pedrobranco
commented
5 years ago Fixed by #87. Can you please help by testing the PR?
Closed madeken closed 4 years ago
pedrobranco
commented
5 years ago Fixed by #87. Can you please help by testing the PR?
I'd like to suggest removing bluebird as a dependency:
Mostly because it's not really required as pretty much everything and everyone either supports native promises or babel. It impacts performance, and debuggability.
As we've seen with numerous npm security issues, each dependency is an increased attack surface.
In my case, I noticed a credential leak from accidentally
console.log(promise)from this library, which ends up printing all the promise information, including the credentials to connect. Native promises wouldn't have done that, and just printed the resolved value.