Comments (14)
I'm not sure I'm following your logic RE: versions.
afaik, e3a7bd4 was a non-breaking change, meaning we don't need a major version bump. We're not even at 1.x, let alone 2.x -- for good reason. I still don't think that we've had adequate expert security review (though we have had a LOT more than most other password libs in npm...)
If we cut a release, it needs to be 1.0.0, and I'm hoping to get a security expert to endorse the lib for the 1.0.0 release. If you want to commit a breaking change after that, the new version will be 2.0.0, not 3.0.0.
Right?
from credential.
All this said, I'd be happy to publish the latest master to npm, assuming all the tests still pass and there are no breaking changes. =)
from credential.
The version number was a mistake, I meant 0.3.
This is a breaking change, that's why you'd have to increase the version number: 47ab3b7
Because we are still on 0.x I guess it is fine to have breaking changes in the minor spot.
The v0.2.x
branch could be released as 0.2.6 - with the benefit of being an upgrade path for v0.3.x
.
I totally agree with you on the need for expert review by the way, and that it would be nice for a 1.0 release.
from credential.
Maybe we should just publish the latest with the breaking change as v1.0.0 and continue the push for security review towards a v2.0.0 that refuses to work without 2FA? ;)
from credential.
Sounds good to me.
But I think we should release a minor upgrade to the current 0.2.5
as well for those that have legacy dbs and want to migrate.
from credential.
You want to create a 0.x branch and prep it for a security update?
from credential.
As far as I can see none of the new commits are source changes, so I see no value in backporting those to 0.2.x.
My suggestion is therefore:
- Set up a 0.2.x branch here identical to mine (https://github.com/srcagency/credential/tree/v0.2.x)
- Bump version to 0.2.6 and release it (upgrade path for all existing users)
- Release 0.3 from current master
With your "go" I'll happily do 1-2.
from credential.
Go! =)
from credential.
Done. You should be able to checkout the v0.2.x
branch and do npm publish
.
from credential.
@tjconcept Do you know if there's any way to delegate publish permissions on npm (as in share them with your team)?
from credential.
Sure, just add a collaborator: npm owner add thomas-jensen credential
from credential.
Done. 😎
Precede. =)
from credential.
Mission accomplished. Almost two years after the last release, 0.2.6 is up.
from credential.
Next stop: 1.0. =)
from credential.
Related Issues (20)
- callback, promise or both HOT 10
- I can't make the cli work HOT 8
- Verifying with a pre-parsed JSON object HOT 4
- What if an attacker know that I am using this library? HOT 9
- The use of "time" - a weakness worth noting? HOT 13
- Why hash() just return string rather than object? HOT 2
- fix failing CI server
- Does it really needs webpack? HOT 7
- Node v6 deprecation - "crypto.pbkdf2 without specifying a digest is deprecated" HOT 3
- Release v2.0.0 on npm HOT 3
- Support bcrypt hashing method? HOT 1
- performance optimisation HOT 4
- Make errors programmatically processable HOT 7
- Do not encourage people to write security issue in public places HOT 1
- Default number of iterations seems extreme HOT 2
- Due to the large number of iterations, Its consuming the full CPU usage. HOT 7
- Update deps, freshen code, release new major version. HOT 7
- Bad default settings HOT 4
- the 'verify' function takes too much time, about 1.3 seconds HOT 2
- Inconsistent use of bytes length/encodings? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from credential.