npm outdated won't tell you if a package is abandoned — so I built `stale-deps`

The problem

Developers often don't realize their project dependencies have been abandoned — npm outdated shows version lag but not how long ago a package was last published, leaving stale and potentially vulnerable packages silently lurking in codebases.

As a solution, I created stale-deps

Scan your package.json for packages that haven't been updated in a while — spot potentially abandoned npm packages instantly. Zero-dependency Node.js:

npx stale-deps

Output:

Checking 12 packages (threshold: 365 days)...

⚠  3 stale packages found:

  PACKAGE    VERSION  LAST UPDATED   DAYS AGO
  node-uuid  1.4.8    2017-03-11      2982d  (8y 1m)
  request    2.88.2   2020-02-14      1912d  (5y 3m)
  colors     1.4.0    2021-01-16      1576d  (4y 3m)

✓ 9 packages recently updated.

How it works

Hits the npm registry public JSON API for each dep, gets _npmPublishTime, computes age, outputs a sorted table. Batches 10 requests at a time. Zero dependencies.

Part of µ micro — one new developer CLI tool shipped every day.