npm deprecated package

Question

npm WARN deprecated tar@2.2.2: This version of tar is no longer supported, and will not receive security updates. Please upgrade asap.

changed 67 packages, and audited 68 packages in 7s

4 packages are looking for funding
  run `npm fund` for details

2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run `npm audit` for details.

Answer 1

This kind of problem is quite common for npm users. Your package.json file mentions multiple npm packages you need. And, each of those package's package.json file in turn refers to other packages, and so on. Somewhere in there some package refers to version 2.2.2 of tar. But the current version of tar is 6.2.2.

You can, as the error message says, run npm audit to find the offending package: that is, the package that wants the old version of tar (tar@2.2.2).

How to try to fix this?

If it's your package.json that loads tar@2.2.2 try doing these two commands.

npm remove tar --save
npm install tar --save

to get the latest.

Try running npm update --save. It will examine your nest of npm packages, and bring them up to more recent versions. That may, or may not, replace the offending package with a more recent version. It does this by updating a file called package-lock.json containing the explicit versions. If that doesn't work ...

Try running npm audit again to see what the situation is. Then, try npm audit --fix . If that doesn't work ...

1. File an issue on the github repository of the offending package asking for an update.
2. Look for another package with the same functionality as the offending package and replace it.
3. Decide you will live with the warning. (If your software is used in production, that may be unwise, because cybercreeps.)
4. Ask another question here and mention the offending package.