Skip to content
Latchkey

npm "deprecated" Warnings Blocking the Build via audit-level in CI

npm prints deprecated warnings during install and reports vulnerabilities via npm audit. A pipeline that runs npm audit with a low audit-level, or treats any warning as fatal, fails the build on findings it should only surface.

What this error means

An install or audit step exits non-zero citing deprecation warnings or audit findings, even though the packages installed successfully. Lowering the audit threshold or removing the gate makes it pass.

node
npm warn deprecated rimraf@2.7.1: Rimraf versions prior to v4 are
no longer supported

# audit gate then fails the job:
npm audit --audit-level=moderate
found 3 moderate severity vulnerabilities
npm ERR! code 1

Common causes

An audit gate set too strictly

A step runs npm audit --audit-level=<low> and exits non-zero on findings that are advisory, not build-breaking.

Deprecation warnings treated as errors

A wrapper that fails on any npm warning escalates harmless deprecated notices into build failures.

How to fix it

Separate auditing from installing

Keep npm ci as the install and run npm audit as a separate, non-blocking (or appropriately thresholded) report.

workflow
- run: npm ci
- run: npm audit --audit-level=high || true

Address the deprecated dependency at its source

Upgrade or replace the deprecated package so the warning disappears legitimately.

  1. Identify the deprecated package and which dependency pulls it.
  2. Upgrade that dependency or add an override to a maintained version.
  3. Re-run the install and confirm the warning is gone.

How to prevent it

  • Keep install and audit as separate steps with intentional thresholds.
  • Do not treat npm warnings as build-fatal.
  • Track and upgrade deprecated dependencies over time.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →