When people say KOA2, what exactly are they saying?
Question
Does anybody know what the relationship is between KOA and KoA2 in NPM?
Recently I was trying to use the KOA framework, and I was wondering which of the two code repositories in NPM, KOA and KoA2, What should I use? Or, when people say Koa2, they mean KOA 2.x and not Koa2 in npm?
If I want to use koa2, what code repositories should I use? koa or koa2?
Can anyone help me? Many thanks.
1 answers
solution1
0 2020-10-09 17:25:02
I just installed both of these side-by-side and diffed the installed code.
The NPM package koa2 at npmjs.com/package/koa2 is a clone , not a fork of the NPM package koa@2.0.0-alpha.7 at npmjs.com/package/koa — with some minor changes.
Stuff like this can pose security issues. The problem is that Evildoers™ publish NPM packages with names similar to a popular package. That package contains a trojan of some sort. People install it either by making a typo and not realizing it or by being confused about which is the real deal. So there's that.
In this case, I do not believe koa2 is malignant, but I would stay away from it.
Especially since Koa itself is currently (9 October 2020) at version 2.13.0.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.