NPM warn message about deprecated package

Question

I am installing a module globally

$ npm install -g X 

and NPM says

"npm WARN deprecated [email protected]: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0"

how can I find out which module has an dependency on this old version of lodash?

The warning message from NPM doesn't seem to give me any clue which module references this old version (I believe that the module X does not have a direct dependency on this old version of lodash.).

Answer 1

I got an answer for the similar question: https://stackoverflow.com/a/36335866/1115187

Briefly:

npm outdated --depth=3 

This command will analyze installed NPM-packages and their versions. The report will contain:

1. package name
2. latest version
3. current version
4. dependency path (down to depth level)

Hope, this information could help you to gather info about outdated packages.

Next step - get in touch with maintainers of the appropriate package, and ask them to update the package (maybe, you would like to send a pull request).

UPD: npm-check

There is a great npm package: npm-check, that allows checking outdated dependencies. Probably

My favorite feature: Interactive Update — run npm-check -u in the project folder. An interactive menu shows all required information about dependencies in the current folder and allows to update all dependencies in 3 seconds.

Answer 2

npm la <package-name>  

also works, and will give you the most details about the dependency graph of a dependency.

npm ls <package-name>, does something similar but gives you less details