Proposal: Deprecate this package

[rekmarks]

It's served many people well for many Ethereum-years, but the time has come to let this go. The precipitating event was trying and failing to add tests of this package in Node 14 and 16 in #368.

"Deprecation" means:

1. Continuing to push security updates for at least a year
2. No more feature updates or non-security-related bug fixes (this has effectively been the case since 2020-05-27)
3. Setting a final EOL date, after which no more fixes will be pushed
4. npm deprecate-ing all versions of this package, with the EOL date and security-updates-only policy in the deprecation message.

[kumavis]

https://www.npmjs.com/package/web3-provider-engine check the versions page, downloads really scattered across the version spectrum

[kumavis]

its been reduced to mostly just a shell over json-rpc-engine and eth-json-rpc-middleware, so ideally maintenance burden is small.

is this in use by metamask mobile via @metamask/controllers?

to clarify, im not strongly advocating for keeping this repo active, just seeking more info

I think the Node 14 and 16 issue can be resolved by deprecating the vm middleware, its very outdated anyways. the new ethereumjs-vm implementation does not provide the hooks we need

[kumavis]

eth-faucet also currently uses provider-engine

[mcmire]

I agree with this and am pinning this to the top of the issues list so we don't forget.

As a part of deprecating this and moving our own packages to use json-rpc-engine, we should also try to help our colleagues within ConsenSys move off of this package. Truffle's hdwallet-provider would be one such example: https://github.com/trufflesuite/truffle/tree/develop/packages/hdwallet-provider.

[mcmire]

I think we should start talking about this again. Since I last posted:

• We've consolidated the implementation of NetworkController (the module in our wallet architecture we use to talk to the network) between both our browser extension and mobile app.
• The consolidated version of NetworkController no longer uses web3-provider-engine and now uses our json-rpc-engine middleware stack.
• Truffle is being sunset. This was the last of the libraries that we (Consensys) produced which still used web3-provider-engine.

As a result, I don't think we should push any new changes to this library. Instead, I think we should deprecate the library on NPM, change the message in the README to indicate as such, and we should archive this repo instead.

What do we think?

[SebastienGllmt]

If anybody else also got sent by chatGPT to this library and is trying to figure out how to upgrade, here is most likely what you need

import Web3 from 'web3';
import { JsonRpcEngine } from '@metamask/json-rpc-engine';
import { providerFromEngine } from '@metamask/eth-json-rpc-provider';

const rpcUrl = ...; // fill in your RPC url here

const engine = new JsonRpcEngine();

// custom middleware to log requests as they happen
engine.push((req, _, next) => {
  console.dir(req, { depth: null });
  next();
});

engine.push(createFetchMiddleware({ btoa, fetch, rpcUrl }));

const provider = providerFromEngine(engine);
// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
const web3 = new Web3(provider as any);

[Gudahtt]

Done in #469