-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Version upgrade from 1.3.0 to 1.4.0 produce different hashes #48
Comments
Hey @tanek100 Thanks for reporting. Version 1.3.0 was released in 2019 and several bugs have been fixed since then. The correct hashcode is Hashids uses a common algorithm with implementations in many languages so the others can be used to compare. Here's the canonical Javascript version also resulting in import Hashids from "hashids";
const hashids = new Hashids(
/* salt: */ "OhMySaltiestSalt+2!!!!",
/* minLength: */ 10,
/* alphabet: */ "bcdfghjkmnpqrstvwxyzBCDFGHJKLMNPQRSTVWXYZ3456789",
/* seps: */ "cfhistuCFHISTU"
);
const value = hashids.encode([500, 60123, 0]);
const decoded = hashids.decode(value);
console.log(`${decoded} => ${value}`);
document.getElementById("app").innerHTML = `${decoded} => ${value}`; Live test on codesandbox: https://codesandbox.io/s/hashids-demo-forked-z9tbpj?file=/src/index.ts |
@manigandham Just updated from 1.3.0 to 1.6.1, and this is a huge problem. This is a breaking change that completely invalidates all the IDs generated previously, which also means that old IDs generated by 1.3.0 can't be decoded anymore. And since this is a breaking change, I feel like the version number should've been bumped to 2.x.x... What is the suggested upgrade path here? Is there any way to force 1.4.0+ to use the legacy algorithm that is consistent with 1.3.0? It seems like everyone using 1.3.0 are now stuck with it for eternity. |
I used old version on webapi to double check if old code and updated my package to new version. I first check if code gets decoded with the new version, if not then check from webapi. When the web api is no longer needed (takes about a year to fase out all the old codes in our case), i can remove the dependency and move on. |
In my case, all the generated IDs are fixed forever, so that's not an option, unfortunately... |
The version was originally incremented to 2.0.0 but reverted back in #29 discussion. Unfortunately too late to change that now. Can't add a "legacy" option since that version had too many bugs and it would be too much complexity to add back into this library. However if you need 1.3.0, you can include code from that version directly in your project. It's a single file/class and self-contained so you can rename it to Here's the file from that 1.3.0 tag: https://github.com/ullmark/hashids.net/blob/78486e39f90979beb892db8b0961fe95d33f931c/src/Hashids.net/Hashids.cs |
@ZimM-LostPolygon @manigandham Yes, to elaborate a bit: AFAIK, the 1.4.0 upgrade never meant to change anything regarding the encoding, it was a bug that unit tests never caught (An old bug not introduced there?). So it would have been weird to bump to 2.0.0 there maybe. But also as I wrote in the PR @manigandham linked; at the time https://hashids.org/ contained a list of which ports of Hashids had upgraded the algoritm (The early versions produced different "hash"-strings) by referring to a "version" and displayed that in a table. So I felt we couldn't go bananas and be on version 5 or something, when all the other ports used a different strategy. That table have since been removed, so maybe we could be more true to Semver now. |
Problem
Version upgrade should not change hash, if salt, alphabet, minimum length have not been changed. Tested with .NET 6 console application.
Results:
v1.4.0
v1.3.0
Code to reproduce
The text was updated successfully, but these errors were encountered: