Closed simonepri closed 6 years ago
The README is outdated. Node 4 is on maintenance support (until 4/30) and people should be pushed to move to 6 or, preferably, 8 as soon as possible.
I do not intend to support deprecated Node versions unless there's a good reason to.
In general I agree with you about not supporting deprecated versions of node. But this package seems to be the only Argon2 bindings available and keeping a good support also for older node versions it may be reasonable.
The library I'm building upash wants to supports node >= 4 but without a slightly modification to this package I cannot achieve that.
Would you accept a PR for this?
Sure, I would, but also add to the README that deprecated Node versions are supported on a best effort basis.
Are you working on it still @simonepri? I'm looking at Node LTS release and version 6 starts maintenance support this month, so I was thinking on moving to async functions and classes and drop support for Node <8 altogether. Unfortunately npmjs.org doesn't provide analytics so I can check the % of users on those versions.
Actually I didn't have the time so far. Sorry.
My aim is still to support node 4. (There's no need to use async functions when you can you promises without affecting code readability too much.) I'm working to unify all the password hashing algorithms to make them adhere to the PHC standard while using the same API interface for every one.
My idea for the node-argon2
repo is to provide raw only binding to the inner c++ implementation of the kdf function and then having another package that uses the kdf to compute the hash and encodes the hash string using some particular standard (PHC for instance).
Actually I've already done that for some algorithms: https://github.com/simonepri/phc-argon2 https://github.com/simonepri/phc-scrypt https://github.com/simonepri/phc-pbkdf2
In particular this is the argon2
one that uses node-argon2
raw hash methods and then take care of encoding the string.
I don't know if my aim fits well with your idea for this project but I thought was interesting discussing about it.
That would definitely reduce the codebase, surely. I think you could develop a protocol for KDF functions to work under the @phc
namespace, say hash(plain[, {options}])
and verify(plain, digest)
both returning promises, similar to what this package does.
I come from a Python background where stubborn devs insist on using Python 2 even though it's been deprecated for years and very close to EOL. Ditto for C++ pre-11. That's why I try to drop support for old versions :stuck_out_tongue_closed_eyes:
Node 4 has officialy EOL'd so don't expect support now if we need boilerplate code to support it.
The readme says that this package is compatible with node >= 4 but actually is compatible only with node >= 6. Since it's quite easy to support also node 4, @ranisalt would you consider a PR to add back the support for it?