The problem
Developers often don't realize their project dependencies have been abandoned — npm outdated shows version lag but not how long ago a package was last published, leaving stale and potentially vulnerable packages silently lurking in codebases.
As a solution, I created stale-deps
Scan your package.json for packages that haven't been updated in a while — spot potentially abandoned npm packages instantly. Zero-dependency Node.js:
npx stale-deps
Output:
Checking 12 packages (threshold: 365 days)...
⚠ 3 stale packages found:
PACKAGE VERSION LAST UPDATED DAYS AGO
node-uuid 1.4.8 2017-03-11 2982d (8y 1m)
request 2.88.2 2020-02-14 1912d (5y 3m)
colors 1.4.0 2021-01-16 1576d (4y 3m)
✓ 9 packages recently updated.
How it works
Hits the npm registry public JSON API for each dep, gets _npmPublishTime, computes age, outputs a sorted table. Batches 10 requests at a time. Zero dependencies.
Part of µ micro — one new developer CLI tool shipped every day.
Top comments (0)