npm "deprecated" Warnings Blocking the Build via audit-level in CI
npm prints deprecated warnings during install and reports vulnerabilities via npm audit. A pipeline that runs npm audit with a low audit-level, or treats any warning as fatal, fails the build on findings it should only surface.
What this error means
An install or audit step exits non-zero citing deprecation warnings or audit findings, even though the packages installed successfully. Lowering the audit threshold or removing the gate makes it pass.
npm warn deprecated rimraf@2.7.1: Rimraf versions prior to v4 are
no longer supported
# audit gate then fails the job:
npm audit --audit-level=moderate
found 3 moderate severity vulnerabilities
npm ERR! code 1Common causes
An audit gate set too strictly
A step runs npm audit --audit-level=<low> and exits non-zero on findings that are advisory, not build-breaking.
Deprecation warnings treated as errors
A wrapper that fails on any npm warning escalates harmless deprecated notices into build failures.
How to fix it
Separate auditing from installing
Keep npm ci as the install and run npm audit as a separate, non-blocking (or appropriately thresholded) report.
- run: npm ci
- run: npm audit --audit-level=high || trueAddress the deprecated dependency at its source
Upgrade or replace the deprecated package so the warning disappears legitimately.
- Identify the deprecated package and which dependency pulls it.
- Upgrade that dependency or add an override to a maintained version.
- Re-run the install and confirm the warning is gone.
How to prevent it
- Keep install and audit as separate steps with intentional thresholds.
- Do not treat npm warnings as build-fatal.
- Track and upgrade deprecated dependencies over time.