Open yelworc opened 1 year ago
Any suggestions to use a different package or should we just resort to writing the REST calls by ourselves?
Yes – I specifically asked if direct REST API calls were the recommended way to use SparkPost in Node.js code, to which they replied "That is correct. The official way to connect would be via API.".
(I also pointed out that they prominently feature this library on their website and in the docs, so it very much does look like an "official" resource, but got no comment on that :shrug:)
Thanks. I should have came here before running npm install sparkpost
.
I just wrote a very simple client in my app using axios and was able to uninstall the library to resolve the reported vulnerabilities. But I only send basic templated emails so it didn't take much to build it out.
I just found good alternative - nodemailer
Here is the way it works:
// Load environment variables from .env file
require('dotenv-flow').config();
const nodemailer = require('nodemailer');
// Ensure the environment variable is set
if (!process.env.SPARKPOST_API_KEY) {
throw new Error('Missing SPARKPOST_API_KEY environment variable');
}
const transporter = nodemailer.createTransport({
host: 'smtp.eu.sparkpostmail.com',
port: 587,
secure: false, // true for 465, false for other ports
auth: {
user: 'SMTP_Injection',
pass: process.env.SPARKPOST_API_KEY, // API key from environment variables
},
});
const sendEmail = async () => {
try {
await transporter.sendMail({
from: 'from@your-domain-here.com',
to: 'to@your-domain-here.com',
subject: 'Here goes email subject',
html: '<p>Here is email body</p>',
});
console.log(`Email has been sent.`);
} catch (err) {
console.log(`Something went wrong! Couldn't send an email.`, err);
}
}
sendEmail().catch(error => console.error(error));
Hello, please excuse the incendiary issue title :smile:
This project seems to be effectively abandoned (no commit activity, an open vulnerability and other issues with no responses). SparkPost support just informed me that they consider this a community effort and have no intentions to get involved.
Hence, to make its status clear to (current and potential future) users, I think the repo should be archived and the npm package deprecated, unless somebody feels like stepping up into an active maintainer role.
Ping @sstaley-sparkpost @orval @teolag @jgzamora (sorry to bother you – you're just the last few committers/mergers, so hoping one of you could perform these operations).