v0.4.2 - Performance & UX Improvements
🚀 Performance & User Experience Improvements
Based on technical review feedback, v0.4.2 delivers two critical enhancements that significantly improve both production UX and performance.
🎯 Key Improvements
1. Automatic Token Refresh
Problem Solved: Users were unexpectedly logged out after 1 hour when ID tokens expired, even though refresh tokens remained valid for 7 days.
Solution: LatchProvider now automatically refreshes sessions 5 minutes before token expiry.
Benefits:
- ✅ Users stay logged in for the full 7-day refresh token lifetime
- ✅ No more surprise logouts mid-session
- ✅ Seamless background refresh with proper cleanup
- ✅ Handles edge cases (tab close, multiple tabs, expires soon)
Implementation:
// Automatic - no code changes needed!
<LatchProvider>
{children}
</LatchProvider>The refresh timer automatically sets up when a user authenticates and cleans up on logout or unmount.
2. PBKDF2 Key Caching
Problem Solved: Cookie encryption was deriving the AES key with 100,000 PBKDF2 iterations on every seal/unseal operation (~10-20ms overhead).
Solution: Derived keys are now cached in memory, keyed by secret.
Performance Impact:
- First operation: ~10-20ms (key derivation)
- Subsequent operations: <1ms (cached key)
- Improvement: 10-20x faster
Benefits:
- ✅ Massive performance gain for high-traffic apps
- ✅ Reduced CPU usage under load
- ✅ Zero security trade-off (secret already in memory)
- ✅ Supports secret rotation automatically
Technical:
// Automatic caching - no code changes needed!
const sealed = await seal(userData, secret); // Fast!
// Optional: Manual cache clearing for testing
import { clearKeyCache } from '@lance0/latch';
clearKeyCache();📦 Installation
npm install @lance0/latch@0.4.2🔄 Migration from v0.4.1
Breaking Changes: None! Fully backward compatible.
Action Required: None - improvements are automatic.
Just update your package and enjoy better performance and UX:
npm update @lance0/latch📊 Technical Details
Auto-Refresh Implementation
- Uses React useEffect with dependency on user.exp timestamp
- Calculates time until expiry and sets setTimeout
- Refreshes 5 minutes before expiry (configurable buffer)
- Proper cleanup prevents memory leaks
- Safe for multiple tabs (each refreshes independently)
Key Cache Implementation
- Module-level Map<string, CryptoKey> cache
- Cache key is the secret itself
- New secrets automatically create new cache entries
- Export clearKeyCache() for testing/manual invalidation
- Cache is per-process (doesn't leak across requests)
🧪 Testing
New Tests Added:
- ✅ Key caching performance test
- ✅ Multiple secrets independence test
- ✅ Manual cache clearing test
All Existing Tests:
- ✅ 164 tests passing (3 new tests added)
- ✅ No regressions
- ✅ TypeScript compilation clean
📝 Full Changelog
Added
- Automatic Token Refresh - LatchProvider auto-refreshes sessions before expiry
- PBKDF2 Key Caching - Derived keys cached for 10-20x performance gain
clearKeyCache()export for testing/manual cache invalidation
Performance
- Cookie encryption: ~10-20ms → <1ms (after first operation)
- Reduced CPU usage under high load
- Seamless session management without database queries
User Experience
- Users stay logged in for full refresh token lifetime (7 days)
- No more unexpected 1-hour logout due to ID token expiry
- Automatic background session refresh with 5-minute buffer
🙏 Credits
These improvements were implemented based on feedback from a comprehensive technical review identifying production pain points.