Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

8.5.0 release includes semver package in release bundle? #582

Closed
audiolion opened this issue Mar 1, 2019 · 1 comment
Closed

8.5.0 release includes semver package in release bundle? #582

audiolion opened this issue Mar 1, 2019 · 1 comment

Comments

@audiolion
Copy link

audiolion commented Mar 1, 2019
edited

the 8.5.0 version is almost double the size of 8.4.0, and the culprit seems to be that the semver package somehow got bundles into the production build of 8.5.0

https://bundlephobia.com/result?p=jsonwebtoken@8.5.0

it looks like it was a result of this PR #573

not sure if there is much that can be done to change it
@panva
Copy link
Contributor

panva commented Mar 2, 2019

Hi Ryan,

somehow

It's not somehow, there's support for RSASSA-PSS algorithms now which is only bundled in node.js version ^6.12.0, not 7, and then >=8.

Detecting this can either be done with semver package, which is what the discussion in the PR lead to, that's the most stable way of doing this check.

Since the crypto module's exported constants differ between 4,6,7,8 etc you'd have to dig out which ones are necessary and do the support function differently. That being said it's not consistent behaviour between versions.

FWIW I'd still just bump the minimal major to v8.9.0 which is the first lts/carbon release and stopped caring about the constants.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@panva @audiolion