Since gravatar is a very simple system where the hashes represent an email that has gone through an MD5 hashing function, it's very easy to decrypt a gravatar and get back the original email that created the hash.
Graphics cards in 2008 were able to encrypt 160mil hashes a second and it's not difficult to run through the alphabet to create a list of all hashes to emails. Alongside that, Gravatar had a leak in 2021 that exposed 167 million profiles and you can use free online tools for converting hashes to emails.
This means that any application that uses gravatar images are basically exposing the emails of those users as well just by using it.
I think this repository should be deprecated and a warning added when installing via NPM to warn people to not use gravatar.
Since gravatar is a very simple system where the hashes represent an email that has gone through an MD5 hashing function, it's very easy to decrypt a gravatar and get back the original email that created the hash.
Graphics cards in 2008 were able to encrypt 160mil hashes a second and it's not difficult to run through the alphabet to create a list of all hashes to emails. Alongside that, Gravatar had a leak in 2021 that exposed 167 million profiles and you can use free online tools for converting hashes to emails.
This means that any application that uses gravatar images are basically exposing the emails of those users as well just by using it.
I think this repository should be deprecated and a warning added when installing via NPM to warn people to not use gravatar.