NPM Update Status

If you are a Node-Red fan (and if not – why not) – you’ll know that the NODES – i.e. the modules that are provided with Node-Red or that people like myself create – get updated every now and then.  And it is a pain in the bum to keep checking to see if any of them need updating.

So – how about a weekly or monthly email detailing any updates!

It turns out that there is a handy command called “npm outdated” which returns a list of out of date devices!

So here’s the general sequence…

cd .node-red  // if you’re in the PI directory of your Pi or similar – this will take you to the Node Red directory

npm outdated // this will show you a list of out-dated nodes (or nothing).

You can then go off and do updates when you wish.

It occurred to me that this needed automating. One of the guys at the Node-Red groups (Mark Setrem) gave me this:

npm outdated –prefix ~/.node-red

That saves having to switch to the Node Red directory – and so from there – a simple flow…


The timestamp node can be set to output every week or month – the exec node contains what you see above – and the green email node contains email credentials.

The payload (email body) comes from the middle exec node, fill in the TOPIC in the timestamp and you have your SUBJECT line.

The output (which you can test by pressing the button on the timestamp – who’s payload is ignored)….


The whole operation takes several seconds but because of the way Node-Red works – it’s not holding anything up. Ok, formatting could be better – but who cares – it does the job.

The original information that started me off is on the Node-Red site..

I’d updated NODE and NPN to the latest versions and that made some nodes fail (SQLITE)… also I realised when thinking about it – that some of those nodes have not been updated in a while – here’s how I gotaround the lot…

sudo npm cache clean

sudo npm update -g –unsafe-perm node-red

So that gets you the latest Node-Red after any updates of Node etc…

cd ~/.node-red


npm outdated

The above gives you a list of your nodes that may be out of date either through a node update – or simply – age!!

npm update              # to update all nodes, or


npm update foo          # to only update a node called foo

Just adding in a little extra here (10/dec/2016) as I cracked formatting.

HTML formatted email

Simple really…  in the Exec node itself I added a JSON flag

npm outdated -json –prefix ~/.node-red

and in the function I then simply used a table (the kind of clever CSS we often use on web pages is not too good in emails as there are many clients out there which still handle only the simplest of HTML – I learned that the hard way a while ago after developing a mass email system for a large organisation – my code was directly responsible for formatting and sending out many, many millions of emails running most hours of the day – you soon learn how many people are cheesed off at your attempts at styling)

So keeping it simple (ok, I should have used HEX for the colour – I’m being lazy here)..

[pcsh lang=”css” tab_size=”4″ message=”” hl_lines=”” provider=”manual”]

var m="<table style='font-family:arial; font-size:14px'><tr><td style='color:blue'><b>Node</b></td><td style='color:blue'><b>Current</b></td><td style='color:blue'><b>Wanted</b></td><td style='color:blue'><b>Latest</b></td></tr>";

for (var key in msg.payload)
m+="<tr><td style='color:green'>";
var mm=msg.payload[key];
return msg;


Now… I DID try Antonio’s version (see the comments below) and got the rather lovely email below… other than the missing first letter !! and I would have expected it to include the location contents as well – for some reason it didn’t… but nice and simple…

ansitohtml version


29 thoughts on “NPM Update Status

  1. I just get a blank e-mail back what am i doing wrong?
    I have an inject node
    I put “npm outdated -json –prefix ~/.node-red” into an exec node
    I have the e-mail node

  2. I cannot quite follow the outcome of all replies,but is there a chance there will be a one click update some time?
    I did this all in the terminal and are left with a number of unupdatable nodes:
    Node Current Wanted Latest
    bcryptjs 2.3.0 2.4.0 2.4.0
    node-red-contrib-bigtimer 1.4.4 1.4.83 1.4.83
    node-red-contrib-gpio 0.9.0 0.9.1 0.9.1
    node-red-node-openweathermap 0.1.12 0.1.13 0.1.13
    There you need other options in the update command I suspect. Especially your bigtimer is way outdated!

  3. OK I made the mistake to format the html/javascript, but that is in an extra function block. Node-RED is not ignoring new line/return characters, I think this would be nice if they did, the same as in other interpreters.

  4. Blimey, this is something that I actually knew about. That’s pretty heartening for a beginner!

    So, based on the above, here’s something else that I read about recently that you may or may not know about… – used to access Amazon servers for Alexa. I came across Ngrok in this tutorial.
    It seemed easy to set up an SSL connection with this.

    I don’t know if this is relevant to you Pete but it may be worth a look.

    1. That NGROK looks of interest – could get around my problem in Spain of not being able to bring port 443 into the building… thanks for that. The rest of it looked awfully complicated 🙂

      1. the only problem is that with the free version, it gives you always a different domain name on starting… if you want a fixed domain, you must pay…

        ngrok http -subdomain=testina 80
        and see

        1. Yes and while a fiver a month does not sound like a lot – it’s just another fiver a month to go with all the other fiver a months… good idea though.

