Running npm list in the project directory will give you a dependency tree, and a simple text search for outdated packages will indicate where they came from.
As a workaround to obsolescence issues, you can use npm-shrinkwrap ( usage example ).