News.EOS.WiKi Bilingual News & Info Of EOS

EOSJS稳定版本20.0.0:朝流畅且安全的EOSIO™JavaScript开发更进一步/EOSJS Stable Version 20.0.0: Toward Seamless and Secure JavaScript Development for EOSIO™

E

译文/Translated:

今日,我们很高兴宣布EOSJS 20.0.0版本从测试版提升为稳定版本。在此版本中所做出的变更象征着我们在EOSIO上安全且方便地使用JavaScript开发应用程序的路上又迈进了一步。为了给用户带来流畅且安全的体验,我们相信区块链应用应当几乎不必访问用户的私钥。我们完成了EOSJS的更新,用以支持提出交易的应用程序,以确保签名提供者的安全工作(例如验证者能以最安全的方式专注于钥匙储存工作),以及在签署交易时提供连贯的用户体验。我们为验证者提供的更多内容可在最近的EOSIO Labs™中查找:The Universal Authenticator Library(验证者通用程序库)

由于EOSJS 2.0.0测试版提升至稳定版包含了重大突破(使用@latest标记或者“^”),因此现在将自动从16.0.x版本更新至20.0.0版本。建议仍旧使用EOSJS 16.0.x版本的开发人员查阅升级后的README,因为此版本是自去年10月最初的EOSJS Major Version Update之后彻底重写的版本。

EOSJS 20.0.0版本完整列表可在Github库中查找。

EOSJS 20.0.0版本亮点

重大突破:删除了默认输出(#490)

依据所使用的模块系统,使用默认输出会导致不连贯性,并使代码重构变得困难。因此,我们将其全部从EOSJS代码中删除。在20.0.0-beta 3中使用JsSignatureProvider的开发人员将需要按以下方式更新自身的句法:import JsSignatureProvider from ‘eosjs/dist/eosjs-jssig’ to import { JsSignatureProvider } from ‘eosjs/dist/eosjs-jssig’

大幅度降低bundle大小(#504)

从第三方载入节点模块通常对终端用户而言是页面加载中最大的操作。为了尽可能地减少EOSJS客户所需的加载时间,我们调整了分发捆绑过程(bundling process),排除了一些非必要的文件。EOSJS 的bundle已经从16.0.x版本的550kb优化至20.0.0-beta 3版本的130kb。此项变动将进一步将130kb降低至50kb。

输出数字模块功能(#511)

对于消费应用而言,数字模块的功能十分有用。同样,我们决定将其作为NPM和网站建立的bundle的一部分输出。

安全升级

升级并锁定package.json的dependency版本(#504)

通过在package.json中使用“^”,消费包在EOSJS的dependency更新时取得控制权,这会让更新自动产生错误。为防止此事发生,我们将所有版本锁定至特定版本,由此我们便可以在dependency更新时拥有自主判断权。我们同时更新了部分dependency版本,以减少特定安全问题的发生。

更新并锁定EOSJS-ECC dependency版本(#49)

我们将EOSJS-ECC dependency进行锁定,以减少低优先级的安全隐患。

社区开发人员支持

除了我们不断壮大的Block.one团队,我们也想向部分社区贡献者致以谢意,他们为此版本贡献了补丁。我们很感谢你们的共享,以及为EOSIO软件的发展所作出的奉献:

  • @Mc01
  • @channprj
  • @jnordberg
  • @wuyahuang

保持连接

若您有兴趣提供反馈,并与我们团队密切合作,为开发者们优化EOSJS库,您可以向我们的开发者团队发送邮件:developer@block.one

您也可以在EOSIO开发者门户订阅我们的邮件列表,获得更多更新信息。我们很高兴将继续为EOSIO的开发者们完善软件的使用,我们将持续为区块链的大规模应用奠定坚实的基础。

免责声明:Block.one作为EOSIO社区的一员,自愿做出自身贡献,并不对软件的总体性能及任何相关应用程序负责。对于此处所述版本以及相关GitHub版本或EOSIO软件,我们不作任何明示或暗示的陈述、保证、担保或承诺,包括且不限于提供担保,保证适销性或对某一特定目的和非侵权的适用性。在任何情况下,无论是合约操作、侵权行为或其他,亦无论是否与软件或文档相关,或由于软件使用导致,或在软件和文档上的其他交易导致的任何索赔、损害赔偿或其他债务,我们均不承担责任。任何测试结果或绩效数据具有指示性,无法反映所有情况下的绩效。任何对第三方或第三方产品、资源或服务的引用都不受Block.one的认可或推荐。对于您使用或信任这些资源的行为,我们概不负责,并且不承担任何责任和义务。第三方资源可能随时更新、变更或终止,因此此处的信息可能已过期或不准确。任何人使用或提供此软件向第三方提供软件、商品或服务应当就授权条款、免责声明和免责事项向该第三方提出建议。

