I used to use npm-check-updates and taze to check and update dependencies. However I found this way is not as good as it may look as.

TL,DR; I will still use them for checking updates, but I will use npm up --save or pnpm up -Lir to do update.

The reason is here: you can easily query dependencies' new versions and update package.json, but you cannot update indirect dependencies' versions (they are stored in the lockfile). As a result, both npm i and pnpm i (and yarn, sorry about ignoring you) will not update these dependencies. This behavior is correct since it does not break node modules resolution, but may not be what you want.

To get all dependencies updated, the simplest way is run npm up --save or pnpm up, then use npm dedupe or pnpm-deduplicate to clean up lockfiles.