ranges in package.json before reinstalling. The GitHub metadata consulted for this batch reported over 10k stars, and the package is available through npm, Homebrew, Nix, and Arch.
npm's public downloads API reported 3,121,600 downloads for npm-check-updates from 2026-05-30 through 2026-06-28 and 31,701,760 downloads from 2025-06-29 through 2026-06-28. Homebrew analytics reported 4,290 formula installs over its 365-day window.
Package maintainers use ncu as a review step: run ncu to see available upgrades, inspect changelogs or use output formats such as repo/time/group, then run ncu -u followed by the package manager install command to update the lockfile. Its doctor mode is aimed at the more cautious path: iteratively install upgrades and run tests to isolate breaking updates.
Its practical role is especially visible in projects that do not want an automated bot to make every dependency decision. It gives humans a terse dependency diff, lets them filter by dependency type or package name, and supports alternative package managers while still centering package.json.
npm-check-updates is one of the standard 'dependency hygiene' tools in the Node ecosystem: small enough to use by hand, scriptable enough for CI or release chores, and independent of any one package manager's built-in update semantics.
security posture
No matching local secret-handling manifest was found for npm-check-updates. Nucleus package metadata is still published here so future coverage has a stable package URL.
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
.ncurc.ncurc.json.ncurc.yaml.ncurc.yml.ncurc.js.ncurc.mjs.ncurc.cjs~/.ncurcexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
ncu | cli | global executable | |
npm-check-updates | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/raineorshine/npm-check-updates
install metadata
| Package key | brew:npm-check-updates |
|---|---|
| Version | 22.2.9 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/npm-check-updates |
| Homepage | https://github.com/raineorshine/npm-check-updates |
| Repository | https://github.com/raineorshine/npm-check-updates |
| Upstream docs | https://github.com/raineorshine/npm-check-updates#readme |
| License | Apache-2.0 |
| Source archive | https://registry.npmjs.org/npm-check-updates/-/npm-check-updates-22.2.9.tgz |
| Last updated | 2026-06-29T21:17:57Z |
| Pulse | updated |
| Dependencies | node |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | npm-check-updates |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
npm-check-updates
nix profile install nixpkgs#npm-check-updatesnpm-check-updates 22.2.3-1
Find newer versions of dependencies than what your package.json allows
https://github.com/raineorshine/npm-check-updates
sudo pacman -S npm-check-updatessource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.