I'd like to suggest removing bluebird as a dependency:
Mostly because it's not really required as pretty much everything and everyone either supports native promises or babel. It impacts performance, and debuggability.
As we've seen with numerous npm security issues, each dependency is an increased attack surface.
In my case, I noticed a credential leak from accidentally console.log(promise) from this library, which ends up printing all the promise information, including the credentials to connect. Native promises wouldn't have done that, and just printed the resolved value.
I'd like to suggest removing bluebird as a dependency:
Mostly because it's not really required as pretty much everything and everyone either supports native promises or babel. It impacts performance, and debuggability.
As we've seen with numerous npm security issues, each dependency is an increased attack surface.
In my case, I noticed a credential leak from accidentally
console.log(promise)
from this library, which ends up printing all the promise information, including the credentials to connect. Native promises wouldn't have done that, and just printed the resolved value.