npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@smarlhens/npm-check-deprecations

v0.1.1

Published

Find deprecated packages in the lockfile dependency tree and show the chains that pull them in

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

smarlhenssmarlhens

Keywords

clidependenciesdependency-managementdeprecateddeprecationlockfilenapinodenodejsnpmpackage.jsonpnpmrustsemvertypescriptyarn

Readme

NPM check deprecations

CI napi-ncd node-current (scoped) license Conventional Commits

npm-check-deprecations finds deprecated packages anywhere in your lockfile dependency tree and shows the chains that pull them in.

This package ships a native Rust core via NAPI-RS as part of the riri-node-tools monorepo.

Table of Contents

Prerequisites

  • Node.js version ^22.22.2 || ^24.15.0 || >=26.0.0

Supported platforms:

| OS | Arch | | ------- | -------------------------------------- | | Linux | x64 (glibc, musl), arm64 (glibc, musl) | | macOS | x64, arm64 | | Windows | x64 |

Installation

Install globally:

npm install -g @smarlhens/npm-check-deprecations

Or run with npx:

npx @smarlhens/npm-check-deprecations

Usage

CLI

Find deprecated packages in the dependency tree and print the chains that reach them:

ncd

Sample output (against fixtures/ncd-npm-deprecated-demo):

ncd-demo
├─ [email protected]  ⛔ blocks: requires fake-legacy@~0.2.0, fix needs 0.3.0 → fake-app update required  (latest: 3.1.0)
│  └─ [email protected]  ⚠ deprecated: fake-legacy is unmaintained; migrate to fake-modern  (latest: 0.3.0)
├─ [email protected] (dev)  ⛔ blocks: requires fake-legacy@^0.2.0, fix needs 0.3.0 → fake-test update required  (latest: 4.0.0)
│  └─ [email protected]  ⚠ deprecated: fake-legacy is unmaintained; migrate to fake-modern (see above)
└─ [email protected]  (fix: update fake-util — ^1.0.0 allows 1.4.0)  ⚠ deprecated: fake-util is deprecated in favor of @demo/fake-util  (latest: 2.0.0)


  2 deprecated package(s) found

Each deprecated package is annotated with its registry deprecation message and the newest non-deprecated version. When a parent's declared range blocks the fix, the parent edge is flagged as a blocker.

Emit machine-readable JSON:

ncd --json

Override the registry (defaults to .npmrc, then the public npm registry):

ncd --registry https://registry.npmjs.org

Supports package-lock.json (v1/v2/v3), yarn.lock (classic & berry), and pnpm-lock.yaml (v5/v6/v9), auto-detected.

Exit codes: 0 no deprecated packages · 1 deprecated packages found · 2 runtime error.

Node API

import { checkDeprecations } from '@smarlhens/npm-check-deprecations';

const packageJson = '...'; // stringified package.json
const lockfileContent = '...'; // stringified lockfile

// Fetches packuments from the registry (blocking I/O).
const { tree, deprecated } = checkDeprecations({
  packageJson,
  lockfileContent,
  lockfileType: 'npm', // optional: 'npm' | 'yarn' | 'pnpm' (defaults to 'npm')
  // registry: 'https://registry.npmjs.org', // optional registry override
});

for (const pkg of deprecated) {
  console.log(`${pkg.name}@${pkg.version}: ${pkg.message ?? 'deprecated'}`);
}

if (tree) {
  console.log(tree); // the same chains the CLI prints
}

runCli(argv) is also exported to run the ncd CLI in-process; argv[0] must be the program name. Returns the exit code.

Options

Core logic for npm-check-deprecations

Usage: ncd [OPTIONS]

Options:
  -q, --quiet                Silent mode — no progress output
  -v, --verbose              Verbose output
  -d, --debug                Debug mode — detailed logging
      --json                 Output results as JSON
      --registry <REGISTRY>  Registry URL override (default: .npmrc, then <https://registry.npmjs.org>)
  -h, --help                 Print help
  -V, --version              Print version

Workspace mode

When run from the root of an npm, pnpm, or yarn workspace, ncd auto-detects the workspace and analyzes each member's dependency tree against the shared root lockfile. Output is grouped per member; only members that pull in a deprecated package are shown.

Debug

ncd -d

The -d/--debug flag enables detailed logging to stderr. No environment variable is required.

  ▸ Detecting lockfile......
  ✓ Detected package-lock.json
  ▸ Reading package.json......
  ✓ Read package.json
  ▸ Building dependency graph......
  ✓ Built dependency graph
  ▸ Checking 4 packages against registry......
  ✓ Checked packages against registry
ncd-demo
├─ [email protected]  ⛔ blocks: requires fake-legacy@~0.2.0, fix needs 0.3.0 → fake-app update required  (latest: 3.1.0)
│  └─ [email protected]  ⚠ deprecated: fake-legacy is unmaintained; migrate to fake-modern  (latest: 0.3.0)
├─ [email protected] (dev)  ⛔ blocks: requires fake-legacy@^0.2.0, fix needs 0.3.0 → fake-test update required  (latest: 4.0.0)
│  └─ [email protected]  ⚠ deprecated: fake-legacy is unmaintained; migrate to fake-modern (see above)
└─ [email protected]  (fix: update fake-util — ^1.0.0 allows 1.4.0)  ⚠ deprecated: fake-util is deprecated in favor of @demo/fake-util  (latest: 2.0.0)


  2 deprecated package(s) found