updating npm packages - guiding lines?

[elicohenator]

hi there,
hope that's not a noob question :)
I've noticed some weird errors during clean install - i think it's because of some packages requiring old packages (the good & old npm recursing errors).

here are the errors i have during a clean install:

npm WARN deprecated node-uuid@1.4.7: use uuid module instead
npm WARN deprecated tough-cookie@2.2.2: ReDoS vulnerability parsing Set-Cookie https://nodesecurity.io/advisories/130
npm WARN deprecated minimatch@2.0.10: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated minimatch@0.2.14: Please update to minimatch 3.0.2 or higher to avoid a RegExp DoS issue
npm WARN deprecated graceful-fs@1.2.3: graceful-fs v3.0.0 and before will fail on node releases >= v7.0. Please update to graceful-fs@^4.0.0 as soon as possible. Use 'npm ls graceful-fs' to find it in the tree.
npm WARN deprecated lodash@1.0.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0.
npm WARN prefer global marked@0.3.6 should be installed with -g
npm WARN prefer global node-gyp@3.4.0 should be installed with -g

I've tried to go after some of the errors, for example after lodash package. it's required a lot of packages leading to gulp-sass - on FoundationPress's package.json file is requested on version 2.1.0. however on npmjs it says the updated package is 2.3.2.

So, what I've meant to ask is - should i update the package.json file? what should i check before making a pull request? and is there any work process good for that?

sorry for the long question and thanks in advance :)
Eli

[drewpyd85]

following...same issue

[olefredrik]

@elicohenator @drewpyd85 : Managing package dependencies and versions with npm can be a pain in the ass. I've experienced the same issues as you're pointing out. Just haven't had time to figure out how to deal with it yet. Here is a blogpost which seems to have a lot of great tips on how to fix this. Feel free to dig into it. Pull requests are very welcome.