Hahn-Solo Product Management
  • Dashboard
  • Technologies
  • Competitors
  • Tasks
Theme
Basic Information
Status
Open
Priority
Later
Category
Trending Feature
Repo
JSS PM
Effort
Moderate
Task ID
T-5FB35C6C
Details
Improve Deprecated Packages Housekeeping
Address issue #2182 (deprecated npm dependencies) by updating `rimraf`, `glob`, and other deprecated transitive dependencies flagged in the issue. While this is normally a QoL task, deprecated dependencies with known vulnerabilities compound the security audit surface. Prioritize only dependencies with security implications; defer pure deprecation cleanups.
Why
Issue #2182 flags multiple deprecated dependencies. In maintenance mode, only security-relevant deprecations should be addressed. However, resolving them reduces noise in `yarn audit` output, making genuine security findings easier to spot.
Evidence
GitHub issue #2182
Details
Context: Issue #2182 flags multiple deprecated npm dependencies across the monorepo (rimraf, glob, ESLint-related). In maintenance mode, this is normally a "Later" task, but deprecated dependencies increase noise in security audit output, potentially masking genuine vulnerabilities. Resolving the security-relevant subset improves the signal-to-noise ratio of `yarn audit`.

Steps:
1. Review the full list in issue #2182
2. Categorize each deprecated dependency: security-relevant vs. pure deprecation
3. For security-relevant items: update to maintained alternatives (e.g., `rimraf` -> native `fs.rm`, `glob` -> `fast-glob`)
4. For pure deprecation items: document as known tech debt, defer past EOL
5. Run `yarn audit` after changes to verify reduced noise

Acceptance criteria:
Security-relevant deprecated dependencies replaced
`yarn audit` output cleaner (fewer false-positive noise items)
Remaining deprecations documented in issue #2182

Risks: Replacing `rimraf` or `glob` could break build scripts that depend on their specific CLI interfaces. Test the full `yarn build` and `yarn test-packages` pipeline after changes.

---

Source Report
reports/product-management/jss/2026-04-05-jss-pm.md
Report date: Apr 5, 2026