coolaj86/acme.js-ARCHIVED
2
1
複製 0
程式碼 問題管理 4 合併請求 3 版本發佈 Activity

upgrade to node.js 8.x/10.x features #23

建立問題
已關閉
opened 2019-05-17 13:19:24 +00:00 by Ghost · 4 comment
Ghost 評論 2019-05-17 13:19:24 +00:00
Copy Link

The code can be much simpler to read, understand and contribute if you can drop support EOL versions of node.js. Promises can become async/awaits, string concatenation - template literals.

Also, enabling ESLint can detect most common mistakes.

I can create a pull request with all these changes (I already have it working in production) if you are ok with this change

The code can be much simpler to read, understand and contribute if you can drop support EOL versions of node.js. Promises can become async/awaits, string concatenation - template literals. Also, enabling ESLint can detect most common mistakes. I can create a pull request with all these changes (I already have it working in production) if you are ok with this change
coolaj86 評論 2019-05-17 14:47:40 +00:00
管理員
Copy Link

Hey gugu,

Awesome to hear, but now I wish I had published the roadmap or published in some other way what I've been in the middle of.

Major Version on the way

I actually just did a rewrite of this for the browser last week and fixed a number of bugs and cleanup up some of the code:

Of particular import is a bugfix to the nonce handling and supporting ACME draft 15, which becomes mandatory in November.

I wrote the code on purpose to be easy to port to the browser, it just took me a while to actually porting it. I plan to port that all back to node (which is far much less work), and in doing so I'm going to be keeping some of the things that otherwise are... stupid things to do (like the whole encodings package). 100% "isomorphism" isn't a hard-and-fast goal, per se, but it turns out to be convenient.

Along with that, I've dropped all of the old code that was only there for backwards compatibility (which made a mess of the place), and made it so that greenlock.js challenge plugins are 1:1 with acme.js challenge handlers.

That said, the next release will be a breaking change.

Node v6 is alive and well

Looking at stats we have a TON of users still on node v6. I don't want to use any syntax that doesn't work in node v6, but I do want to include some sort of polyfill file that handles a few things like Buffers and Promises, some of which has already been done:

About half of our users are on Windows and I don't recall the exact number, but something like 30% are on node v6. I could look it up (these numbers come from greenlock.js and rsa-compat.js, which accounts for most of the installs of acme-v2.js).

Less Tooling => Better Security

I've been using JSHint. I should probably publish my .jshintrc into the repo, but I'm guessing all the same options could be set in .eslint as well.

I'm very wary of the security vulnerabilities in the big tools chains, especially with all the malware that was published to npm last year (stealing credentials, stealing bitcoin wallets, etc) and made it into big tool chains (everyone who had create-react-app).

Do it anyway

That said, go ahead and make the PR so that I can see what the changes look like.

Hey gugu, Awesome to hear, but now I wish I had published the roadmap or published in some other way what I've been in the middle of. ## Major Version on the way I actually just did a rewrite of this for the browser last week and fixed a number of bugs and cleanup up some of the code: * https://git.rootprojects.org/root/bluecrypt-acme.js * https://rootprojects.org/acme/ (ugly technical demo) * https://rootprojects.org/acme/bluecrypt-acme.js * https://greenlock.domains/ (pretty, soon to be migrated to acme.js) Of particular import is a bugfix to the `nonce` handling and supporting ACME draft 15, which becomes mandatory in November. I wrote the code on purpose to be easy to port to the browser, it just took me a while to actually porting it. I plan to port that all back to node (which is far much less work), and in doing so I'm going to be keeping some of the things that otherwise are... stupid things to do (like the whole encodings package). 100% "isomorphism" isn't a hard-and-fast goal, per se, but it turns out to be convenient. Along with that, I've dropped all of the old code that was only there for backwards compatibility (which made a mess of the place), and made it so that greenlock.js challenge plugins are 1:1 with acme.js challenge handlers. That said, the next release will be a breaking change. ## Node v6 is alive and well Looking at stats we have a TON of users still on node v6. I don't want to use any syntax that doesn't work in node v6, but I do want to include some sort of polyfill file that handles a few things like Buffers and Promises, some of which has already been done: * https://www.npmjs.com/package/buffer-v6-polyfill About half of our users are on Windows and I don't recall the exact number, but something like 30% are on node v6. I could look it up (these numbers come from greenlock.js and rsa-compat.js, which accounts for most of the installs of acme-v2.js). ## Less Tooling => Better Security I've been using JSHint. I should probably publish my `.jshintrc` into the repo, but I'm guessing all the same options could be set in `.eslint` as well. I'm very wary of the security vulnerabilities in the big tools chains, especially with all the malware that was published to npm last year (stealing credentials, stealing bitcoin wallets, etc) and made it into big tool chains (everyone who had create-react-app). ## Do it anyway That said, go ahead and make the PR so that I can see what the changes look like.
Ghost 評論 2019-05-17 16:51:35 +00:00
Author
Copy Link

Node v6 is alive and well

Better Security

The problem is node v6 maintenance is over. No more security and bug fixes, as far as I understand:
https://github.com/nodejs/Release

I hope I'll send a PR soon

> Node v6 is alive and well > Better Security The problem is node v6 maintenance is over. No more security and bug fixes, as far as I understand: https://github.com/nodejs/Release I hope I'll send a PR soon
coolaj86 評論 2019-05-21 04:32:09 +00:00
管理員
Copy Link

I got sick over the weekend and didn't finish the new version. Should be done by this weekend.

I got sick over the weekend and didn't finish the new version. Should be done by this weekend.
coolaj86 評論 2019-07-08 13:56:31 +00:00
管理員
Copy Link

I update the browser version ( https://greenlock.domains/app/js/bluecrypt-acme.js ), but I haven't backported it to node yet, but I will.

I update the browser version ( https://greenlock.domains/app/js/bluecrypt-acme.js ), but I haven't backported it to node yet, but I will.
登入 才能加入這對話。
No Branch/Tag Specified
分支列表 標籤列表
標籤
No items
未選擇標籤
里程碑
No items
未選擇里程碑
Assignees
Clear assignees
coolaj86
No Assignees
2 參與者
訊息
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coolaj86/acme.js-ARCHIVED#23
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?