Request Has Been Deprecated
Now that one of the biggest NPM packages has been deprecated, what does that mean for your project?
As of February 11, 2020, one of the biggest NPM packages — Request — has been officially deprecated.
This popular library has been around for more than a decade, with the first version released in 2009. Since then, it has received more than 16 million weekly downloads and more than 47,000 libraries are dependent on it.
Why Would the Author Stop Development?
In his own words, original author Mikeal Rogers stated:
- Ride the wave of change
At first, Rogers thought he could adapt, but he ultimately chose the latter and goes on to say that “The patterns at the core of
request are out of date.” Instead of surviving through the transition, the author is convinced that it’s the opposite.
What Does This Mean for You?
Well, a lot if you’re one of the 47,000 dependent libraries or someone who uses it. And chances are you do. Using deprecated packages is not ideal, but it doesn’t mean that you have to change now.
Request will hitherto be in maintenance mode.
According to Rogers, here’s the plan:
requestwill stop accepting new features.
requestwill stop considering breaking changes.
- The committers who are still active will try to merge fixes in a timely fashion. No promises, though.
- Releases will be fully automated. Any merge into master will be published.
So What Are the Alternatives?
There’s a GitHub thread dedicated to this issue.
npm audit to check the security of your project’s dependency tree and fix any vulnerabilities.