Skip to content
This repository was archived by the owner on Feb 13, 2024. It is now read-only.

Replace crypto-token with uuid. #150

Merged
merged 1 commit into from
Jan 18, 2018
Merged

Replace crypto-token with uuid. #150

merged 1 commit into from
Jan 18, 2018

Conversation

f2prateek
Copy link
Contributor

@f2prateek f2prateek commented Jan 16, 2018
edited
Loading

Both use the node crypto package on Node apps so there shouldn't be a meaningful difference here.

The differences come in the browser. crypto-token works in the browser by polyfilling the crypto package. node-uuid works by using the browser crypto apis if available, otherwise falling back to Math.random() (https://github.com/kelektiv/node-uuid/blob/master/lib/rng-browser.js).

Because of polyfilling on the browser, crypto-token contributes 90kb to our library in the browser which is rougly 80% of the library size on the browser (the rest of the library is only 20kb). node-uuid only adds 1kb (though I believe this comes at the cost of generating slightly less random messageIds on the browser). I don't think the extra weight is worth the cost, especially as we're not using this in a critical security context.

One thing we now do to increase randomness in the browser is includes a hash of the contents of the message as well like we do in a.js (https://github.com/segment-integrations/analytics.js-integration-segmentio/blob/master/lib/index.js#L256). On a side note, analytics.js also uses the uuid package.

Before:

Package size: 107.79 KB
With all dependencies, minified and gzipped

After:

Package size: 13.79 KB
With all dependencies, minified and gzipped

Because of the significant reduction in size, I also updated the size limit to be 25kb instead of 150kb.

stephenmathieson
stephenmathieson approved these changes Jan 16, 2018
View reviewed changes
Copy link
Contributor

@stephenmathieson stephenmathieson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! This is great dude!

vadimdemedes
vadimdemedes suggested changes Jan 17, 2018
View reviewed changes
Copy link

@vadimdemedes vadimdemedes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should just be uuid. uuidv4 is ugly.

@f2prateek
Copy link
Contributor Author

@vadimdemedes I just copy pasted that from their docs:

https://github.com/kelektiv/node-uuid

const uuidv4 = require('uuid/v4');
uuidv4(); // ⇨ '45db52e1-f95c-4b5f-99a2-8b8d978c99b4'

@vadimdemedes
Copy link

vadimdemedes commented Jan 17, 2018
edited
Loading

@f2prateek them writing it that way in the readme doesn't mean it's the best way to do it :)

@f2prateek
Copy link
Contributor Author

Will change uuidv4 to uuid and rebase after #148 is merged.

@f2prateek
Replace crypto-token with uuid.
8e68f19 
Both use the node crypto package on Node apps so there shouldn't be a meaningful difference here.

The differences come in the browser. crypto-token works in the browser by polyfilling the crypto package. node-uuid works by using the browser crypto apis if available, otherwise falling back to Math.random() (https://github.com/kelektiv/node-uuid/blob/master/lib/rng-browser.js).

Because of polyfilling on the browser, crypto-token contributes 90kb to our library in the browser which is rougly 80% of the library size on the browser (the rest of the library is only 20kb). node-uuid only adds 1kb (though I believe this comes at the cost of generating slightly less random messageIds on the browser). I don't think the extra weight is worth the cost, especially as we're not using this in a critical security context.

One thing we now do to increase randomness in the browser is includes a hash of the contents of the message as well like we do in a.js (https://github.com/segment-integrations/analytics.js-integration-segmentio/blob/master/lib/index.js#L256). On a side note, analytics.js also uses the uuid package.

Before:

  Package size: 107.79 KB
  Size limit:   150 KB
  With all dependencies, minified and gzipped

After:

  Package size: 13.79 KB
  Size limit:   150 KB
  With all dependencies, minified and gzipped

Because of the significant reduction in size, I also updated the size limit to be 25kb instead of 150kb.
@f2prateek
Copy link
Contributor Author

@vadimdemedes Updated the uuidv4 usages, and rebased against master.

Side Note: E2E tests are being flaky because of some destinations downtime today, so if Circle fails I'll kick it off again.

@codecov-io
Copy link

codecov-io commented Jan 17, 2018
edited
Loading

Codecov Report

Merging #150 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff          @@
##           master   #150   +/-   ##
=====================================
  Coverage     100%   100%           
=====================================
  Files           1      1           
  Lines          96     97    +1     
=====================================
+ Hits           96     97    +1
Impacted Files Coverage Δ
index.js 100% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0080774...8e68f19. Read the comment docs.

@f2prateek f2prateek merged commit 9ffb974 into master Jan 18, 2018
@vadimdemedes vadimdemedes deleted the uuid branch January 18, 2018 18:03
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@stephenmathieson stephenmathieson stephenmathieson approved these changes

@vadimdemedes vadimdemedes vadimdemedes approved these changes

@calvinfo calvinfo Awaiting requested review from calvinfo

@Rowno Rowno Awaiting requested review from Rowno

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@f2prateek @vadimdemedes @codecov-io @stephenmathieson