Bug report
Current Behavior
Currently, when I install this package and set up the routes as per the documentation, the app fails to compile due to the following error:
Error: Package subpath './v4' is not defined by "exports" in <APP_PATH>\node_modules\uuid\package.json
at new NodeError (node:internal/errors:387:5)
at throwExportsNotFound (node:internal/modules/esm/resolve:439:9)
at packageExportsResolve (node:internal/modules/esm/resolve:718:3)
at resolveExports (node:internal/modules/cjs/loader:493:36)
at Function.Module._findPath (node:internal/modules/cjs/loader:533:31)
at Function.Module._resolveFilename (node:internal/modules/cjs/loader:942:27)
at Function.Module._load (node:internal/modules/cjs/loader:804:27)
at Function.Module._load (<APP_PATH>\packages\node\src\executors\node\node-with-require-overrides.ts:16:27)
at Module.require (node:internal/modules/cjs/loader:1022:19)
at require (node:internal/modules/cjs/helpers:102:18)
If I remove any reference to this package, it works fine (albeit without authentication obviously).
I noticed that something required by this package uses a very old version of uuid
, because when installing this, I get the warning: npm WARN deprecated [email protected]: Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic.
. Using npm ls uuid
shows that [email protected]
which depends on [email protected]
(which in itself is deprecated) uses [email protected]
which is horribly out of date and deprecated, and this package depends on passport-twitch-latest
(which hasn't been updated for over 2 years).
Expected behavior
I expect for it to work as described
Suggested solution(s)
I believe changing to not use something that has a very out of date dependency of uuid will work (for example, this one, which doesn't use request
at all, so no uuid
dependency), since everything in nestjs uses [email protected]
, and in version 7 of uuid, using subpaths was deprecated and in version 8 it was removed entirely (hence the ./v4
error above I believe).
Additional context
I'll also put this here, but if you want a separate issue let me know, but it would be nice to officially support v9 of nestjs and v0.6 of passport, since this package has a dependency of nestjs@^8.0.7
and passport@^0.5.0
and I want to keep my packages updated without loads of warnings and I don't like having to use --force
. And on top of that, [email protected]
is deprecated due to a security issue (Passport before 0.6.0 vulnerable to session regeneration when a users logs in or out - https://github.com/advisories/GHSA-v923-w3x8-wh69
), but I suppose if you move away from passport-twitch-latest
to a more up-to-date alternative or make your own, that will most likely be fixed (although my suggestion above still depends on passport@^0.5.0
but maybe forcing to use 0.6.0 will work).
Your environment
Software |
Version(s) |
@nestjs-hybrid-auth/twitch |
1.0.0 |
@nestjs/core |
8.4.7 |
@nestjs/common |
8.4.7 |
@nestjs/passport |
8.2.2 |
passport |
0.5.3 |
npm |
8.13.2 |
Operating System |
Windows 10 Pro |