The latest articles on DEV Community by Mu Micro (@mumicrotools). https://dev.to/mumicrotools https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3923619%2F6c757b8b-218e-4fd7-ab35-6cc598405e42.png https://dev.to/mumicrotools en Mu Micro Mon, 11 May 2026 12:35:24 +0000 https://dev.to/mumicrotools/npm-outdated-wont-tell-you-if-a-package-is-abandoned-so-i-built-stale-deps-29ci https://dev.to/mumicrotools/npm-outdated-wont-tell-you-if-a-package-is-abandoned-so-i-built-stale-deps-29ci <h2> The problem </h2> <p>Developers often don't realize their project dependencies have been abandoned — <code>npm outdated</code> shows version lag but not how long ago a package was last published, leaving stale and potentially vulnerable packages silently lurking in codebases.</p> <h2> As a solution, I created <code>stale-deps</code> </h2> <p>Scan your package.json for packages that haven't been updated in a while — spot potentially abandoned npm packages instantly. Zero-dependency Node.js:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx stale-deps </code></pre> </div> <p>Output:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Checking 12 packages (threshold: 365 days)... ⚠ 3 stale packages found: PACKAGE VERSION LAST UPDATED DAYS AGO node-uuid 1.4.8 2017-03-11 2982d (8y 1m) request 2.88.2 2020-02-14 1912d (5y 3m) colors 1.4.0 2021-01-16 1576d (4y 3m) ✓ 9 packages recently updated. </code></pre> </div> <h2> How it works </h2> <p>Hits the npm registry public JSON API for each dep, gets <code>_npmPublishTime</code>, computes age, outputs a sorted table. Batches 10 requests at a time. Zero dependencies.</p> <p>Part of <a href="https://anishpunati.github.io/mumicro/" rel="noopener noreferrer">µ micro</a> — one new developer CLI tool shipped every day.</p> node cli devtools opensource