我有一堆较旧的软件包(维护一个Angularjs(1.0)堆栈),当我安装时,我会收到关于软件包过期版本的警告:
npm WARN deprecated bower@1.3.12: ...psst! Your project can stop working at any moment because its dependencies can change. Prevent this by migrating to Yarn: https://bower.io/
blog/2017/how-to-migrate-away-from-bower/
npm WARN deprecated babel-preset-es2015@6.24.1: Thanks for using Babel: we recommend using babel-preset-env now: please read babeljs.io/env to update!
npm WARN deprecated graceful-fs@3.0.11: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated minimatch@1.0.0: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@2.0.3: please upgrade to graceful-fs 4 for compatibility with current and future versions of Node.js
npm WARN deprecated tough-cookie@0.12.1: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated node-uuid@1.4.8: Use uuid module instead
npm WARN deprecated npmconf@2.1.2: this package has been reintegrated into npm and is now out of date with respect to npm
如何确定将这些包装中的内容?
npm outdated什么都不返回。
npm prune没有修剪任何东西。
的package.json
{
"devDependencies": {
"babel-preset-env": "^1.6.1",
"browser-sync-webpack-plugin": "^2.2.2",
"copy-webpack-plugin": "^4.5.1",
"html-webpack-plugin": "^3.1.0",
"css-loader": "^0.28.11",
"file-loader": "^1.1.11",
"pug-html-loader": "^1.1.5",
"pug-loader": "^2.3.0",
"graceful-fs": "^4.1.11",
"minimatch": "^3.0.4",
"node-sass": "^4.8.3",
"sass-loader": "^6.0.7",
"style-loader": "^0.20.3",
"uglifyjs-webpack-plugin": "^1.2.4",
"webpack": "^4.3.0",
"webpack-cli": "^2.0.13",
"webpack-merge": "^4.1.2"
},
"dependencies": {
"@uirouter/angularjs": "latest",
"ajv": "^6.3.0",
"angular": "^1.6.9",
"angular-translate": "^2.17.0",
"babel-core": "^6.26.0",
"babel-loader": "^7.1.4",
"babel-plugin-transform-runtime": "^6.23.0",
"babel-register": "^6.26.0",
"brfs": "^1.5.0",
"browser-sync": "^2.23.6",
"debowerify": "^1.4.1",
"isparta": "^4.0.0",
"jshint": "^2.9.5",
"jshint-stylish": "^2.2.0",
"postcss-loader": "^2.1.3",
"pretty-hrtime": "^1.0.2",
"pug": "^2.0.3",
"tiny-lr": "^1.1.1"
}
}
答案 0 :(得分:7)
你可以npm ls。它将为您提供一个树结构,显示依赖关系如何组合在一起。示例如下:
lms@nuc ~/src/ralphtheninja/slump (master)
$ npm ls
slump@2.0.3 /home/lms/src/ralphtheninja/slump
├─┬ bs58@4.0.1
│ └─┬ base-x@3.0.4
│ └── safe-buffer@5.1.1 deduped
├── core-util-is@1.0.2
├─┬ faucet@0.0.1
│ ├── defined@0.0.0
│ ├── duplexer@0.1.1
│ ├── minimist@0.0.5
│ ├── sprintf@0.1.5
│ ├─┬ tap-parser@0.4.3
│ │ ├── inherits@2.0.3 deduped
│ │ └─┬ readable-stream@1.1.14
│ │ ├── core-util-is@1.0.2 deduped
│ │ ├── inherits@2.0.3 deduped
│ │ ├── isarray@0.0.1
│ │ └── string_decoder@0.10.31
│ ├─┬ tape@2.3.3
│ │ ├── deep-equal@0.1.2
│ │ ├── defined@0.0.0 deduped
│ │ ├── inherits@2.0.3 deduped
│ │ ├── jsonify@0.0.0
│ │ ├── resumer@0.0.0 deduped
│ │ └── through@2.3.8 deduped
│ └─┬ through2@0.2.3
│ ├── readable-stream@1.1.14 deduped
│ └─┬ xtend@2.1.2
│ └── object-keys@0.4.0
├─┬ rc@1.2.6
│ ├── deep-extend@0.4.2
│ ├── ini@1.3.5
│ ├── minimist@1.2.0
│ └── strip-json-comments@2.0.1
├── safe-buffer@5.1.1
如果您对某个特定包有疑问,可以执行npm ls <package>,这将显示该子树。
你也可以用npm ls --json来获取json格式的输出。如果您想以编程方式进行分析,则非常有用。
答案 1 :(得分:0)
我建议您使用npm-check-updates升级您的依赖项
您可以安装:npm install -g npm-check-updates
然后通过runnig ncu为您提供过期软件包的报告,或ncu -u更新package.json。
有关ncu here。
否则,package-lock.json可以为您提供有关依赖项依赖关系的信息。或者,npm ls可以为您提供报告。