node-casbin icon indicating copy to clipboard operation
node-casbin copied to clipboard

Published 20 hours ago verified publisher icon casbin

[email protected]: The expression-eval npm package is no longer maintained

Open giovanni-bertoncelli opened this issue 9 months ago • 5 comments

I get this error while installing casbin:

npm WARN deprecated [email protected]: The expression-eval npm package is no longer maintained. The package was originally published as part of a now-completed personal project, and I do not have incentives to continue maintenance.

I think that dependency should be upgraded.

giovanni-bertoncelli avatar Oct 05 '23 15:10 giovanni-bertoncelli

@nodece @Shivansh-yadav13

casbin-bot avatar Oct 05 '23 15:10 casbin-bot

Any thoughts on this? @nodece @hsluoyz We have production code running on this

giovanni-bertoncelli avatar Nov 20 '23 09:11 giovanni-bertoncelli

It is sad news that the expression-eval is no longer maintained, but we already used this library for a long time, and it is stable and safe(no CVE), so don't worry about this library.

@hsluoyz Should we fork the express-eval repo and publish our version?

If you hear anything, please let us know!

nodece avatar Nov 21 '23 04:11 nodece

Forking expression-eval is the last resort. Because we don't have that many developers to focus on maintaining it at the same time. What about switching to: https://github.com/silentmatt/expr-eval ?

hsluoyz avatar Nov 21 '23 12:11 hsluoyz

The node-casbin depends on the async compile from expression-eval, could you switch to expre-eval, and try to test the async compile?

nodece avatar Nov 21 '23 15:11 nodece