Automate your node dependency updates

A reasonably large Node application will have 100’s of dependencies. Keeping them all updated is a 🧹chore a developer needs to perform at some point. Either you ignore the dependency updates until you are stuck with a very old set of dependencies hindering your progress with 🦹‍♂️ security vulnerabilities or you spend your valuable application development time manually testing out the updates on a reasonable cadence.
Let’s see how to automate this process in an enterprise environment assuming you have some kind of CI/CD environment and a private GitHub repo.

🥒 Ingredients

Solid unit tests for your code. Bonus points if you have end to end tests and snapshot tests for UI components

An npm package which tests whether your dependencies can be updated without breaking the tests.

hub CLI
This is a command-line application from Git”Hub" which can interact with your GitHub repo. hub is exactly similar to git CLI and a drop-in replacement but has added features to interact with GitHub. Handy to open a Pull Request after the update operation.

📝 Recipe

npm install next-update –save-dev
Install next-update as a dev-dependency.
Configure an npm script dep:update in your package.json scripts section

// package.json
"name": "a-sample-node-project",
"version": "0.0.1",
"description": "A sample node project",
"scripts": {
"test": "jest",
"start": "node app.js",
"dep:update": "next-update" // Configure an npm script
"devDependencies": {
"next-update": "^3.6.0"
"dependencies": {

npm run dep:update
Run the script. next-update will go ahead and find all new packages. Updates them in sequence and keep the update if your tests pass.
Download and install the hub cli


if [[ ! -f $HUB_CLI ]]; then
tar zxvf hub-linux-amd64-2.12.2.tgz
rm -rf hub-linux-amd64-2.12.2.tgz /opt/hub-linux
mv hub-linux-amd64-2.12.2 /opt/hub-linux

Configure hub

git config –global –replace-all
git config –global –replace-all hub.protocol git

Instruct the 🤖 bot to open a Pull Request

$HUB_CLI add package.json package-lock.json
$HUB_CLI commit -m "🤖 [BOT] Automated dependency update"
$HUB_CLI pull-request \
–push \
-m "Pull Request Subject" \
-m "Pull Request Description" \
–no-edit \
–reviewer user-id1,user-id2

Hook up this script in your CI/CD environment to run daily

Wrapping up

We saw how to check and update the node dependencies and automate the process of opening a PR. If your project is open-source, you may use a service like Greenkeeper.

Please find my previous writings on Medium:

One side rounded rectangle using SVG
Visual Studio Code — Debug Mode
I want TypeScript to succeed.
What’s in my laptop?
CoffeeScript’s most loved feature soon in JavaScript