CLI 15.1.3 depends on deprecated/removed sudo-prompt package #2575
Description
Environment
react-native info Results
info Fetching system and libraries information...
System:
OS: macOS 15.1.1
CPU: (10) arm64 Apple M1 Max
Memory: 176.70 MB / 64.00 GB
Shell:
version: 3.2.57
path: /bin/bash
Binaries:
Node:
version: 23.5.0
path: /private/var/folders/01/4rfqmhmn03s0vby9xw8cz6qr0000gp/T/xfs-1afe380f/node
Yarn:
version: 4.6.0
path: /private/var/folders/01/4rfqmhmn03s0vby9xw8cz6qr0000gp/T/xfs-1afe380f/yarn
npm:
version: 10.9.2
path: ~/.nvm/versions/node/v23.5.0/bin/npm
Watchman:
version: 2024.08.26.00
path: /opt/homebrew/bin/watchman
Managers:
CocoaPods:
version: 1.15.2
path: /opt/homebrew/bin/pod
SDKs:
iOS SDK:
Platforms:
- DriverKit 24.2
- iOS 18.2
- macOS 15.2
- tvOS 18.2
- visionOS 2.2
- watchOS 11.2
Android SDK: Not Found
IDEs:
Android Studio: 2024.1 AI-241.19072.14.2412.12360217
Xcode:
version: 16.2/16C5032a
path: /usr/bin/xcodebuild
Languages:
Java:
version: 11.0.10
path: /usr/bin/javac
Ruby:
version: 2.6.10
path: /usr/bin/ruby
npmPackages:
"@react-native-community/cli": Not Found
react: Not Found
react-native: Not Found
react-native-macos: Not Found
npmGlobalPackages:
"*react-native*": Not Found
Android:
hermesEnabled: Not found
newArchEnabled: Not found
iOS:
hermesEnabled: Not found
newArchEnabled: Not found
Description
npm warns that the CLI package depends on a deprecated/removed package called sudo-prompt -- This is a pretty darn scary warning since it sounds like a security issue.
Reproducible Demo
- Use
npx @react-native-community/cli@latest initto access the CLI.
$ npx @react-native-community/cli@latest init --help
Need to install the following packages:
@react-native-community/cli@15.1.3
Ok to proceed? (y) y
npm warn deprecated sudo-prompt@9.2.1: Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.- Notice the scary warning you get from npm ^