Breaking changes
node < 8 deprecated
The required node version has been updated to allow the use of newer Javascript features and reduce maintenance efforts for old versions.
System npm used
In ncu v2, an internally packaged npm was used for version lookups. When this became out-of-date and differed considerably from the system npm problems would occur. In ncu v3, the system-installed npm will be used for all lookups. This comes with the maintenance cost of needing to upgrade ncu whenever the output format of npm changes.
Installed modules ignored
In ncu v2, out-of-date dependencies in package.json that were installed up-to-date (e.g. ^1.0.0 specified and 1.0.1 installed) were ignored by ncu. Installed modules are now completely ignored and ncu only consider your package.json. This change was made to better match users’ expectations.
Existing version ranges that satisfy latest are ignored (-a by default)
In ncu v2, if you had ^1.0.0 in your package.json, a newly released 1.0.1 would be ignored by ncu. The logic was that ^1.0.0 is a range that includes 1.0.1, so you don’t really need to change the version specified in your package.json, you just need to run npm update. While logical, that turned out to be quite confusing to users. In ncu v3, the package.json will always be upgraded if there is a newer version (same as -a in v2). The old default behavior is available via the --minimal option.
Prerelease versions ignored
In ncu v2, any version published to the latest tag was assumed to be a stable release version. In practice, occasional package authors would accidentally or unconventionally publish -alpha, -beta, and -rc versions to the latest tag. While I still consider this a bad practice, ncu v3 now ignores these prerelease versions by default to better match users’ expectations. The old behavior is available via the --pre 1 option. (When --newest or --greatest are set, --pre 1 is set by default, and can be disabled with --pre 0).
Options changed: -m, --prod, --dev, --peer
In order to only target one or more dependency sections, ncu now uses the --dep option instead of separate options for each section.
--prod is now --dep prod
--dev is now --dep dev
--dev --peer is now --dep dev,peer etc
The --packageManager alias has changed from -m to -p to make room for --minimal as -m.