Skip to content

fix: reduce npm install deprecation warnings#781

Merged
shazron merged 9 commits intomasterfrom
fix/reduce-npm-install-warnings
Mar 18, 2026
Merged

fix: reduce npm install deprecation warnings#781
shazron merged 9 commits intomasterfrom
fix/reduce-npm-install-warnings

Conversation

@shazron
Copy link
Member

@shazron shazron commented Mar 17, 2026
edited
Loading

Fixes #624 (partially)

Summary

Reduces npm install deprecation warnings by fixing the issues addressable within this repo.

Changes:

  • Bump @oclif/core 2.11.92.16.0 and @oclif/plugin-plugins ^5^5.4.58 to pull in versions
    that no longer depend on deprecated rimraf@2/3 and tar@6
  • Add overrides for rimraf (^5.0.7) and tar (^7.4.3) to force transitive dependents onto
    non-deprecated versions
  • Remove unused babel-runtime@^6.26.0 devDependency — not imported anywhere in src/ or test/, and was
    the sole reason core-js@2.6.12 appeared in the tree

Remaining warnings (require upstream fixes)

The following warnings cannot be resolved in this repo:

Warning Blocked on
@oclif/screen@3.0.8 7+ Adobe plugins still on @oclif/core@1
fstream, npmlog, gauge, are-we-there-yet, @npmcli/move-file, debuglog, readdir-scoped-modules aio-cli-plugin-appyeoman-environment@npmcli/arborist
read-package-json@6 aio-cli-plugin-appgenerator-aio-apppacote
node-domexception aio-cli-plugin-eventsswagger-clientnode-fetch-commonjs
eslint@8, @humanwhocodes/* @adobe/eslint-config-aio-lib-config peer dep locks us to eslint@^8
glob@7/8, inflight glob@11 requires Node 20+; conflicts with engines: >=18
tar@6 (inside npm/) Bundled inside @oclif/plugin-plugins; overrides cannot reach bundled deps 
 8 plugins, all on @oclif/core@1.26.2:
  - @adobe/aio-cli-plugin-app-templates@2.0.3
  - @adobe/aio-cli-plugin-certificate@2.0.1
  - @adobe/aio-cli-plugin-config@5.0.1
  - @adobe/aio-cli-plugin-console@5.0.1
  - @adobe/aio-cli-plugin-events@4.0.1
  - @adobe/aio-cli-plugin-info@4.0.1
  - @adobe/aio-cli-plugin-runtime@8.0.0
  - @adobe/aio-cli-plugin-telemetry@2.0.2

  Note: aio-cli-plugin-app-storage and aio-cli-plugin-app also pull in @oclif/core@1.26.2 transitively
  (through their own deps), but those are the 8 direct Adobe plugins doing so.

Test plan

  • npm install — no deprecation warnings for items not on the list above
  • npm ls core-js 2>/dev/null | grep "2.6" — returns nothing
  • npm test — 53 tests pass, 100% coverage

Motivation and Context

Reduce npm warnings on dependencies when installing the cli.

How Has This Been Tested?

Manual test.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@codecov
Copy link

codecov bot commented Mar 17, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@shazron
Copy link
Member Author

shazron commented Mar 17, 2026
edited
Loading

Create a new issue with the rows in the table that are actionable.

The remaining warnings are:

