Comments (9)
peteratticusberg
commented on July 26, 2024
2
Touché. Who'd've guessed that Github has more information on the npm dependency graph than npm itself? Or that so many projects depend on the v0.0.3 release of a package? The world we live in.
So I just emailed Shane for npm access, if I get it I can cut a new release and publish it to npm but the package.json file for the current release (v0.0.3) is still going to link to a dead github url.
I don't know if this will fix the issue with commonly used dependency checkers (npm-check/npm-check-updates/depcheck) because I don't understand the circumstances under which they're using a github url rather than npm package names to locate package information. But for packages using optimistic versioning constraints hopefully it helps. (parse-server does not)
tldr hopefully the cavalry is on the way for dependency checkers.
In the mean time, I'd encourage people to put up PRs for repos using this package that replace it with bcrypt.js which has an identical interface, is faster, and actively maintained.
from bcrypt-nodejs.
jsachs
commented on July 26, 2024
1
Looks like @peteratticusberg is the one making commits to master now, and maybe he can update npm.
from bcrypt-nodejs.
joelgarciajr84
commented on July 26, 2024
Same here
from bcrypt-nodejs.
OmgImAlexis
commented on July 26, 2024
@shaneGirish this should really be addressed as it's an easy fix.
from bcrypt-nodejs.
jacob-rogers
commented on July 26, 2024
Would be appreciated if anybody of maintainers fix this link. Nice library, but that spoils the effect
from bcrypt-nodejs.
peteratticusberg
commented on July 26, 2024
Unfortunately I don't have access to npm and can't update the links.
As stated in the README however, this project is no longer actively maintained and our recommendation is that you use https://github.com/dcodeIO/bcrypt.js instead which is a fork of this repo.
from bcrypt-nodejs.
jsachs
commented on July 26, 2024
@peteratticusberg the problem is that many of the people commenting here use libraries that in turn still depend on this repo, and we cannot force them to update their dependencies. I believe it is possible to contact npm directly in situations like this.
I understand that this would be a lift on your part but it would be super helpful for cleaning up vulnerability management.
from bcrypt-nodejs.
peteratticusberg
commented on July 26, 2024
After checking on npm, I found one library that depends on this that has ~22 downloads/day. The next most used package had 6 downloads/day.
If there were more dependents, with higher download counts, I'd feel differently, but I think the proper fix here is to put up a PR for sei-core that updates its dependencies. If I could just simply update npm I would, but unfortunately I can't.
https://github.com/dcodeIO/bcrypt.js exposes the same api as this library so it should be an easy fix. It also runs 2.5x faster than this library, so it should improve the hashing performance of that package as well.
from bcrypt-nodejs.
OmgImAlexis
commented on July 26, 2024
Yeah... it's a little more than a few that use this library.
47,581 Repositories and 444 Packages.
https://github.com/shaneGirish/bcrypt-nodejs/network/dependents
One of the largest being Parse Server.
https://github.com/parse-community/parse-server/blob/master/package.json#L54
from bcrypt-nodejs.
Related Issues (20)
- Error while installing HOT 1
- node-gyp is required? HOT 1
- Did you plan a release?
- bcrypt compare returns false all the time HOT 4
- Error: global leak detected: lr HOT 7
- Salt in final hash result HOT 1
- Latest version is not published HOT 3
- package.json license field
- The link to github in package.json is wrong HOT 1
- Callback required error when hashing with 3 params HOT 2
- Use strict mode not working HOT 3
- RHEL6 wont compile no c++11 available HOT 2
- Maybe a CompareSync Bug HOT 6
- Standardized license HOT 3
- Rounds not optional in bcrypt.genSalt function HOT 1
- Not a valid BCrypt hash.
- hashSync broken, "TypeError: salt.charAt is not a function" HOT 2
- "Octal literal in strict mode" error in Webpack HOT 1
- Please mark the npm package / this project as deprecated HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bcrypt-nodejs.