NPM deprecated packages is sometimes even bigger security or stability risk for a project than known vulnerabilities (that have a lot of monitoring tools). However, there is no easy way to check for deprecation as both npm outdated nor yarn outdated says nothing about deprecated packages.
You may see NPM warning on first install of that package, but those warning can be easily lost in a lot of log messages during install or even will not appear for a mature project.
This action checks for all project dependencies (dependencies, devDependencies and resolutions) and fails the action if a deprecated dependency found:
Compatible with Yarn and Lerna monorepos.
uses: tinovyatkin/action-check-deprecated-js-deps@v1
with:
ignore: css-mqpacker # you can optionally ignore some deprecations
root: packages # optionally specify a root folder to search for package.jsonsSee the actions tab for runs of this action! 🚀