npm-check-updates is a command line utility and programmatic module used to check for newer versions of npm packages and update project manifest files. It functions as a registry client and semantic version manager that upgrades package constraints to the latest releases.
The tool distinguishes itself by including supply chain security features, such as a release cooldown period and package ownership tracking, to prevent the adoption of unstable or malicious new releases. It also provides a programmatic API for integrating dependency checks and upgrades directly into custom scripts.
Broad capabilities include automated dependency upgrades, recursive manifest scanning for monorepos, and interactive package selection. The tool supports version target specification via distribution tags, peer dependency compatibility validation, and filtering via regular expressions or organization scopes. It can also fetch version data from custom registries or local JSON mirrors.
