-
Notifications
You must be signed in to change notification settings - Fork 551
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use md5 node module #1308
Use md5 node module #1308
Conversation
ac1d26b
to
8db9b91
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Works as described 👍
hash.update(email.trim().toLowerCase()); | ||
let digest = hash | ||
.digest() | ||
let hash = md5(email.trim().toLowerCase()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const
? (I didn't realize we don't have the prefer const rule enabled in eslint!)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to add that! I think I'll merge and then add that rule and the fixes in another pr
8db9b91
to
c598726
Compare
What was the purpose of this PR? Were we having trouble with the |
We were including create-hash that does a lot of things besides creating an md5 hash. If I remember correctly I did away the middleman and just included the md5 library which just creates an md5 hash. |
Ah. I just noticed now that this merged months ago. I guess @belcherj we're saying that the purpose was to eliminate superfluous dependencies? Did you catch a before-and-after count of dependencies in the I'm not sure if I did this properly, and with
For counting unique packages in npm list | sed -e 's/[├┬│─└]//g' | sed -e 's/^[[:space:]]*//' | sed -e 's/@.*//g' | sort | uniq | wc -l Either way it looks like this change probably increased our dependency count and did so in a mostly insignificant way. |
I did not catch the before and after but: https://www.npmjs.com/package/md5 has three dependencies which in turn have zero dependencies. https://www.npmjs.com/package/create-hash has 5 dependencies which in turn have more dependencies. Not sure how the number of dependencies could have gone up. |
I wish I were better at navigating the dependency tree and finding answers to these kinds of questions. From some additional basic investigation…
So I think what happened is we added a new top-level dependency we didn't already have in our dependency tree before but we also didn't remove any of the dependencies for the package we were presumably replacing. In effect, this didn't do anything but introduce a new dependency. Had we used If we continue with the numbers from earlier then by switching |
See #1308 When we added a new direct dependency on `md5` we inadvertendly created three new dependencies to the application. We intended to _remove_ a depdendency on `create-hash` but that library was already transitively pulled in via several other packages. Those packages and `create-hash` depend on `md5.js` and when we added `md5` as a requirement it added something we didn't already have. In this patch we're replacing our use of `md5` with `md5.js` and thus removing the added dependencies, since `md5.js` is already in the project. An alternative approach to remove the excess dependencies would be to revert #1308 and rely directly on `create-hash` again. Before applying this patch there are 1160 directories in `node_modules`. After applying this patch there are 1157 directories in `node_modules`. This count may or may not be relevant.
See #1308 When we added a new direct dependency on `md5` we inadvertendly created three new dependencies to the application. We intended to _remove_ a depdendency on `create-hash` but that library was already transitively pulled in via several other packages. Those packages and `create-hash` depend on `md5.js` and when we added `md5` as a requirement it added something we didn't already have. In this patch we're replacing our use of `md5` with `md5.js` and thus removing the added dependencies, since `md5.js` is already in the project. An alternative approach to remove the excess dependencies would be to revert #1308 and rely directly on `create-hash` again. Before applying this patch there are 1160 directories in `node_modules`. After applying this patch there are 1157 directories in `node_modules`. This count may or may not be relevant.
Fix
This uses a node module that only does md5 not a host of other hashing functions. This is only used in the sharing modal to pull down a users Gravatar
Test
Review
Only one developer is required to review these changes, but anyone can perform the review.
Release
RELEASE-NOTES.txt
was updated in d3adb3ef with:Closes: #1294