How to deal with deprecation warnings from npm

Question

Nearly all the time I use npm to install a package, I get a warning like:

npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue

Then I install the dubious packages with the advised version number.

Is there any way to make npm do this automatically? At own risk of course.

Does this answer your question? [NPM warn message about deprecated package](https://stackoverflow.com/questions/35236735/npm-warn-message-about-deprecated-package) — Dan Dascalescu, May 29 '20 at 19:35

score 6 · Accepted Answer · answered Aug 25 '16 at 12:08

6

If you're not depending directly on the deprecated packages, you're probably not accomplishing anything by installing them directly. Whichever package depends on it is the one that needs to update its dependencies, and so on until you reach the package you're developing. Essentially: if it's important (e.g. a security problem), notify the package maintainers; if not, ignore the deprecation warning.

answered Aug 25 '16 at 12:08

Ry-

218,210
55
464
476

2

How do I identify which package generated the warning? – ShadSterling Sep 18 '17 at 16:39
3

@Polyergic: Run `npm ls ` and look at the parent(s) of the deprecated package in the resulting tree. – Ry- Sep 18 '17 at 16:45

How to deal with deprecation warnings from npm

1 Answers1

Linked