Closed ghost closed 1 year ago
kleydon
commented
1 year ago @RouisIbra - Really appreciate this contribution.
I've read that cuid2 is not yet supported as a default in Prisma itself - though it seems like this will happen with time.
Are you successfully using this fix with Prisma? I'm trying to understand the tradeoffs (if there are any) of defaulting to an id generator that prisma itself does not default to... Do you see any potential disadvantages, there?
Thanks again.
ghost
commented
1 year ago @kleydon
Are you successfully using this fix with Prisma?
Yes, I tested it for my authentication API without any issue.
I'm trying to understand the tradeoffs (if there are any) of defaulting to an id generator that prisma itself does not default to... Do you see any potential disadvantages, there?
cuid() generates 25 characters while cuid2's createId() generates 24 character so this won't be a problem for anyone who set maximum string length to ~25~ 32 (or whatever the length) to both id and sid for the Session model in the schema. The advantage is that there is far lesser collision in generated cuids.
kleydon
commented
1 year ago @RouisIbra Just merged; thanks for improving this library!
kleydon
commented
1 year ago :tada: This PR is included in version 3.1.11 :tada:
The release is available on:
Your semantic-release bot :package::rocket:
ghost
commented
1 year ago @RouisIbra Just merged; thanks for improving this library!
You are welcome!
Following the security recommendation of cuid package developers:
https://github.com/paralleldrive/cuid#status-deprecated-due-to-security-use-cuid2-instead
and NPM deprecated warning:
npm WARN deprecated cuid@2.1.8: Cuid and other k-sortable and non-cryptographic ids (Ulid, ObjectId, KSUID, all UUIDs) are all insecure. Use @paralleldrive/cuid2 instead.cuidmust be replaced with@paralleldrive/cuid2due to collision risk incuid.