Deprecation warnings appear when npm packages or versions are no longer maintained. While installations usually succeed despite warnings, update to newer versions or alternatives to avoid security risks and ensure continued support.
Deprecation warnings (usually shown as npm WARN, not npm ERR) indicate that a package or specific version has been marked as deprecated by its maintainer. This doesn't prevent installation—the package will still be installed and work—but signals that you should migrate to an alternative. Packages are deprecated for various reasons: security vulnerabilities were discovered, a better alternative exists, the maintainer stopped supporting it, or the package has been replaced by built-in functionality. The npm registry allows maintainers to attach deprecation messages explaining why and suggesting alternatives. While not an error per se, ignoring deprecation warnings can leave your project vulnerable to security issues and compatibility problems as the ecosystem moves on.
Look at the warning message:
npm WARN deprecated [email protected]: request has been deprecated, see https://github.com/request/request/issues/3142This tells you the package name, version, and often a link explaining why and suggesting alternatives.
Find out why the deprecated package is in your project:
npm ls requestThis shows the dependency tree. If it's nested under another package, you need to update that parent package (or wait for them to update).
If it's your direct dependency, update to the latest version:
npm install package-name@latestOr switch to the recommended alternative. Common migrations:
- request → axios or node-fetch
- moment → date-fns or dayjs
- node-uuid → uuid
If the deprecated package comes from another dependency, update that parent:
npm update parent-packageIf the parent package hasn't updated yet, you can:
1. Open an issue on their GitHub asking them to update
2. Use npm overrides to force a newer version (if compatible)
3. Find an alternative to the parent package
Force a specific version of a nested dependency (npm 8.3+):
{
"overrides": {
"deprecated-package": "newer-version"
}
}Warning: This may cause compatibility issues if the parent package relies on specific behavior of the old version.
If you must proceed without addressing warnings:
npm install --loglevel=errorThis hides warnings but doesn't fix the underlying issues. Only use for CI logs where you've already acknowledged the deprecations.
Deprecation warnings are stored in package-lock.json (npm 7+). You can query them with jq:
jq '.packages | to_entries[] | select(.value.deprecated) | {name: .key, msg: .value.deprecated}' package-lock.jsonSome widely-used deprecated packages you might encounter:
- request: Use axios, got, or native fetch (Node 18+)
- moment: Use date-fns, dayjs, or Temporal API (upcoming)
- uuid (v3 and below): Update to uuid@8+
- querystring: Use URLSearchParams (built-in)
- punycode: Use built-in URL API
For security-related deprecations, run npm audit to see if the deprecation corresponds to a known vulnerability. Security issues in deprecated packages often won't get patches.
In CI/CD pipelines, consider failing builds on deprecation warnings for security-sensitive projects. This forces timely updates rather than accumulating technical debt.
npm ERR! code E401 npm ERR! 401 Unauthorized - Token has expired
Token has expired - npm authentication failure
npm ERR! code ENOAUDIT npm ERR! Audit endpoint not supported
How to fix "npm ERR! code ENOAUDIT - Audit endpoint not supported"
npm ERR! code EBADDEVENGINES npm ERR! devEngines.runtime incompatible with current node version
How to fix "npm ERR! code EBADDEVENGINES - devEngines.runtime incompatible with current node version"
npm ERR! code EAI_NODATA npm ERR! errno EAI_NODATA npm ERR! getaddrinfo EAI_NODATA registry.npmjs.org
How to fix "npm ERR! code EAI_NODATA - getaddrinfo EAI_NODATA"
npm ERR! code ETOOMANYARGS npm ERR! Too many arguments
How to fix "npm ERR! code ETOOMANYARGS - Too many arguments"