Giter VIP home page Giter VIP logo

Comments (6)

jonathanstiansen avatar jonathanstiansen commented on June 2, 2024 2

Specifically on React-native this is an issue.

from simple-crypto-js.

dcaillibaud avatar dcaillibaud commented on June 2, 2024 2

Unbelieveable, how a lib can break all encrypted content with an update with semver ?
Without any way to retrieve all contents already encrypted with previous version ?

I know how open source dev is difficult, and how receiving such complains from people using your work is a pain, but here is a good example of things you should NEVER do.

Ok to mark 2.2 obsolete and vulnerable, but at least change the major version number with such a breaking change. And providing a clue about how to migrate content could be nice.

You could for example publish a 2.x.y version with both 2.3 and 2.2 ciphers, with something like this

try {
  // decrypt with 2.3 cipher
} catch (error) {
  try {
    // decrypt with obsolete 2.2 cipher
  } catch (error2) {
    // it wasn't a cipher pb, throw previous
    throw error
  }
}

I'll do this forking 2.2 version under another name, but it was really a bad surprise 👎

from simple-crypto-js.

lorenc-tomasz avatar lorenc-tomasz commented on June 2, 2024

Agree.

I'll do this forking 2.2 version under another name,

@dcaillibaud When you do so, please give us an info here :)

from simple-crypto-js.

dcaillibaud avatar dcaillibaud commented on June 2, 2024

You can do it now, even without forking, set in package.json

"simple-crypto-js": "^2.3.0",
"old-simple-crypto-js": "github:danang-id/simple-crypto-js#2.2.0",

then in your code (after installing npm dependencies)

import SimpleCrypto from 'simple-crypto-js'
import OldSimpleCrypto from 'old-simple-crypto-js'

try {
  // decrypt with SimpleCrypto
} catch (error) {
  try {
    // decrypt with OldSimpleCrypto
  } catch (error2) {
    // it wasn't a cipher pb, throw previous
    throw error
  }
}

from simple-crypto-js.

lorenc-tomasz avatar lorenc-tomasz commented on June 2, 2024

Thanks. Didn't think about this solution. Thanks.

from simple-crypto-js.

danang-id avatar danang-id commented on June 2, 2024

Sorry about the breaking changes and not following semver carefully. Unfortunately, I don't think there will be a fix about this issue, and I see the workaround by @dcaillibaud should be enough. Closing this issue for now.

P.S. This project currently not in active maintenance.

from simple-crypto-js.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.