How to Fix Dependency Rot in Projects You Haven't Touched in Months

So the dev job market is warming back up — postings are up 15% since mid-2025 according to FRED data. If you're anything like me, that means you're dusting off side projects and portfolio repos that have been sitting untouched. And then you run npm install and everything explodes. Dependency rot is real, and it's one of the most frustrating problems in modern development. You didn't change a single line of code, but suddenly nothing builds. Why This Happens The root cause is deceptively simple: your lockfile pins exact versions, but the ecosystem around those versions keeps moving. Here's what actually goes wrong: Transitive dependencies get yanked or deprecated. A package three levels deep in your tree publishes a breaking change or gets removed entirely. Node/Python/Ruby runtime versions drift. Your project expected Node 18, but your machine now runs Node 22. Native bindings compiled against the old version won't load. Registry metadata changes. Package registries occasionally restru