原文/Original:

Today, we are excited to announce the promotion of EOSJS v20.0.0 out of beta to a stable release. The changes in the release mark a further step towards more secure and user-friendly JavaScript development for applications built on EOSIO. To create a seamless secure user experience, we believe blockchain applications should almost never need to access a user’s private keys. We have been updating EOSJS to support applications that propose transactions to secure signature providers, such as authenticators that are able to focus their efforts on storing keys in the most secure way possible, as well as to provide a consistent user experience when signing transactions. More on our work with authenticators can be seen in our recent EOSIO Labs™ release: The Universal Authenticator Library.

Since this release promotes breaking changes from EOSJS v20.0.0-beta3 to v20.0.0 (stable), using the @latest tag or the “^” will now automatically cause an upgrade from v16.0.x to v20.0.0. Developers who are still using EOSJS v16.0.x are recommended to also review the updated README, as this release is a complete rewrite which started from our initial EOSJS Major Version Update last October.

A full list of issues for EOSJS v20.0.0 can be found in the GitHub repository.

Highlights in EOSJS v20.0.0

BREAKING CHANGE: Removal of default exports (#490)

Using default exports causes inconsistencies depending on the module system used and makes refactoring code harder; therefore, they have been removed entirely from the EOSJS code. Developers using the JsSignatureProvider on v20.0.0-beta3 will need to update their syntax as follows: import JsSignatureProvider from ‘eosjs/dist/eosjs-jssig’ to import { JsSignatureProvider } from ‘eosjs/dist/eosjs-jssig’

Reduced bundle size significantly (#504)

Loading node modules from third parties is often the largest operation in a page load for end users. In order to minimize the loading time required for consumers of EOSJS, we have adjusted our distribution bundling process to exclude some unnecessary files. The EOSJS bundle size had been optimized since the v16.0.x release from 550kb to 130kb in v20.0.0-beta3. This change further reduces the bundle size from 130kb to 50kb.

Export Numeric module functions (#511)

The functions from the Numeric module can be useful for consuming applications. As such, we have decided to export them as part of our bundle for NPM and for the web build.

Security Updates

Update and lock dependency versions in package.json (#504)

By using the “^” in package.json, the consuming package has control over when EOSJS dependencies update, which could lead to bugs upon updating automatically. To prevent this, we have locked all versions to a specific version, so we can have discretion over when dependencies update. We also updated some dependency versions to mitigate certain security vulnerabilities.

Update and lock versions in EOSJS-ECC dependency (#49)

EOSJS-ECC dependencies have been locked in order to mitigate low priority security vulnerabilities.

Community Developer Support

In addition to our growing team at Block.one, we would like to send special thanks to a few community contributors who have submitted patches for this release. We are grateful for your contributions and commitment to the growth of the EOSIO software:

  • @Mc01
  • @channprj
  • @jnordberg
  • @wuyahuang

Stay Connected

If you are interested in providing feedback and working more closely with our team to improve the EOSJS repository for developers, you can send our developer relations team an email at developers@block.one.

You can also keep up to date with future updates by subscribing to our mailing list on the EOSIO Developer Portal. We are excited to be continually improving the usability of the software for EOSIO developers as we continue laying a foundation for the mass adoption of blockchain technology.


Disclaimer: Block.one makes its contribution on a voluntary basis as a member of the EOSIO community and is not responsible for ensuring the overall performance of the software or any related applications. We make no representation, warranty, guarantee or undertaking in respect of the releases described here, the related GitHub release, the EOSIO software or any related documentation, whether expressed or implied, including but not limited to the warranties or merchantability, fitness for a particular purpose and noninfringement. In no event shall we be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or documentation or the use or other dealings in the software or documentation. Any test results or performance figures are indicative and will not reflect performance under all conditions. Any reference to any third party or third-party product, resource or service is not an endorsement or recommendation by Block.one. We are not responsible, and disclaim any and all responsibility and liability, for your use of or reliance on any of these resources. Third-party resources may be updated, changed or terminated at any time, so the information here may be out of date or inaccurate. Any person using or offering this software in connection with providing software, goods or services to third parties shall advise such third parties of these license terms, disclaimers and exclusions of liability.

原文链接/Original URL:

https://medium.com/@eosio/eosjs-stable-version-20-0-0-toward-seamless-and-secure-javascript-development-for-eosio-d21ad5ec3abe

About the author

By user
News.EOS.WiKi Bilingual News & Info Of EOS

Recent Posts