drop support for obsolete `hapi` package
See original GitHub issueTo be clear, I’m talking about hapi
, and not about dropping @hapi/hapi
.
Starting with v17.9.0 and v18.2.0 the name changed from ‘hapi’ to ‘@hapi/hapi’.
hapi
(the old one) is deprecated, obsolete, unmaintained and has known major security issues. IIUC it is coming up on two years being so. https://github.com/hapijs/hapi/issues/4114 provides some details. Anything before @hapi/hapi@20
is in this “deprecated, …” group.
% npm ci
npm WARN deprecated hapi@18.1.0: This version contains severe security issues and defects and should not be used! Please upgrade to the latest version of @hapi/hapi or consider a commercial license (https://github.com/hapijs/hapi/issues/4114)
...
There are maintenance and testing costs to continuing to support it. The monstrous .tav.yml block hints at some of the complexity: https://github.com/elastic/apm-agent-nodejs/blob/a289d4428c2c1ac3a57b0767794cb28e928c1da4/.tav.yml#L408-L464
Also, note there are lingering minor issues:
- https://github.com/npm/cli/issues/2267 is an old unfixed issue with
npm install
and older versions of hapi (versions that we do currently install and test in our TAV tests) - The old ‘hapi’ packages used npm-shrinkwrap, which results in “extraneous” package entries in package-lock.json for npm versions before v8.6 (the default in node v16). So ‘hapi’ will be a contributor to noise in our package-lock updates.
open questions
- Do we drop it now, or do we wait for a major version bump of the agent?
Issue Analytics
- State:
- Created a year ago
- Comments:5 (4 by maintainers)
Top Results From Across the Web
The future of the hapi project, a prelude · Issue #4111 - GitHub
Due to lack of sustainable financial support, I have decided to stop working on all @hapi open source modules by the end of...
Read more >Changelog - hapi.dev
Drop node v12 support ... Discontinued support for hapi v16 ... `npm-shrinkwrap.json` not included in published `hapi` package.
Read more >hapi - npm
hapi is a simple to use configuration-centric framework with built-in support for input validation, caching, authentication, and other essential ...
Read more >hapi — v17 Upgrade Guide (Your Move to async/await)
The release of hapi v17 marks a change of the framework towards modern Node.js features. With v17, hapi has full end-to-end support for ......
Read more >Developing RESTful APIs with Hapi - Auth0
This is the latest major release version of the Node.js framework, and it was tagged on November 5, 2017. It's a major rewrite...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Yup, that was done both in the changelog (https://github.com/elastic/apm-agent-nodejs/pull/2698/files#diff-cb0601935fcaac3fea29b215282428b964b8b6e1bd5a6b8c68e84d651633c9e3) and supported-technologies doc page (https://github.com/elastic/apm-agent-nodejs/pull/2698/files#diff-d2a92236665ca681fc14a4b85cb60e74bf3d25b42328ca2390fca53156100d25) of #2698
And just make sure you document that the obsolete hapi package support is untested and deprecated so that users know they are using its instrumentation it at their own risk.