AWS CDK is a fast-moving tool, developed by the Amazon Web Services team. As such, it has frequent and regular releases. This is usually fine and means the authors of the project take care of bugs and move new features to production quickly.
However, this also increases the burden for developers, who maintain a project that has any of the AWS CDK packages as an upstream dependency. Meaning that these developers need to regularly update their package.json and package-lock.json files.
If you’ve already worked with a mid to large sized AWS CDK based project – the number of such packages, referred in package.json can grow quite quickly, as you start utilizing constructs for provisioning common AWS services like AWS CodePipeline for the CI needs of your project, CloudFront as the edge CDN, API Gateway or AWS ALB as your traffic distributor and load balancer, Lambda or ECS for application business logic, S3 for your static frontend, etc, etc. All of these, come from different AWS CDK packages like
The AWS CDK team has already acknowledged the downside of this multiple-packages approach back in 2019 and are currently working on v2.0 of AWS CDK, which will be a single monolithic package, reducing the package dependency “hell”, but until v2.0 comes out, we as developers of AWS CDK based projects need to keep up with the regular updates of the AWS CDK packages and keep updating our project’s package.json file. So…
If you just delete package-lock.json and run the usual friend of most developers today:
npm install, npm will only install up to every package’s latest “patch” version. So if your package.json defines for example:
that package will only get bumped up to 1.96.xxx but never to 1.97 or more. This is not okay. We want to take advantage of the latest features and bug fixes often. The ones that come with the minor versions 1.97, 1.98, and so on. We could, in theory, manipulate the package.json file and change the line
^1.97.0 but this is not feasible if you use 20+ CDK packages.
So the quickest way to upgrade all AWS CDK packages of your project I have found so far, is to use the npm-check-updates package.
Check if there are updated packages:
Check if there are updated packages and bump their version inside package.json, as well as install these latest versions:
Happy infrastructure provisioning!