I am installing a module globally

$ npm install -g X

and NPM says

"npm WARN deprecated lodash@1.0.2: lodash@<3.0.0 is no longer maintained. Upgrade to lodash@^4.0.0"

how can I find out which module has an dependency on this old version of lodash?

The warning message from NPM doesn't seem to give me any clue which module references this old version (I believe that the module X does not have a direct dependency on this old version of lodash.).

I got an answer for the similar question: https://stackoverflow.com/a/36335866/1115187

Briefly:

npm outdated --depth=3

This command will analyze installed NPM-packages and their versions. The report will contain:

1. package name
2. latest version
3. current version
4. dependency path (down to depth level)

Hope, this information could help you to gather info about outdated packages.

Next step - get in touch with maintainers of the appropriate package, and ask them to update the package (maybe, you would like to send a pull request).

UPD: npm-check

There is a great npm package: npm-check, that allows checking outdated dependencies. Probably

My favorite feature: Interactive Update — run npm-check -u in the project folder. An interactive menu shows all required information about dependencies in the current folder and allows to update all dependencies in 3 seconds.

npm la <package-name> 

also works, and will give you the most details about the dependency graph of a dependency.

npm ls <package-name>, does something similar but gives you less details

Use npm list. It will print out all of the packages your module depends on as well as your dependencies dependencies and so forth. Maybe redirect output to a file or grep it so you can search it more easily.

You could search through all the package.json files under node_modules and see which ones are dependent on lodash 1.0.2.