Error: Cannot find module 'jsonwebtoken' about node-jwks-rsa HOT 11 CLOSED

The problem with your index.js file is that you are require'ing everything during initialization. Meaning that all require's have to be resolved, no matter what I use, or what I do not use in my app.

If you really want to make the passport integration optional, then instead of require'ing it during initialization, let the user call a function to require it.

Essentially you are releasing a minor version that breaks all apps/builds, and the solution is to include another module in my app, that I don't even use?

from node-jwks-rsa.

The "quick fix" in #89 may solve it for you but may bring issues for other people.

A quick workaround for anyone is to pin the node-jwks-rsa dependency at 1.4.0 - there are no other changes in 1.5.0.

I think the lazy initialization is the best approach - we're looking into that now.

from node-jwks-rsa.

So we've looked at the options and there isn't a good way of making these dependencies optional without introducing a breaking change. So the plan is:

We publish a 1.5.1 with the missing dependency to get people unblocked - especially if they specifying minor or patch compatibility with 1.x.y

We publish a 2.x that has a breaking change allowing these packages to be peers instead.

from node-jwks-rsa.

Merged in, going out in 1.5.1

from node-jwks-rsa.

#89

from node-jwks-rsa.

@simov I think the idea of using an integration is that you already have that platform (passport in this case) as a dependency of your app. If you see, passport today is also a devDependency, and you're only pointing out that the issue is on the jsonwebtoken one.
If your app is going to be using passport, your app is probably defining it as dependency (vs devDependency). The same should be with jsonwebtoken. I think the fix here is not to move it to the dependencies block, as this library doesn't make use of it at all.. only the passport integration does, and that's optional.

Fix is probably relying on documenting the use of the integration, and saying that if you're going to use it on a passport enabled app you'll need to add as well the jsonwebtoken dependency in the dependencies block.

from node-jwks-rsa.

IMO the passport integration should be optional. Not everyone will like adding jsonwebtoken as a dependency of their app just to skip this "require error" if they are not going use it at all. Then the fix can be checking if the passport module is present and only then require that integration file, which will of course require the jwt library as well. That's something we can document.

from node-jwks-rsa.

@lbalmaceda Thank you for your response.

I'm wondering right now about having a stable package. What we spect as users of the library is to install it and use it with any problem. In this case, as @simov mentioned, this package is breaking the apps/builds due to the missing package.

So, even though you want to add this to the documentation, in order to offer a good developer experience (and avoid breaking many applications), I'd prefer (and I really) to resolve all the needed dependencies under the installation.

We know that the passport integration should be optional; in this case, some solutions can be taken into account; for now, I can think of:

1. Add the jsonwebtoken as peerDependency
2. Use lazy initialization for the passport module.
3. Create a custom package for that integration. So we would not add unused code into our build.

But the most crucial part today is to release a usable version of the package and avoid breaking more applications. There is already a PR with a quick fix #89, which is even faster than adding a section into the documentation. Does this sound reasonable?

from node-jwks-rsa.

1.5.1 is now out and includes this and various dependency updates.

from node-jwks-rsa.

Great!! TY for keep us updated.

from node-jwks-rsa.

ı cant find the problem which jsonwebtoken file cannot find by node

from node-jwks-rsa.