Efficient NPM updating?

So, for one of our projects, we've moved to having a bunch of npm modules on an internal registry for various sub-parts of our projects and we're running into some trouble that seems like it would generally be an issue.  Our primary package.json has a bunch of explicit version number dependencies (3rd party modules that we don't want changing out from under us unknowingly), and a bunch of ~version dependencies (mostly for internal packages which are updated daily).

So, the problem is, now after every "git pull", we need to do an "npm update" to get all of the related module changes, but "npm update" is really slow, as it appears to re-download and re-install *every* package, not just those that have updated versions available.  "npm install" is fast (and is what we were used to doing), and that updates all of the packages for which we explicitly bumped the version number, but doesn't update packages with the ~version number dependencies that have had a new version published recently.  I saw there's an "npm outdated" command which, very quickly, tells us exactly which packages would actually need to get updated, but I cannot find any npm command that will just update what needs to be updated without spending lots of time re-downloading/building/etc all of our "static" dependencies.

I did put together this, uh, simple command to do what we need efficiently, but it seems like there should be a better way (within npm)!

npm outdated --parseable | cut -f 2-3 -d : | grep -ve "^\(.*\):\\1$" | cut -f 1 -d @ | xargs npm update

Read npm/npm#6247 for information on why using npm update is generally a bad idea. As should be clear, the npm CLI team intends to fix its issues sometime in the near to medium term.

Until then, I put together a small script that allows you to update all your global packages; it shouldn’t be very difficult to adapt for use on a per-application basis.

Thanks for the response,

That script seems to have some of the same issues I was complaining about (re-downloads, builds, installs every package, taking lots of time, not just those that have changed), and also won't get all updates in our case (if I push an update to package C and A depends on B depends on C, I expect to get the new version of C deployed when I update A, or, in other words, if I do an update, I expect to end up in exactly the same state that a fresh install or "rm -r node_modules;npm install" would put me in), but otherwise is basically the same as the shell command I mentioned (minus the filtering on only those that need it).

I guess I'm using npm version 1.4.x, not 2, but it doesn't seem to have the issues referenced in the git issue (empirically, it appears to install the latest version matching semver, not the globally latest version as is complained about in the issues - that would be quite problematic).

For now, I guess we'll just use the command I referenced earlier, but it's good to hear people are thinking about making this process better in the future.