Node: Add End-of-Life deprecation on crypto.Credentials

Created on 17 May 2018  Â·  7Comments  Â·  Source: nodejs/node
  • Version: v11.0.0-nightly201805162b8cd93246
  • Platform: all
  • Subsystem: crypto

Back in v0.11.13 according to the docs, crypto.createCredentials and crypto.Credentials have been deprecated (DEP0010 and DEP0011) in favor of tls.createSecureContext . I am not familiar with these functions, but I am willing to bet it's been enough time since the deprecation to consider legitimately to move the deprecation to End-of-Life and talk about removing them.

I am raising this issue because of the warnings I got when I dynamically import the crypto module:

$ echo "import('crypto')" > ./test.mjs
$ node --experimental-modules --trace-warnings ./test.mjs
(node:30509) ExperimentalWarning: The ESM module loader is experimental.
    at startup (internal/bootstrap/node.js:115:17)
    at bootstrapNodeJSCore (internal/bootstrap/node.js:577:3)
(node:30509) [DEP0091] DeprecationWarning: crypto.DEFAULT_ENCODING is deprecated.
    at createDynamicModule (internal/modules/esm/translators.js:71:48)
    at setExecutor (internal/modules/esm/create_dynamic_module.js:50:23)
    at node:crypto:11:5
    at ModuleJob.run (internal/modules/esm/module_job.js:106:14)
(node:30509) [DEP0010] DeprecationWarning: crypto.createCredentials is deprecated. Use tls.createSecureContext instead.
    at createDynamicModule (internal/modules/esm/translators.js:71:48)
    at setExecutor (internal/modules/esm/create_dynamic_module.js:50:23)
    at node:crypto:11:5
    at ModuleJob.run (internal/modules/esm/module_job.js:106:14)
(node:30509) [DEP0011] DeprecationWarning: crypto.Credentials is deprecated. Use tls.SecureContext instead.
    at createDynamicModule (internal/modules/esm/translators.js:71:48)
    at setExecutor (internal/modules/esm/create_dynamic_module.js:50:23)
    at node:crypto:11:5
    at ModuleJob.run (internal/modules/esm/module_job.js:106:14)

crypto.DEFAULT_ENCODING has been deprecated in Node 10, so one could argue it is too soon to break it. However, we might want to find a way to get rid of the deprecation warning before ES modules land without a flag ― core module raising warnings on load looks quite messy, I'd say.

ES Modules crypto
Source
picture aduh95
👍1

Most helpful comment

@ljharb There's a process in place for deprecation and removal of APIs. Following that process in CJS as well as ESM allows for things to shake out naturally without maintaining multiple lists or applying extra filters for things.

One way to approach deprecated APIs to avoid runtime warnings for things like dynamic imports is to make the deprecated API non-enumerable. This is what has been done in other areas like the experimental fs.promises method to avoid user-land issues (https://github.com/nodejs/node/pull/20632).

picture jdalton on 17 May 2018
👍2

All 7 comments

@nodejs/crypto @nodejs/modules

Trott picture Trott on 17 May 2018

I think regardless, we could ensure that the deprecated items aren’t in the ESM implementation?

ljharb picture ljharb on 17 May 2018

@ljharb There's a process in place for deprecation and removal of APIs. Following that process in CJS as well as ESM allows for things to shake out naturally without maintaining multiple lists or applying extra filters for things.

One way to approach deprecated APIs to avoid runtime warnings for things like dynamic imports is to make the deprecated API non-enumerable. This is what has been done in other areas like the experimental fs.promises method to avoid user-land issues (https://github.com/nodejs/node/pull/20632).

jdalton picture jdalton on 17 May 2018
👍2

Making deprecated API non-enumerable make the warnings disappear indeed, I can make a PR for that.

Still, it will be a breaking change and won't land until Node v11 (I believe), which is why I think it may be a good time to talk about retiring those deprecated APIs. @jdalton Where can I find the process you are referring to? Would it allow such APIs to be removed in the near future or is it a silly thing to say?

aduh95 picture aduh95 on 17 May 2018

@aduh95

Where can I find the process you are referring to?

Here's a doc explaining various types of deprecations. Doc -> Runtime Warning -> Removal.

Would it allow such APIs to be removed in the near future or is it a silly thing to say?

Major version releases are the time for removals for sure.
For this specific one we should cc the @nodejs/crypto team.

jdalton picture jdalton on 17 May 2018

@aduh95 In addition to the doc linked by @jdalton, there is useful information in the Node.js Collaborator Guide in two different sections:

Trott picture Trott on 17 May 2018
👍1

me too
(node:51484) [DEP0010] DeprecationWarning: crypto.createCredentials is deprecated. Use tls.createSecureContext instead.
(node:51484) [DEP0064] DeprecationWarning: tls.createSecurePair() is deprecated. Please use tls.TLSSocket instead.

hktalent picture hktalent on 10 Jan 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

addaleax picture addaleax  Â·  3Comments
stevenvachon picture stevenvachon  Â·  3Comments
seishun picture seishun  Â·  3Comments
akdor1154 picture akdor1154  Â·  3Comments
willnwhite picture willnwhite  Â·  3Comments