This document describes the recommended maintenance operations for the project (Docusaurus / Node), with the goal of:
- keeping dependencies up to date and secure
- avoiding build warnings and issues
- having a repeatable, low-stress maintenance process
Run these steps when:
- GitHub reports security vulnerabilities (Dependabot / Security alerts)
- you upgrade Node or npm
- the build starts showing unusual warnings
- every 2–3 months as routine maintenance
From the project root:
npm installThis is used to:
- realign the dependency tree
- apply any configured
overrides - update the
package-lock.json
Check for known vulnerabilities:
npm auditIf issues are reported:
npm audit fix- Always prefer
npm audit fix - Avoid
npm audit fix --forceunless absolutely necessary (it may introduce breaking changes)
When a vulnerability affects a transitive dependency, identify which package pulls it in:
npm ls <package-name>Examples:
npm ls qs
npm ls node-forge
npm ls lodashThis helps decide whether to:
- upgrade the parent package
- use
overrides
If Dependabot cannot open a PR:
- add to
package.json:
"overrides": {
"<package>": "<secure-version>"
}- then run:
npm install
npm audit
npm run build- commit only:
package.jsonpackage-lock.json
Every maintenance change must be verified with a build:
npm run buildIf deprecation warnings clutter CI logs:
NODE_OPTIONS=--no-deprecation npm run buildIf Docusaurus:
- reports missing files that no longer exist
- shows outdated or ghost sidebars
- keeps stale content
run:
npm run clear
npm run buildIf the build shows a baseline-browser-mapping warning:
npm i baseline-browser-mapping@latest -DThen verify with a new build.
package.jsonpackage-lock.json
node_modules/- local caches
- generated build artifacts (unless part of your workflow)
npm install
npm audit
npm audit fix
npm run buildIf something feels off:
npm run clear