Migrate off tumblrJS

Question

Migrate off tumblrJS

YasharF opened this issue a year ago · 5 comments

tumblrJS is the official client library from Tumblr. However, it looks like they are no longer actively investing or maintaining their library. The library still depends on requestJS even after its deprecation years ago. It is currently the only library that is causing deprecation and vulnerability warnings during our "npm install" step.

It also adds 7sec to the startup time of the app which is 33% of the load time for api.js (21.4s) and about 14.6% of the overall module load time (48.5s as measured by require-times).

We can replace the out of date library with some REST calls using Axios in our examples: https://www.tumblr.com/docs/en/api/v2

Answer 1 · 2023-07-20T12:07:36.000Z

Ref: I created tumblr/tumblr.js#91 in March 2020, over three years ago.

Other folks mentioning the lack of maintenance:
tumblr/tumblr.js#96
tumblr/tumblr.js#144
tumblr/tumblr.js#101

Answer 2 · 2023-07-20T18:19:32.000Z

Fixed by b2a5a7d

Answer 3 · 2023-07-21T14:14:46.000Z

I hope to have a new release of tumblr.js soon and it could be brought back then 🙂

Answer 4 · 2023-07-22T02:16:14.000Z

@sirreal thanks for looking into it, but I am concerned about your team's resourcing and prioritization for maintenance of the package in the long run. I am sure you and your colleagues are good developers, but it feels like there is a resourcing or prioritization issue from your management for monitoring and maintenance of the package. What I like to see is:

A solid year+ trend and history of monitoring, patching, bug fixes, addressing git hub issues and pull request with a reasonable SLA.
Addition of the package and its dependency hygiene to tumblr's bug bounty program. The hygiene may need to have a reasonable SLA, like if we don't fix something within 30 days and you report it to the bounty program ...
Addressing the performance issues. I don't want to add 7 sec to the apps startup time when adding a single line const tumblr = require('tumblr.js'); . The 7 sec was 15% of the require load times in hackathon starter during my last profiling. The app loads up 15% faster now without the dependency. The startup time does matter when a dev has to restart the app over and over as they build feature and bug fix their app.

Ref/background: my and other git hub issues at https://github.com/tumblr/tumblr.js/issues

Answer 5 · 2023-08-31T14:03:27.000Z

Tumblr.js v4 has been released, and I hope you see it's addressed the issues you've outlined.

Addressing the performance issues. I don't want to add 7 sec to the apps startup time when adding a single line const tumblr = require('tumblr.js'); .

I agree, that is unacceptable and frankly ridiculous. You should see it's no longer a problem with v4:

time node -e 'console.log(require("tumblr.js").Client.version)'
# 4.0.0
# 0.04s user 0.01s system 101% cpu 0.053 total

I'd be happy to contribute a PR bringing this up to date with tumblr.js v4.