minrwhite
commented
8 years ago I would suggest that enforcing the minimum version of node as v4 would be the better option, as this is already done in hoodie-server which depends on this package.
Closed minrwhite closed 7 years ago
minrwhite
commented
8 years ago I would suggest that enforcing the minimum version of node as v4 would be the better option, as this is already done in hoodie-server which depends on this package.
gr2m
commented
7 years ago fwiw we officially no longer support node < v4 as these versions are no longer maintained. Feel free to add require node v4 but no need to I’d say.
When running the tests, a warning message is displayed:
This is due to the call in lib/utils/hash-password.js that currently does not specify the digest.
As this parameter was introduced in io.js v1.0.0 / nodejs v4.0.0 it will be necessary to either detect the version and send appropriate parameters, or enforce a minimum node version in the package requirements.
Additionally, a digest method needs selecting. As the digest has not been specified up to now, and SHA1 is the default when the digest has been an optional parameter, it is most likely appropriate to select this for now; and then increase to a more secure digest (stored alongside the hash) when it is more appropriate to introduce breaking changes.