Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Fix for Issue #50 not released for over two years

See original GitHub issue

Can you make a new release that fixes #50 (PR #52)? The issue has been solved, but unreleased, since Jul 18, 2017…

I just ran into this issue again, trying to sign a compressed payload: https://runkit.com/embed/mnbqn7bakltj

const pako = require('pako');
const jws = require('jws');

//function copy pasted from https://github.com/brianloveswords/node-jws/blob/master/lib/sign-stream.js#L8
function base64url(buf) {
    return buf
        .toString('base64')
        .replace(/=/g, '')
        .replace(/\+/g, '-')
        .replace(/\//g, '_');
}

const payload = Buffer.from(
    pako.deflateRaw('asdfasdfasdfasdf') //returns a Uint8Array
);

//expected: "SyxOSUtEwgA"
console.log(
    base64url(
        payload
    )
);
//actual: "SyxOSUtE77-9AA"
console.log(
    jws.sign({
        header: { alg: 'none' },
        payload,
        encoding: 'utf8'
    }).split('.')[1]
);

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:6

Top GitHub Comments

1reaction

davidgtongecommented, Apr 21, 2021

This library is clearly no longer being actively maintained, whereas jose is.

@panva @dschenkelman do you know what the plan is for this library? Personally I think it should be deprecated and people pointed to jose

0reactions

awatson1978commented, Apr 21, 2021

You mean no longer providing free development services? No longer pushing regular breaking changes? Sounds like a feature, not a flaw.

People judge tech requirements according to different requirements, some of which don’t include keeping up with every latest idea or proposal. 2 to 4 years between releases is completely reasonable for a mature library, such as jws, that has completed what it set out to implement.

The maintenance headaches with these kinds of libraries once they go mature is migrating them between package management systems and getting them loaded up in compilers and emulators. That tends to be more systems maintenance work than library programming.

So, as far as I can tell, the programming work was completed for #50 by way of the open source community, and it was only the publication process that broke down. But Microsoft has stepped in and provided an alternative.

Seems like it’s being maintained to me. Responsibilities are organized differently than they used to be, though, and being managed by the open-source community and Microsoft. Which is sort of the intent of open-source in the first place. ¯\(ツ)/¯