我有一堆旧的包(维护Angularjs(1.0)堆栈),当我安装时,我收到关于过时版本的包的警告:
npm WARN deprecated bower@1.3.12: ...psst! Your project can stop working at any moment because its dependencies can change. Prevent this by migrating to Yarn: https://bower.io/
blog/2017/how-to-migrate-away-from-bower/
npm WARN deprecated babel-preset-es2015@6.24.1: 🙌 Thanks for using Babel: we recommend using babel-preset-env now: please read babeljs.io/env to update!
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated tough-cookie@0.12.1: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated npmconf@2.1.2: this package has been reintegrated into npm and is now out of date with respect to npm我怎么知道是哪个包裹把这些东西拉进来的?npm outdated不返回任何内容。npm prune不删除任何内容。
包.json
{
"devDependencies": {
"babel-preset-env": "^1.6.1",
"browser-sync-webpack-plugin": "^2.2.2",
"copy-webpack-plugin": "^4.5.1",
"html-webpack-plugin": "^3.1.0",
"css-loader": "^0.28.11",
"file-loader": "^1.1.11",
"pug-html-loader": "^1.1.5",
"pug-loader": "^2.3.0",
"graceful-fs": "^4.1.11",
"minimatch": "^3.0.4",
"node-sass": "^4.8.3",
"sass-loader": "^6.0.7",
"style-loader": "^0.20.3",
"uglifyjs-webpack-plugin": "^1.2.4",
"webpack": "^4.3.0",
"webpack-cli": "^2.0.13",
"webpack-merge": "^4.1.2"
},
"dependencies": {
"@uirouter/angularjs": "latest",
"ajv": "^6.3.0",
"angular": "^1.6.9",
"angular-translate": "^2.17.0",
"babel-core": "^6.26.0",
"babel-loader": "^7.1.4",
"babel-plugin-transform-runtime": "^6.23.0",
"babel-register": "^6.26.0",
"brfs": "^1.5.0",
"browser-sync": "^2.23.6",
"debowerify": "^1.4.1",
"isparta": "^4.0.0",
"jshint": "^2.9.5",
"jshint-stylish": "^2.2.0",
"postcss-loader": "^2.1.3",
"pretty-hrtime": "^1.0.2",
"pug": "^2.0.3",
"tiny-lr": "^1.1.1"
}
}
3条答案
按热度按时间ffx8fchx1#
你可以做
npm ls --all。它会给予你一个树结构,显示依赖关系是如何组合在一起的。下面的例子:如果你想知道一个特定的包,你可以执行
npm ls <package>,这将显示子树。你也可以执行
npm ls --json来获取json格式的输出。如果你想以编程方式分析它,这很有用。编辑:原始帖子建议使用
npm ls,但较新版本的npm ls仅显示平面列表。oewdyzsn2#
我建议您使用
npm-check-updates升级依赖项。您可以使用以下命令进行安装:
npm install -g npm-check-updates然后通过运行
ncu给你一个过期包的报告,或者ncu -u更新package.json。关于
ncuhere的更多信息。否则,package-lock.json可以给予有关依赖项的依赖项的信息。或者,
npm ls可以提供报告。sqxo8psd3#
可以使用命令
npm ls contextify PACKAGE_NAME例如,我试图跟踪一个包的父包。包名为app-builder-bin。
我得到了波纹管输出: