he's 20

pretty funny and indicative of the JS ecosystem, it's either a big VC backed company that is essentially closed source or like 1 overwhelmed guy. Seems like we need a healthy middle ground?

​@@MrJfergs it takes time to build and maintain this stuff, it's not cheap or free.

@@malcolmn.5222 yeah that's fair, not blaming anyone who doesn't want to work on open source all the time. Just think a healthy middle ground is best. If you think about the rails or laravel eco system these have some of the best characteristic of open source and private companies IMO. Since there is no centralized batteries included framework in the JS ecosystem it seems that we have either extreme? Auth.js should be better as well as passport.

He created it for himself basically, because he found that all other solutions sucked for his project. Now he deprecates it because it sucks for his projects.

yup, I reposted that tweet, but I didn't want to bring it up on youtube

@WebDevCody I can respect that

Having to do more work than you planned is never good news

@@o_glethorpe if you think the importance of auth, spending 15 minutes to refactor your app so it uses one less dependency while helping you truly understand what’s going on under the hood is a great trade off imo

@@o_glethorpeSpending 15 minutes for authentication is totally fine. This allows you to now depend on one less dependency while expanding your understanding of what’s going under the hood. Overall that’s a good trade off for me.

What will you write when he deprecates Oslo and Arctic next?

@@Ss-zg3yj your sense of entitlement over other peoples work is honestly alarming pal. If you are scared he will deprecate those as well, implement them yourself, find other packages or pay for a company. Don’t complain that others aren’t doing your job for you to the level that you want.

Based Awad

seems like cody is using convex most of the time so I am not sure if he really agrees?

Whats the problem? Like rolling your own auth is like 1hour right now using docs from lucia? Vps is also not hard to do. But if u are slacker thats the problem. LOL

made an express app like that, too lazy to take out the auth and make it standalone, but i think it’s probably the best way to handle these kind of scenarios with packages deprecating everyday.

Thanks man!

Ofc :) Just advertised your starter kit (& Gumroad product) in one of my local dev whatsapp groups. The world need to know ... :) Just doing my part. Thanks plenty also 🙏

Not when an enterprise needs a more complicated auth like 2FA, biometrics, etc. For hobby projects... sure. Go with username and password. For others, there's Eartho and WorkOs Authkit that offers this for free.

I think "rolling your own auth" means different things to different people. Some think it means doing everything from scratch like encryption, encoding/decoding etc. while others think about the session management part and DB related stuff that you build on top of all that low level work. I would never do everything from scratch, but yeah just doing session management and creating users in a DB isn't that scary as long as you are using some trusted libraries to do all of that security related work. And I think this problem is actually specific to JS ecosystem that these things are so heavily delegated to 3rd party services. Frameworks like Laravel (PHP) and .NET (C#) have authentication baked into the framework and people using those aren't afraid of auth work at all. Even WordPress comes with auth out of the box and I haven't seen people use a 3rd party service there for auth.

Thank God? Did you not see the video, and how easy it was to switch from it? If you had used Lucia, you would've spent a couple of hours, maybe less switching from it. No big deal

@@icestonks2555 The app has 10,000+ users with a complex infra. It had 3 applications. One for Agencies, Healthcare workers, and clients. Authentication plus Authorization that had to be logged into the DB which was also replicated onto another database. Nothing about it was simple.

I mean, it's maintained by a core team living in a war zone

@@WebDevCody not really a war zone tbh

@@developer217 they have rolling blackouts and need back up generators to use their computers reliably. Sure they're not getting shot at while coding but I think living in a country that is being invaded means you are in a potential war zone.

Yeah, I’m pretty sure I have

I never used it

If you don't mind, could you share it?

🎉

Bro what ☠️

dude..

Damn grandma got deprecated as well 💀

@@developedbyed too soon

Go for it, let us know how it goes maybe we can use your Auth library next

Yeah, someone can create a fork. Or, you as a user can just save a local copy and use that. The problem with both of those scenarios is that in a year or 10 from now when someone finds an exploit in one of the methods, you are now down a long and winding road with monsters. If the library was not deprecated, the maintainer would hopefully put out a fix, you'd update your npm and be good to go. But when you're on your own, now that's on you. In a lot of domains this isn't a big issue, but in auth and security, it's a much greater concern for obvious reasons. This is why people say, "auth is hard." And it's why so many people are using things like Clerk.

yeah, I mean anyone can fork it and rebrand the name of the library, but the library pretty minimal that just copy + pasting the code isn't that hard to do.

Yeah probably, only took like 30 min to refactor so all is well