You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
the 8.5.0 version is almost double the size of 8.4.0, and the culprit seems to be that the semver package somehow got bundles into the production build of 8.5.0
It's not somehow, there's support for RSASSA-PSS algorithms now which is only bundled in node.js version ^6.12.0, not 7, and then >=8.
Detecting this can either be done with semver package, which is what the discussion in the PR lead to, that's the most stable way of doing this check.
Since the crypto module's exported constants differ between 4,6,7,8 etc you'd have to dig out which ones are necessary and do the support function differently. That being said it's not consistent behaviour between versions.
FWIW I'd still just bump the minimal major to v8.9.0 which is the first lts/carbon release and stopped caring about the constants.
the 8.5.0 version is almost double the size of 8.4.0, and the culprit seems to be that the
semver
package somehow got bundles into the production build of 8.5.0https://bundlephobia.com/result?p=jsonwebtoken@8.5.0
it looks like it was a result of this PR #573
not sure if there is much that can be done to change it
The text was updated successfully, but these errors were encountered: