Skip to content

npm install warnings >= 11.0.3 #823

Description

@shazron

@adobe/aio-cli — Deprecation Warning Analysis

Warnings:

❯ npm install -g @adobe/aio-cli
npm warn Unknown user config "always-auth" (//artifactory-no1.corp.adobe.com/artifactory/api/npm/npm-wxp-dev/:always-auth). This will stop working in the next major version of npm.
npm warn deprecated [email protected]: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated [email protected]: This functionality has been moved to @npmcli/fs
npm warn deprecated @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
npm warn deprecated [email protected]: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated [email protected]: This package is no longer supported. Please use @npmcli/package-json instead.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
npm warn deprecated @npmcli/[email protected]: This functionality has been moved to @npmcli/fs
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: Rimraf versions prior to v4 are no longer supported
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: This package is no longer supported.
npm warn deprecated [email protected]: Old versions of tar are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: uuid@10 and below is no longer supported.  For ESM codebases, update to uuid@latest.  For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028).
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]
npm warn deprecated [email protected]: Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting [email protected]

added 1955 packages, and changed 1 package in 1m

321 packages are looking for funding
  run `npm fund` for details

Key Finding: overrides Won't Help End Users

The overrides field in package.json (which already sets rimraf: ^5 and tar: ^7)
only applies when the package is the root project (i.e., local dev installs).
When users run npm install -g @adobe/aio-cli, npm ignores these overrides entirely.
This is why users still see rimraf@2/3 warnings despite the override being present.

Root Causes by Source

@adobe/[email protected] — main culprit

Old dependency in plugin-app Deprecated packages it brings in
yeoman-environment@^3.2.0 npmlog@5, are-we-there-yet@2, gauge@3, readdir-scoped-modules, debuglog, @npmcli/arborist@4, @npmcli/move-file@1
archiver@^5.3.1 archiver-utils@2/3glob@7, inflight
unzipper@^0.10.11 fstream@1rimraf@2

Their transitive node-gyp@8/9 additionally brings in: npmlog@6, are-we-there-yet@3,
gauge@4, @npmcli/move-file@2, glob@8

@adobe/[email protected]

  • archiver@6archiver-utils@4glob@8

@adobe/aio-lib-state@azure/[email protected]

  • Pins uuid@^8.3.0 directly — even the latest v4.x does this

jest-junit@16 (devDep only — does not affect end users)

  • uuid@8

What Can Be Fixed in This Repo

Very little — the deprecated packages all originate in plugin repos:

  • jest-junit@17 — upgrading won't help; it still depends on uuid@^14 per its manifest
  • [email protected] — comes from [email protected] (direct devDep); no rimraf@6+ exists yet that uses glob@11

What Needs to Be Fixed in Plugin / Lib Repos

Repo & change Warnings eliminated
@adobe/aio-cli-plugin-app: yeoman-environment@^3^4 npmlog@5, are-we-there-yet@2, gauge@3, readdir-scoped-modules, debuglog, @npmcli/arborist@4, @npmcli/move-file@1
@adobe/aio-cli-plugin-app: archiver@^5^7 glob@7, inflight
@adobe/aio-cli-plugin-app: unzipper@^0.10^0.12+ or replace with fflate fstream, rimraf@2
@adobe/aio-cli-plugin-app-dev: archiver@^6^7 glob@8 (via archiver-utils@4)
@adobe/aio-lib-state: update @azure/cosmos once they drop uuid@8 uuid@8

Priority: Upgrading yeoman-environment@3 → 4 in plugin-app alone would
eliminate roughly half of all warnings. The archiver and unzipper upgrades
cover most of the rest.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions