Hi Atlassian Team and fellow developers,
I recently installed @forge/cli globally using npm install -g @forge/cli and noticed a long list of deprecation warnings. Some of the dependencies used in the CLI have been deprecated for several years — including inflight, gar, lodash.pick, npmlog, and more.
Here’s a snippet of the installation log:
> npm install -g @forge/cli
npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm warn deprecated gar@1.0.4: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.
npm warn deprecated lodash.pick@4.4.0: This package is deprecated. Use destructuring assignment syntax instead.
npm warn deprecated lodash.isequal@4.5.0: This package is deprecated. Use require('node:util').isDeepStrictEqual instead.
npm warn deprecated npmlog@4.1.2: This package is no longer supported.
npm warn deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm warn deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm warn deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported
npm warn deprecated are-we-there-yet@1.1.7: This package is no longer supported.
npm warn deprecated gauge@2.7.4: This package is no longer supported.
npm warn deprecated memfs@3.6.0: this will be v4
changed 892 packages in 2m
Given that some of these packages were deprecated nearly a decade ago, I’m curious why the @forge/cli is still depending on them. Is there a migration plan or update scheduled to remove these deprecated packages?
Maintaining such outdated dependencies could pose security, performance, and reliability risks — especially for teams using Forge in production environments.
Looking forward to hearing from the Atlassian team or anyone maintaining the CLI. Thank you!