环回错误-同一版本本身(3.0.0)中的用户validatePassword函数的重大更改 [英] Loopback getting error - Major change in User validatePassword function in the same release itself (3.0.0)
问题描述
我正在使用回送3.0.0,并且大约在一周前,我最近设置了新服务器.为此,我通过放置package.son文件运行了命令npm install.
I am using loopback 3.0.0, and I have set up a new server recently, about one week ago. For that, I have ran the command npm install by putting the package.son file.
但是在已安装的文件中,node_modules/loopback/common/user.js模块已进行了重大更改.
But in that installed files, the node_modules/loopback/common/user.js module has changed with major changes.
例如:
旧文件:
// Copyright IBM Corp. 2014,2016. All Rights Reserved.
User.validatePassword = function(plain) {
var err;
if (plain && typeof plain === 'string' && plain.length <= MAX_PASSWORD_LENGTH) {
return true;
}
if (plain.length > MAX_PASSWORD_LENGTH) {
err = new Error(g.f('Password too long: %s', plain));
err.code = 'PASSWORD_TOO_LONG';
} else {
err = new Error(g.f('Invalid password: %s', plain));
err.code = 'INVALID_PASSWORD';
}
err.statusCode = 422;
throw err;
};
新文件:
// Copyright IBM Corp. 2014,2018. All Rights Reserved.
User.validatePassword = function(plain) {
var err;
if (!plain || typeof plain !== 'string') {
err = new Error(g.f('Invalid password.'));
err.code = 'INVALID_PASSWORD';
err.statusCode = 422;
throw err;
}
// Bcrypt only supports up to 72 bytes; the rest is silently dropped.
var len = Buffer.byteLength(plain, 'utf8');
if (len > MAX_PASSWORD_LENGTH) {
err = new Error(g.f('The password entered was too long. Max length is %d (entered %d)',
MAX_PASSWORD_LENGTH, len));
err.code = 'PASSWORD_TOO_LONG';
err.statusCode = 422;
throw err;
}
};
我用相同的版本开发了我的代码,但是使用了他们在相同版本(3.0.0.)中提供的旧代码.在这里您可以看到,在新代码中没有 return 语句,因此代码无限期地等待返回并超时.两个地方的package.json文件都包含相同的版本:"loopback": "^3.0.0"
I have developed my code with the same version but with old code which they have provided in the same version(3.0.0.). Here you can see, in the new code there is no return statement, so the code is infinitely waiting for the return and being time out. In both places the package.json file contains the same version: "loopback": "^3.0.0"
我希望不建议将node_modules从我们的开发服务器复制到生产服务器.
I hope it's not recommended to copy the node_modules from our developement server to production server.
那么我们如何处理这类问题?
So how can we handle these type of issues?
推荐答案
When specifying a version number in the package.json there are a few different ways https://docs.npmjs.com/files/package.json#dependencies:
您的方式是默认方式,^表示
The way you have is the default, ^ which means
与版本兼容
compatible with version
因此,如果^ 3.0.0是最新的次要版本并修复版本,则它们只会安装3.0.0 ,否则它将采用当天环回的最新版本.今天是3.19.3.
So ^3.0.0 will only install 3.0.0 if it is the latest minor and fix versions otherwise it will take whatever the latest version of loopback is on that day. Today that is 3.19.3.
此问题是在版本v3.10.1中引入的(感谢@vasan),因此在本地可能您拥有版本3.10.0,然后在服务器上拥有版本3.10.1
The issue was introduced in version v3.10.1(thanks @vasan) so locally maybe you had version 3.10.0 then on the server you had 3.10.1
There is a good explanation about the version numbers in this question What's the difference between tilde(~) and caret(^) in package.json?
我建议使用确切的版本,即3.19.3,然后再使用rennovate之类的服务, https://github.com/renovate-bot ,以更新您的项目以保持最新的安全补丁
I would suggest using an exact version, i.e. 3.19.3 then using a service like rennovate, https://github.com/renovate-bot, to update your project to keep up to date with security patches
还有另一种防范措施,package-lock.json https://在npm版本5中引入了docs.npmjs.com/files/package-lock.json .如果您在其中检查此文件,将确保无论在何处运行npm install,无论在何处运行,均会安装npm模块的确切版本.
There is also another guard against this, package-lock.json https://docs.npmjs.com/files/package-lock.json introduced in version 5 of npm. If you check this file in it will make sure that wherever you run npm install the exact version of the npm module is installed wherever you run it.
这篇关于环回错误-同一版本本身(3.0.0)中的用户validatePassword函数的重大更改的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
