nestjs-hybrid-auth
nestjs-hybrid-auth copied to clipboard
mjangir
[Twitch] 'uuid' problem
Bug report
Current Behavior
Currently, when I install this package and set up the routes as per the documentation, the app fails to compile due to the following error:
Error: Package subpath './v4' is not defined by "exports" in <APP_PATH>\node_modules\uuid\package.json
at new NodeError (node:internal/errors:387:5)
at throwExportsNotFound (node:internal/modules/esm/resolve:439:9)
at packageExportsResolve (node:internal/modules/esm/resolve:718:3)
at resolveExports (node:internal/modules/cjs/loader:493:36)
at Function.Module._findPath (node:internal/modules/cjs/loader:533:31)
at Function.Module._resolveFilename (node:internal/modules/cjs/loader:942:27)
at Function.Module._load (node:internal/modules/cjs/loader:804:27)
at Function.Module._load (<APP_PATH>\packages\node\src\executors\node\node-with-require-overrides.ts:16:27)
at Module.require (node:internal/modules/cjs/loader:1022:19)
at require (node:internal/modules/cjs/helpers:102:18)
If I remove any reference to this package, it works fine (albeit without authentication obviously).
I noticed that something required by this package uses a very old version of uuid, because when installing this, I get the warning: npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic.. Using npm ls uuid shows that [email protected] which depends on [email protected] (which in itself is deprecated) uses [email protected] which is horribly out of date and deprecated, and this package depends on passport-twitch-latest (which hasn't been updated for over 2 years).
Expected behavior
I expect for it to work as described
Suggested solution(s)
I believe changing to not use something that has a very out of date dependency of uuid will work (for example, this one, which doesn't use request at all, so no uuid dependency), since everything in nestjs uses [email protected], and in version 7 of uuid, using subpaths was deprecated and in version 8 it was removed entirely (hence the ./v4 error above I believe).
Additional context
I'll also put this here, but if you want a separate issue let me know, but it would be nice to officially support v9 of nestjs and v0.6 of passport, since this package has a dependency of nestjs@^8.0.7 and passport@^0.5.0and I want to keep my packages updated without loads of warnings and I don't like having to use --force. And on top of that, [email protected] is deprecated due to a security issue (Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69), but I suppose if you move away from passport-twitch-latest to a more up-to-date alternative or make your own, that will most likely be fixed (although my suggestion above still depends on passport@^0.5.0 but maybe forcing to use 0.6.0 will work).
Your environment
| Software | Version(s) |
|---|---|
| @nestjs-hybrid-auth/twitch | 1.0.0 |
| @nestjs/core | 8.4.7 |
| @nestjs/common | 8.4.7 |
| @nestjs/passport | 8.2.2 |
| passport | 0.5.3 |
| npm | 8.13.2 |
| Operating System | Windows 10 Pro |
