mikenicholson / passport-jwt

Passport authentication using JSON Web Tokens
MIT License
1.97k stars 215 forks source link

Project Status #229

Open sidharthv96 opened 3 years ago

sidharthv96 commented 3 years ago

Hi, We have been using this project in our system for a while now. But now we are facing some issues, which we have patched internally.

Unfortunately, this project seems to be abandoned?

Last publish was 3 Years ago Last closed issue was on 25 Sep 2020 Last Merge was on 15 Oct 2020

@mikenicholson you have done a wonderful job creating a product used by millions, are you open to adding maintainers to the project?

Or is there a successor to the package?

Thanks.

TheSinding commented 3 years ago

Agreed.

killthekitten commented 2 years ago

Hey @mikenicholson, do you need a hand in maintaining this package? There is a bunch of serious issues that need to be addressed, like this one, and I'm interested to help.

I understand how overwhelming open source can be at times, and I appreciate the effort you've invested in making this available for everyone. By now, this is basically the default way to do JWT with passport and NestJS, and I'd love to at least clear up the backlog of the issues and PRs.

mikenicholson commented 2 years ago

I owe some serious apologies. Between some personal issues and everything else over the last few years this project has fallen by the wayside.

I am picking this up again and dedicating a few hours a week to work on it. I've set up CI on Github actions to replace Travis CI since they've gotten pretty dodgy/difficult about the free plans for OSS projects.

In addition to working on the backlog of issues, I'll get clear contribution guidelines in place for PR's and issues. The primary thing most PR's are missing is unit tests. Issues are typically vague, missing a failing unit test or stand alone code example. A large number of Issues are probably better suited for stack overflow.

Feel free to put your thoughts in #229 in that thread. I'm not ready to hand over the keys this second, but if a regular contributor emerges and we can build some trust I'd be open to eventually sharing stewardship.

killthekitten commented 2 years ago

@mikenicholson your comment made me smile! ☺️

Github actions and contribution guidelines would improve a lot for new contributors. In addition to that, I'd suggest adding a PR template that would ask people for a bit more context and would go over a number of checkboxes, i.e. unit tests.

I'll put aside some time this week to help you with the issues backlog and #229 in particular 👌

Outternet commented 2 years ago

@mikenicholson a customer of mine thought it was a bit too long without updates anyway I'm afraid ;) I rewrote the library at my client's cost (and yes with tests). Consider it a helping hand from the community. I cleaned up the pull request a bit more and got a 98% test coverage. If you have any questions left, please don't hesitate to send me a message. My only question is if you want to indicate if you plan to merge because otherwise I will consider publishing it under a different name.

Outternet commented 2 years ago

@mikenicholson I have the utmost respect for your personal problems and hope it all works out, but I have to ask you for a comment. I fear that your library has become a bit too large to just let die, and there isn't really a good alternative at the moment. Currently this is the most recommended library for jwt for many sources, even on passports own website. That's why I insist a bit more on your answer, because a replacement library is hopeless if this original one is not deprecated. I hope I'm not putting too much pressure, by all accounts I don't expect an answer within a day.

killthekitten commented 2 years ago

Hey @Outternet, you did a great job in #238, kudos for that! I'd say at this point it would be better if you could start a fork and invest into promoting it on the passport's own website and in other places.

I can see the point of merging all of the changes into the existing well-known library, but it's a lot of code that hasn't been reviewed, or used by anyone yet, and on top of that, will likely not be maintained properly once it's merged.

Having been in your position just 6 months ago, I can say that it's always a good call to first publish your changes and assume your are ok with doing maintenance for a substantial amount of time before you move on with your life.

Outternet commented 2 years ago

Maybe you are right, but I prefer to wait for an answer (at least for now). The process is much simpler if this library is discontinued and referred to the new one or revived by the original creator, also I don't know if I can provide long term support as I have been quite busy lately.

Feel free to test and review it extensively (the process to install it is quite simple), as I said before it is currently already being used in production, of course in those particular cases not 100% of all features are used and it is a slightly different version. I did my best to write as many unit tests as possible, but will do more tests in the coming days.

I offer my support for as long as it takes to make the v5.0.0 fully stable or transfer it to someone else, but soon the process with my client will end and then it will be my personal time, and I cannot devote the little personal time I have fully to this library. @killthekitten do you have the time to maintain/promote a new package, then maybe I can review it occasionally.