npm warn deprecated readdir-scoped-modules@1.1.0: This functionality has been moved to @npmcli/fs
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated debuglog@1.0.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated @npmcli/move-file@1.1.2: This functionality has been moved to @npmcli/fs
npm warn deprecated read-package-json@6.0.4: This package is no longer supported. Please use @npmcli/package-json instead.
npm warn deprecated npmlog@5.0.1: This package is no longer supported.
npm warn deprecated @npmcli/move-file@2.0.1: This functionality has been moved to @npmcli/fs
npm warn deprecated @npmcli/move-file@2.0.1: This functionality has been moved to @npmcli/fs
npm warn deprecated @oclif/screen@3.0.8: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated npmlog@6.0.2: This package is no longer supported.
npm warn deprecated npmlog@6.0.2: This package is no longer supported.
npm warn deprecated @humanwhocodes/config-array@0.13.0: Use @eslint/config-array instead
npm warn deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm warn deprecated are-we-there-yet@3.0.1: This package is no longer supported.
npm warn deprecated are-we-there-yet@3.0.1: This package is no longer supported.
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated @humanwhocodes/object-schema@2.0.3: Use @eslint/object-schema instead
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm warn deprecated gauge@3.0.2: This package is no longer supported.
npm warn deprecated gauge@4.0.4: This package is no longer supported.
npm warn deprecated gauge@4.0.4: This package is no longer supported.
npm warn deprecated fstream@1.0.12: This package is no longer supported.
npm warn deprecated node-domexception@1.0.0: Use your platform's native DOMException instead
npm warn deprecated eslint@8.57.1: This version is no longer supported. Please see https://eslint.org/version-support for other options.

shazron and others added 5 commits March 18, 2026 03:26
@shazron @claude
fix: reduce npm install deprecation warnings
a7a7e47 
- Bump @oclif/core from 2.11.9 to 2.16.0
- Bump @oclif/plugin-plugins to ^5.4.58 (was ^5)
- Add npm overrides to force rimraf@^5.0.7 and tar@^7.4.3 for
  transitive deps that pull in deprecated older versions

Remaining warnings require upstream fixes — see PR description.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@shazron @claude
fix: remove deprecated babel-runtime dev dependency
46715f6 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@dependabot @shazron
chore(deps): bump @oclif/plugin-autocomplete from 3.2.18 to 3.2.28 (#748
26f7e6e 
)

Bumps [@oclif/plugin-autocomplete](https://github.com/oclif/plugin-autocomplete) from 3.2.18 to 3.2.28.
- [Release notes](https://github.com/oclif/plugin-autocomplete/releases)
- [Changelog](https://github.com/oclif/plugin-autocomplete/blob/main/CHANGELOG.md)
- [Commits](oclif/plugin-autocomplete@3.2.18...3.2.28)

---
updated-dependencies:
- dependency-name: "@oclif/plugin-autocomplete"
  dependency-version: 3.2.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @shazron
chore(deps-dev): bump minimatch from 3.1.2 to 3.1.5 (#785)
a6d81a1 
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@shazron @claude
fix: reduce npm install deprecation warnings
35f3723 
- Bump @oclif/core from 2.11.9 to 2.16.0
- Bump @oclif/plugin-plugins to ^5.4.58 (was ^5)
- Add npm overrides to force rimraf@^5.0.7 and tar@^7.4.3 for
  transitive deps that pull in deprecated older versions

Remaining warnings require upstream fixes — see PR description.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@shazron shazron force-pushed the fix/reduce-npm-install-warnings branch from 0228bb4 to 35f3723 Compare March 17, 2026 19:27
@shazron
Copy link
Member Author

shazron commented Mar 17, 2026

sorry I had to force-push - I was in merge conflict hell with a rebase of all the PRs that were merged in

pru55e11
pru55e11 approved these changes Mar 18, 2026
View reviewed changes
Copy link

@pru55e11 pru55e11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🙏

@shazron
Copy link
Member Author

shazron commented Mar 18, 2026

Note: tests are failing because of a pending administrative issue - should clear up once that is resolved.

This was referenced Mar 18, 2026
Open
Open
Open
Open
Open
Open
Open
Open
@shazron shazron merged commit 7777463 into master Mar 18, 2026
18 of 27 checks passed
@shazron shazron deleted the fix/reduce-npm-install-warnings branch March 18, 2026 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@moritzraho moritzraho moritzraho approved these changes

@pru55e11 pru55e11 pru55e11 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

npm install warnings >= v10.1.0

3 participants

@shazron @moritzraho @pru55e11