47

I am installing a module globally

$ npm install -g X

and NPM says

"npm WARN deprecated lodash@1.0.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0"

how can I find out which module has an dependency on this old version of lodash?

The warning message from NPM doesn't seem to give me any clue which module references this old version (I believe that the module X does not have a direct dependency on this old version of lodash.).

Alexander Mills
  • 90,741
  • 139
  • 482
  • 817
  • 2
    Does this answer your question? [How to find reverse dependencies on npm package?](https://stackoverflow.com/questions/31923195/how-to-find-reverse-dependencies-on-npm-package) – Faariz Mohammed Nov 27 '19 at 11:57

6 Answers6

45

I got an answer for the similar question: https://stackoverflow.com/a/36335866/1115187

Briefly:

npm outdated --depth=3

This command will analyze installed NPM-packages and their versions. The report will contain:

  1. package name
  2. latest version
  3. current version
  4. dependency path (down to depth level)

Hope, this information could help you to gather info about outdated packages.

Next step - get in touch with maintainers of the appropriate package, and ask them to update the package (maybe, you would like to send a pull request).

UPD: npm-check

There is a great npm package: npm-check, that allows checking outdated dependencies. Probably

My favorite feature: Interactive Update — run npm-check -u in the project folder. An interactive menu shows all required information about dependencies in the current folder and allows to update all dependencies in 3 seconds.

maxkoryukov
  • 4,205
  • 5
  • 33
  • 54
  • I have current = wanted != last, how to make wanted = last ? – user2080105 Jan 16 '17 at 12:32
  • @user2080105, there is a lot of info about *latest* and *wanted*, for example: http://stackoverflow.com/a/33835041/1115187 . Most of such answers tell, that *wanted* is buggy... – maxkoryukov Jan 17 '17 at 17:00
  • @user2080105, modify your `package.json`, to make **wanted** version specification match the **latest** version. If it assumes downgrade - read the docs about that dependency, why maintainers set the latest version not on the edge, and create new issue, if required. Here is official documentation about **latest** and **wanted**: https://docs.npmjs.com/cli/outdated – maxkoryukov Jan 17 '17 at 17:19
  • 2
    manually modifying package.json leads to incompabilities I guess. this is a big advantage of package managers – user2080105 Jan 18 '17 at 09:23
  • @user2080105, there is `npm update --save`. I think, it is what you need – maxkoryukov Jan 18 '17 at 12:03
  • 1
    Doesn't work on truly deprecated packages. You can try installing and checking for `@types/commander`, it can't detect it is deprecated – Cardin Dec 13 '18 at 02:05
  • Doesn't recognise deprecated formidable 1.2.6, used in chai-http . superagent, tells me Your modules look amazing. Keep up the great work. ❤️ – macasas Dec 12 '21 at 10:25
16
npm la <package-name>

also works, and will give you the most details about the dependency graph of a dependency.

npm ls <package-name>, does something similar but gives you less details

Alexander Mills
  • 90,741
  • 139
  • 482
  • 817
4

Use npm list. It will print out all of the packages your module depends on as well as your dependencies dependencies and so forth. Maybe redirect output to a file or grep it so you can search it more easily.

zero298
  • 25,467
  • 10
  • 75
  • 100
  • 5
    This can be fixed by running `npm i --save lodash` to update lodash to latest version. It worked for me. – Imran Khan Feb 06 '16 at 20:17
  • 1
    @ImranKhan. If you didn’t explicitly install Lodash before, it will add it as a direct dependency, which is not the best way to upgrade indirect dependencies – Michael Freidgeim Jan 01 '23 at 09:43
4

use this 

sudo npm install --unsafe-perm -g expo-cli
Jose Antonio Amieva Cardoso
  • 151
  • 6
  • 27
    While this code may solve the question, [including an explanation](//meta.stackexchange.com/q/114762) of how and why this solves the problem would really help to improve the quality of your post, and probably result in more up-votes. Remember that you are answering the question for readers in the future, not just the person asking now. Please [edit] your answer to add explanations and give an indication of what limitations and assumptions apply. – Dharman Nov 28 '19 at 22:19
3

You could search through all the package.json files under node_modules and see which ones are dependent on lodash 1.0.2.

d512
  • 32,267
  • 28
  • 81
  • 107
1

For deprecated files you should use the "npm i [package]" syntax, in this case you should use: npm i X and it will fetch all necessary packages, including deprecated ones, but which are required for your installation.

Npm documentation link: https://docs.npmjs.com/using-deprecated-packages

Gherard Chipana
  • 19
  • 2