What's the difference between "uuid" and "node-uuid" modules? #116
Comments
|
Currently, this module has unsafe default behaviour (#118) in both Node.js and browsers, whereas the defunctzombie fork only has this behaviour in browsers. Therefore, if running in Node.js, you should be using the fork. |
|
Thank you @joepie91 for your vigilance in detecting the fallback and providing your insight on which version to use. Will switch to the defunctzombie fork |
|
The issue has been resolved, but it begs the question if we should just deprecate this and put in the README.md that Thoughts @broofa? |
|
Well, I have some half-baked ideas around what v2 of this lib should look like - specifically, around making it more modular so dependent code can generate a particular version of uuid without having to include unnecessary code for other versions of uuid. E.g. V4 uuid generation shouldn't require the [large amount of] code need to shim SHA1 hash generation that v5 uuid creation depends on (which is why this lib doesn't currently support v3 or v5 uuid creation). I tinkered with this awhile ago on the v2.0.0 branch but never rears a point I was satisfied with, and life events have "de-prioritized" my interest in this... But, yeah, in an ideal world Id still like to see this happen. I've no idea what plans, if any, the 'uuid' project has for the next major version. But that would seem to be the main discriminator for what to do with these projects. My $.02. I'm open to suggestions, and will grudgingly admit my absentee-landlord status here warrants the 'uuid' fork... And apologize for that. |
Agreed. To ask this another way, is there a reason Also just to throw into the mix... One 'dependency' on the |
|
Hey I think neither me or @defunctzombie have big ideas for the We will gladly give you push access @broofa to the That's it I think, otherwise we are good! |
|
I originally forked this because @broofa was unresponsive in claiming and On Monday, November 16, 2015, Vincent Voyer notifications@github.com
|
|
Great. Apologies, I wasn't actually advocating merging one way or the other (or one name vs the other), rather, I'm just supportive of these two code bases reconverging under one name to make the question of "which one should I choose" redundant. Thanks to everyone involved for their continued work on this. |
|
Thanks for having a civil discourse about this. I need to trim some of my related projects to only use one or the other of these and keep accidentally using one or the other. |
|
I just submitted pull requests to all the packages in my dependency trees that depended on
There may be other packages that depend on |
|
update: one down, three to go |
|
vow-fs switched |
|
Hi @ALL, can I get some support for my PR over at request/request#2182 ? It's the last major package that hasn't switched over to |
|
@defunctzombie can you add a comment over at request/request#2182 (comment) ? I'm getting resistance from simov on moving request over to your fork of |
|
This doesn't seem to have been completely resolved and it's confusing as heck. I guess it's the peril of having a flat npm namespace, but we have two modules "uuid" and "node-uuid". Both of them are probably safe to use, both of them have lots of users, both of them seem to be maintained OK (although the less-maintained one is the one that has more users!) How do I decide which to use? Flip a coin? If you guys can decide on re-merging, you should do so, and formally deprecate one of them. |
|
@jez9999: Use |
|
I've added @defunctzombie as a contributor to this project and also added him as a collaborator in NPM. I'm hoping that will help break this project loose from my lack of attention. |
…s forked. The older one is headed for deprecation, and has some security problems ("SECURITY] node-uuid: crypto not usable, falling back to insecure Math.random()") which are fixed in the newer. Also, 'uuid' is available in the node_modules of stripes-core, so we don't need to add a dependency here. For the gritty details, see uuidjs/uuid#116 and linked discussions.
|
firebase/polymerfire uses node-uuid btw... |
|
@AlexNasonov How do you know that? I can't even see a |
|
@AlexNasonov Are you sure? |
At the risk of digging up skeletons,
I noticed @broofa is a contributor to both projects and the "uuid" repository by defunctzombie was forked from this repository by broofa.
They look similar, but the versions are very mismatched.
Is there a particular benefit of using one or the other? Why did defunctzombie fork?
Ryan
Reference:
"node-uuid" : https://github.com/broofa/node-uuid
"uuid" : https://github.com/defunctzombie/node-uuid
The text was updated successfully, but these errors were encountered: