Will It Vibe?
DEP-004Info severity-2 points

Deprecated/abandoned package

Part of Dependencies & Hygiene, which counts for 10% of the overall score. When this check fires it deducts 2 points from that category, once per scan, no matter how many places it turns up.

What it detects

A dependency with well-known deprecation/abandonment status was found (curated list).

Why it matters

A deprecated package stops receiving fixes, so any bug or vulnerability found in it stays there for as long as you ship it. The ones this rule flags (request, moment, left-pad, node-uuid) all have direct, well-supported replacements, and some print deprecation warnings on every install. Migrating now is far cheaper than migrating after a CVE forces the issue.

How to fix it

Replace request with native fetch (built into Node 18+) or got/axios if you need retries and hooks. Replace moment with day.js (near drop-in API) or date-fns/luxon; replace left-pad with the built-in String.prototype.padStart; replace node-uuid with the uuid package or crypto.randomUUID(). Migrate call sites one package at a time, then npm uninstall the old package and confirm your tests still pass.

The paid report includes a ready-to-paste prompt for your AI coding agent for every check it finds, pointed at the exact findings from your scan. See pricing

Does your repo trip this check?

Paste a GitHub URL or drop a project folder. Scans run in your browser and take seconds.

Scan your repo

Related Dependencies & Hygiene checks