Fix Outdated npm Dependencies npm

Find and fix outdated npm dependencies with known CVEs. Paste your package.json and get a patched version — no CLI, no signup.

⚠ The Problem

Your package.json contains outdated dependencies with known CVEs. npm outdated shows what's stale but doesn't generate the fixed file.

Bad Configuration — package.json

{
  "dependencies": {
    "express": "4.17.1",
    "lodash": "4.17.15"
  }
}

{
  "dependencies": {
    "express": "4.19.2",
    "lodash": "4.17.21"
  }
}

✓ Fix

Update to the safe versions reported by OSV. Run npm install to regenerate package-lock.json. After updating, run npm install.

Scan your dependencies now — paste your manifest, get a fixed version back in seconds.

No signup · No CLI · No GitHub connection · Runs 100% in your browser

How do I find outdated npm packages with CVEs?

Run npm audit, or paste your package.json into PackageFix for a live CVE scan with fix versions from OSV.

Is it safe to update all npm dependencies at once?

Patch and minor updates (4.17.1 → 4.17.21) are generally safe. Major version bumps may have breaking changes — review changelogs first.

What is the difference between npm outdated and npm audit?

npm outdated shows all available updates. npm audit shows only CVE-flagged packages. PackageFix combines both: CVE scan + fix versions in one step.

How often should I update npm dependencies?

At minimum monthly, and immediately when CISA adds a package to the KEV catalog.