In my production environment, I only run LTS NodeJS versions. At the moment, I still use v4, but I am working on the switch to v6.
Since I only write applications for internal use, the servers are not connected to the internet and I have to manually patch node, npm, my applications and their dependencies. But even if the servers had internet access, I would patch them very rarely and carefully. Never touch a running system (if not necessary)!
However, every morning, I check certain tools and blogs for new versions and changelogs and based on the results I decide if an upgrade to a later version is worth the trouble. Some keywords I look for are CVS, Security, Significant Performance Improvement and Bugfix. I usually check if my applications are affected and then do a test-patch on my dev machine. If everything works, I upload the changed environment to the productive systems in a well documented Change process and with the possibility to do a roll-back at any time.