search

jcoglan / vault

Generates safe passwords so you never need to remember them
https://getvau.lt
471 stars 64 forks source link

Last publish 10 years ago #40

Open almereyda opened 2 years ago

almereyda commented 2 years ago

In https://github.com/jcoglan/vault/issues/39 we have implemented new features that are available on the storeroom branch.

NPM lists the last published version from ten years ago on https://www.npmjs.com/package/vault

Eventually we come up with a new release that incorporates those changes.

Until then, we can use this command to install this specific version:

npm install -global 'https://github.com/jcoglan/vault.git#storeroom'
jcoglan commented 2 years ago

Sorry, I'm not sure what this issue is asking for. What change do you want to be made in response to this issue?

almereyda commented 2 years ago

Thank you for asking. I was wondering if it would be possible to push the storeroom branch to NPM at some point?

I'm not sure about your intended way of proceeding with that, and wanted to leave a documented note about how it could be already installed by anyone, before an updated release appears, which was hereby suggested.

jcoglan commented 2 years ago

The storeroom branch is still a work in progress and I would strongly advise that people do not install and run it. I'm in the process of designing a new storage backend for Vault, and storeroom was essentially the first iteration of that. It's heading the direction I want but it's a long way from completion.

I'm currently working on the design for the database I plan to replace storeroom with, and when that is done I will integrate it into Vault and ship it. This has been a really long process as I don't get a ton of time to work on this, but it is something I'm actively working on at the moment and am eager to finish -- I still use Vault every day and it's taken me a long time to get to a design I'm really happy with.

In the meantime, I might look into back-porting some bug fixes onto the 0.3.0 tag and shipping a 0.3.1 release. I'm aware there are a few things that need fixing just because of changes in Node.js that are making 0.3.0 annoying to use. For a long time I was just trying to get the next major release done instead of publishing fixes on old branches, but it's taken so long that it's becoming a problem.

In any case -- I strongly recommend that people do not use my git repositories as npm install sources, and they you only install releases published to npm. Installing code from git is entirely at your own risk.

almereyda commented 2 years ago

Can we, as a community, help with backporting security fixes and changes to go along with upstream? With little directions from you, as in selecting commits from storeroom, we can maybe free you from the burden of testing the backports, and allow you to focus on the new storage backend?