You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The request library actually isn't a great library to use. Judging by the fact that this library is pinned to ~ instead of ^ someone has probably already noticed that request has a really poor stance towards breaking changes (they are happy to include breaking changes from deps within minor release changes). Despite that the library is released frequently, meaning you need to update it regularly. The library is also bloated and a bit of a risk, it includes huge piles of dependences that are never used (hawk, aws, oauth, etc...) and each of those can have security bugs that need patching on top of bloating the package with huge deps that are never used.
A simple way of solving the npm warning and general issues with request would be to replace it. One alternative with a somewhat request like API is needle. You could also go with node-fetch.
The text was updated successfully, but these errors were encountered:
I wouldn't mind replacing it, but I believe this is the first problem with it. Alternatively, we could lock the dependency to a fixed version. Do you want to go on with a PR? Thanks
@rxaviers The current problem is that request is out of date because it's locked to ~, so locking it to an even more specific version will just make the issue worse.
True. It would require updating it and making potential API adjustments. Anyway, I'm open for a PR replacing it (perhaps with node-fetch). Thanks again
The request version in use by the current version of this library /
cldr-data
uses a version of request with a uuid warning.The
request
library actually isn't a great library to use. Judging by the fact that this library is pinned to~
instead of^
someone has probably already noticed thatrequest
has a really poor stance towards breaking changes (they are happy to include breaking changes from deps within minor release changes). Despite that the library is released frequently, meaning you need to update it regularly. The library is also bloated and a bit of a risk, it includes huge piles of dependences that are never used (hawk, aws, oauth, etc...) and each of those can have security bugs that need patching on top of bloating the package with huge deps that are never used.A simple way of solving the npm warning and general issues with
request
would be to replace it. One alternative with a somewhat request like API is needle. You could also go with node-fetch.The text was updated successfully, but these errors were encountered: