Dev Diary #27 - Async Accounts, OTPAuth, Migration Docs, and Ecosystem Maintenance
Long time no see. It feels like it has been a while since I had my usual sit-down with you guys to tell you about my latest OSS endeavors. Thankfully, this month has been immensely fruitful, and I feel that I’ve contributed positively to the ecosystem.
#14267 — Improve v3 migration guide with real-world migration insights — The final brick in the wall, where I took all of the learnings I had accumulated over my many Meteor migrations, especially the latest WeKan migration, and centralized them in one place. I even got Nacho’s stamp of approval, which makes me a tiny bit happier.
#14321 — Replace node-2fa with OTPAuth in accounts-2fa — Another mini PR that I’m proud of. While delving deeper into Meteor accounts, I noticed the usage of an old and unmaintained library, so I decided to replace it with a modern alternative. This is where LLM power shines the most. A contribution like this might have taken me a day or two, but thanks to LLMs, it was done in 10–20 minutes, most of which went into actually planning out the change, picking the alternative library, and deciding on the migration strategy, where I, of course, emphasized the importance of backward compatibility. A case in point for proper usage of LLM-powered development.
#14069 — Asyncify client-side calls — One of the biggest PRs that I’ve been waiting for and actively trying to push finally made it into 3.5. This is another step toward a truly async-compliant and ES6-friendly framework.
#14070 — Add loginWithTokenAsync, loginWithPasswordAsync — The third Meteor accounts contribution that helps us move the needle and make the DX of working with Meteor accounts in an async environment a true joy!
That was it for core. Now onto the Meteor Community Packages.
meteor-mocha #188 — Deps: meteor 3.4 — Jan updated the dev dependencies, bumped Meteor to 3.4, moved CI to Node 22 and Meteor 3.4, and updated the test drivers. Testing packages are never the flashiest part of the ecosystem, but if they lag behind, everyone else feels it.
meteor-timesync #60 — Meteor 3 compatibility release — This one has been around for quite a while, but it got another push. The PR targets Meteor 3 compatibility, and 1.0.0-beta.2 was published thanks to BastienRodz’s contribution. The Cordova/Capacitor path got special attention, with tests ensuring mobile clients force DDP transport while regular browser clients still use HTTP.
Lastly, general community packages:
quave:synced-cron #21 — Preserve synced-cron userId in nested method calls — This came out of a subtle context problem. Cron jobs were executed directly through entry.job(...), so nested server-side Meteor.callAsync calls didn’t have a current DDP method invocation. The result: this.userId inside the nested method became null.
The PR preserves the cron job userId across nested server-side method calls and adds a regression test to make sure the context doesn’t get lost again.
quave:slingshot #22 — Replace deprecated Buffer constructors in meteor-slingshot — Very small, very clean. Replaced deprecated Buffer() / new Buffer() usages with Buffer.from() and bumped quave:slingshot to 2.0.4.
This is the type of change that won’t make anyone clap, but it removes warning noise and keeps packages healthier on newer Node versions.
redis-oplog #424 — Meteor 3.4 compatibility — Still open, but I pushed follow-ups here too. The main work rewrites ObserveMultiplex.js to match Meteor 3.4’s callback semantics, updates observeChanges to the newer signature, and uses collection.direct to avoid collection hooks re-triggering on already-processed selectors.
I also added a regression test for direct collection refetch, fixed optimistic update ordering so it no longer flickers, replaced the old Redis GitHub Action with a native Redis service, and added Meteor 3.4 to the CI matrix. Locally, tests pass on 3.1.2, 3.2, and 3.4. Hopefully this gets reviewed soon because redis-oplog remains important for serious Meteor apps.
Monti APM agent #149 — Skip pubsub error tracking for deactivated subscriptions — A tiny PR against the fiberless branch. The fix avoids tracking pubsub errors when the session or subscription has already been deactivated. In practical terms, don’t try to report useful subscription error metadata after the subscription is already gone. Sometimes the best fix is just refusing to pretend dead state is alive.
There was also a small Android side quest.
capacitor-meteor-webapp #1 — Use AGP 9 compatible default ProGuard file and capacitor-community/keep-awake #87 — fix: AGP 9.0 no longer supports proguard-android.txt — Both PRs switch Android library config to getDefaultProguardFile("proguard-android-optimize.txt").
Android Gradle Plugin 9 rejects proguard-android.txt because it bundles -dontoptimize, which can make project configuration fail before you even get to the build. I hit this while testing downstream mobile work, fixed it in keep-awake, and opened the same fix for capacitor-meteor-webapp.
Again, not Meteor core directly, but this is the kind of ecosystem papercut that matters if we want Meteor apps to keep working well on mobile.