    2. Free version doesn’t do HTTPS – well, it does – but it also does HTTP 🙂 Still – for a quick file transfer, not a bad tool along with HFS

  5. RIGHT – I’ve just given WORDPRESS a damned good telling off and told it never to interfere with dashes again!

  6. Shouldn’t it be “sudo npm update -g –unsafe-perm node-red” for the node red upgrade? That is a double hyphen before unsafe. Also it is slightly strange to see that you are running such an old version of your own node Bigtimer? Do you not trust the latest versions.

    1. Funny you mention that… YES BUT… I didn’t notice any funny ANSI characters coming out of the EXEC node. So if you run the OUTDATED command on the command line you get colourful ANSI stuff – but I don’t think that comes out of the EXEC node – which is a SHAME because there is NodeJS code to turn ANSI into HTML. If anyone wants to improve on this – we’re all ears!

      Oh, I’m supposed to make it clear that I’ve included a bit in there about upgrading Node-Red which of course is NOT essential when updating NODES.

      1. color email in html from terminal: done
        you need to install gawk and a little shell script, and the “script” command is used to capture full terminal content, included ansi codes…
        instead of redirecting latest command to an html file, i think you could redirect its output into an email… cannot try at the moment, but the html file is ok, so i think no problems here…

        sudo apt-get install gawk # needed by ansi2html
        chmod +x
        script -q -c “npm outdated –prefix ~/.node-red”| ~/ > outdated.html

            1. Take a look – I tried your version – and it works – just directed the output to an email instead – but – did YOU get the first character missing and the missing field at the end?? Also it killed Node-Red the first time around (but surprisingly not after restarting Node-Red). I’ll run the two side by side for a while…

              1. for the node-red killing, don’t know… i’m doing parallel trials (this and thingspeak, as promised a few days ago), so didn’t notice, but never thought of checking, have to say…

                for latest field, it defaults to 0:

                so you have to override it:
                npm outdated –depth=1 –prefix ~/.node-red

                for first char: don’t know how that’s possible… in the html files everything is perfect, try this:
                script -q -c “npm outdated –depth=10 –long=true –prefix ~/.node-red”| ~/ | sudo tee /var/www/html/outdated.html 1> /dev/null
                script -q -c “npm outdated –depth=10 –global=true “| ~/ | sudo tee /var/www/html/global.html 1> /dev/null

                then load in a browser http://your-raspy-ip/outdated.html and take a look… this can be used to have a page instead of an email, just on the raspy itself… and script can be scheduled to run once a day, for example… first line parses .node-red folder, the second line parses global nodes

                1. Had to give it a miss – killing node-red on use quite often… my original works just fine – the script version – something wrong there.

                  1. mmm, strange… just launched the latest 2 commands a bunch of times (at least 20 times, in total), and checked node-red before and after, it was always on, never stopped nor i needed to restart it…

                    nothing in logs?
                    anyway, take a look at the other options i added in this comment:
                    in case you want to add that latest field, have global outdated reports, too, and have 2 local pages instead of emails…

                    oh, i’m on raspy3 with raspbian upgraded to latest using apt-get… nodes and node-red are of about a month ago, i’ll update as soon as i finish the thingspeak install…

                    “npm update” updates the global packages, too? i think no, so how to update them?

  7. Very interesting post 🙂

    I’ve only just started my home automation journey but this is the kind of thing that would keep me awake at night… what if a dependency of a dependency changes in npm and has a bug that stops node-red from running properly? I wouldn’t allow any kind of automated update that could potentially mean that I have no lights or heat… I worry about doing a manual update and something breaking and being unable to easily revert it. I also want to get core linux and nodejs updates too, but in a controlled manner.

    What I’m doing is running node-red on linux in a docker container with all of the “config” stored outside of the container. Every night my script rebuilds the whole container but just leaves it ready to run, then when I feel like it all I have to do is stop the current node-red container and start the new one, and everything should “just work”. If anything breaks, then I can roll back by just stopping the new container and restarting the old one. I can also back up a “last known good” image of the container elsewhere so if I have a complete hardware meltdown I can just copy it onto a new linux server and start it up.

    Perhaps I worry too much 🙂

    1. Erm, maybe you’re overthinking it – the only time I do that is when contemplating a change to my systems in Spain when I am in the UK – which is remotely like sending new code to the Mars explorer. I have a particular Raspberry Pi running the heating, lighting and other stuff in the house and I am always keeping it up to date. Up to now, I have not once gotten into a situation with Node and Node-Red updates that I can’t get out of. I don’t use Docker after a horrifying experience with it on Windows… my version of rolling things back is to backup the SD – after all – there IS nothing other than what’s on the SD on Pi. Ok, there was once – when moving from the previous Debian installation to Jessie… but then – as far as Node-Red is concerned if you back up the FLOWS you’re most of the way there.

Comments are closed.