brevo-node icon indicating copy to clipboard operation
brevo-node copied to clipboard

Published 20 hours ago verified publisher icon getbrevo

Rewrite library to fix vulnerable dependencies

Open alexbrazier opened this issue 1 year ago • 11 comments

Closes #1 Closes #16 Closes #15 Closes #5

Rewrite library using swagger-typescript-api with only dependency being axios.

  • Auto generate api directly from swagger spec
  • Build scripts to auto update, verify generated files and publish

There is a test version published on npm at @groupcards/brevo

This is basically a full rewrite, but should be easy to maintain as it is fully generated by running yarn generate and is based on the swagger spec. It also has a github action check to make sure no-one has modified the generated file.

As in the updated readme, it is similar to the old api and fairly easy to use with full typescript support:

import BrevoApi from "@getbrevo/brevo";

const brevo = new BrevoApi({
  headers: {
    "api-key": "YOUR_API_KEY",
  },
});

const account = await brevo.account.getAccount()

Contributing

Please see the updated contributing file to explain how to regenerate api when there are new changes and publishing npm package https://github.com/squareda/brevo-node/blob/updates/CONTRIBUTING.md

alexbrazier avatar Apr 04 '24 10:04 alexbrazier

Is it not possible to avoid the axios dependency and make it compatible with serverless environments?

johtso avatar Apr 12 '24 00:04 johtso

Is it not possible to avoid the axios dependency and make it compatible with serverless environments?

Still waiting to hear back from Brevo about it, but it would be possible to switch by changing the generate file. Main question would be do you expect users to provide their own fetch version, or do you install a polyfill.

It would look something like this:

const brevo = new Brevo({
  baseApiParams: {
    headers: {
      "api-key": "",
    },
  },
  // optional fetch polyfill for node versions < 18
  customFetch: fetch,
});

alexbrazier avatar Apr 12 '24 08:04 alexbrazier

Hi @shubhamUpadhyayInBlue and @aayush-sib — you need to communicate with the community. Please, give us and @alexbrazier a feedback on how you gonna deal with his PR.

maxbraeutigam avatar Apr 15 '24 08:04 maxbraeutigam

I've updated this PR to fix the merge conflicts and also switched to a newer version of the swagger url which has the new brevo domain.

I've also updated the description to include the contributing document which explains how to generate the new code when the swagger spec changes and how to easily release via github actions

alexbrazier avatar Apr 23 '24 11:04 alexbrazier

I think we could envisage using a fork instead of the official package at this point

Mheaus avatar Oct 22 '24 11:10 Mheaus

Any updates on this PR?

SergioNR avatar Dec 26 '24 10:12 SergioNR

The library and the document have many issues, and it seems the Brevo team is unconcerned. What are any of you guys using?

codad5 avatar Feb 18 '25 21:02 codad5

Anything new on this merge request? Brevo seems a bit slow to move forward with their tech stack.

jacobg avatar Feb 25 '25 16:02 jacobg