Find the root NPM package to update
If your repositories are stored on GitHub, you probably often receive notifications from GitHub asking to update a given npm package.
It's a great feature as GitHub keeps your repository up-to-date and provides the patches to fix possible security issues. However, it doesn't tell you the actual packages that need to be updated.
In order to see which the root package should be updated due to one of its dependencies updates, you can use the `npm ls`
command.
$ npm ls acorn
├─┬ @11ty/eleventy-plugin-syntaxhighlight@3.0.6
│ └─┬ jsdom@16.4.0
│ ├─┬ acorn-globals@6.0.0
│ │ └── acorn@7.4.1 deduped
│ └── acorn@7.4.1
└─┬ @11ty/eleventy@0.11.1
└─┬ pug@2.0.4
├─┬ pug-code-gen@2.0.2
│ └─┬ with@5.1.1
│ ├─┬ acorn-globals@3.1.0
│ │ └── acorn@4.0.13
│ └── acorn@3.3.0
└─┬ pug-lexer@4.1.0
└─┬ is-expression@3.0.0
└── acorn@4.0.13