17

After doing npm install to fetch a project's dependencies, I regularly get a lot messages like this:

npm WARN deprecated lodash@1.0.2: lodash@<2.0.0 is no longer maintained. Upgrade to lodash@^3.0.0

Obviously I don't understand node good enough to conclude what I should do – the project doesn't even include lodash directly.

Do I need to update something on my side? Or is it the package maintainers task?

Sven
  • 12,997
  • 27
  • 90
  • 148
  • 1
    As I still don't see it as a proper answer , but this should give you an idea that it is not a huge issue http://stackoverflow.com/questions/33974189/npm-warn-deprecated-lodash2-4-2-lodash3-0-0-is-no-longer-maintained – Rabea Jan 17 '16 at 15:43
  • I've the same situation. But, I think that in the case of deprecated packages the npm can't do anything more than notify about them. Because, what would be a better solution? With old package version npm can update them but with deprecated packages is imposible identify a replace for them. – Sebastian Diaz Apr 01 '20 at 14:22
  • Does this answer your question? [NPM warn message about deprecated package](https://stackoverflow.com/questions/35236735/npm-warn-message-about-deprecated-package) – Dan Dascalescu May 29 '20 at 19:38

1 Answers1

7

In general that is the package maintainer's task. You could open an issue on their github repo (if it is on github) and even better would be to make a pull request with the internal dependencies updated.

joeycozza
  • 1,284
  • 2
  • 12
  • 15
  • 6
    I'd like to make a PR and update the dependencies, but is there an easy way to tell which package is generating the warning? the NPM message (as above) doesn't tell you where it's coming from, and npm dependencies can be a never-ending chain... – plyawn Mar 30 '16 at 15:00
  • 2
    @plyawn the easiest way to do that is to just grep your filesystem once you have the modules installed: `grep -R "\"lodash\"" . | grep "1\."` – Dan Crews May 27 '16 at 16:32
  • 1
    @plyawn npm now has a way to do this. `npm ls ` This will give you a nice graph of all the dependency trees that rely on nameOfRepo. The output is really easy to see what libraries are using what versions of nameOfRepo. – joeycozza Mar 13 '18 at 17:43