Closed GustavoOS closed 2 months ago
brianloveswords
commented
2 months ago since this is built into Node now, that's a good reason to ditch it, but I do want to call out that base64url has no dependencies. it has devDependencies on tap, which transitively require diff and glob.
GustavoOS
commented
2 months ago since this is built into Node now, that's a good reason to ditch it, but I do want to call out that
base64urlhas no dependencies. it has devDependencies ontap, which transitively requirediffandglob.
This package is used for security purposes, so having public vulnerabilities isn't something you want when trusting a security related package. I created a PR that is currently passing all tests, and it removes this dependency thing and uses node Buffer API.
tmountjr
commented
2 months ago Thank you both - I'm rolling out v2.0.2 to npm now. I also set up some automation around running tests on PRs so @GustavoOS you shouldn't have to do your own test check.
Base64url is a package whose functionality was merged into Node itself via Buffer api. It has high vulnerabilities due to depending on diff@1.4.0 and glob@7.2.3.