lpm upgrade
Bump dependencies to their latest matching version, with optional major upgrades.
lpm upgradeWalks package.json dependencies and devDependencies, looks up the latest published version for each eligible package, and updates the lockfile + node_modules accordingly. By default it stays within your declared semver — pass --major to bump across breaking-change boundaries.
Default scope: @lpm.dev/* plus npm packages already recorded as public npm or LPM-registry-proxy installs in lpm.lock. That means a normal react, lodash, or @scope/pkg install that currently resolves through registry.npmjs.org or the configured LPM registry is eligible for lpm upgrade too. Packages without recorded public npm or LPM-registry source attribution are skipped instead of being queried against registry.npmjs.org — this avoids leaking private/custom-registry package names. If you added a public npm package before LPM recorded source metadata, run lpm install once to refresh lpm.lock, then rerun lpm upgrade.
In a TTY, lpm upgrade shows an interactive multiselect so you can pick which packages to bump. In CI or a non-TTY, it runs non-interactively. Override with -i (force interactive) or -y (force non-interactive).
The interactive multiselect annotates each candidate with the signals you'd want before saying yes: whether the upgrade target ships install scripts, whether any peer-dependency declaration shifts under your current lockfile, and whether an existing lpm patch for this package won't cleanly apply to the new version.
Examples
lpm upgrade # interactive at TTY, all-at-once in CI
lpm upgrade --dry-run # show what would change
lpm upgrade --major # also offer breaking upgrades
lpm upgrade -y --dry-run # CI-friendly JSON/text preview of upgrade candidates
lpm upgrade -y # non-interactive (skip prompts)
lpm upgrade -i # interactive (even in non-TTY)Major upgrades
lpm upgrade --majorIn non-interactive mode, --major actually performs the major bump on every dep that has one. In interactive mode, major upgrades appear as separate rows in the multiselect — you toggle the ones you want.
After a --major run, review the changelog of every bumped package before shipping. LPM never reads release notes for you.
What changes
package.json— declared ranges are rewritten to match the new resolved versions, respecting your save policy.lpm.lock/lpm.lockb— fully refreshed.node_modules/— re-linked with the new versions.
If your package.json says "react": "^18.0.0" and the lockfile records react as coming from public npm or the configured LPM registry, lpm upgrade will land ^18.3.1 when 18.3.1 is the newest matching 18.x release. With --major and react 19 available, it would also offer ^19.0.0.
Flags
| Flag | Effect |
|---|---|
--major | Allow upgrading to a higher major version. Mutually exclusive with interactive mode — in interactive mode, major-bumps appear as togglable rows instead |
--dry-run | Show what would be upgraded without making changes |
-i, --interactive | Force interactive mode even outside a TTY. Mutually exclusive with -y and --json |
-y, --yes | Force non-interactive mode (useful at a TTY). Mutually exclusive with -i |
Plus the global flags.
See also
lpm outdated— see which deps have updates availablelpm install— reinstall after a manualpackage.jsonedit- Save policy — how new ranges get saved