←back to thread

The tragedy of running an old Node project

(abdisalan.com)
272 points abdisalan | 7 comments | 18 Nov 24 18:24 UTC | HN request time: 0s | source | bottom
Show context
speedgoose ◴[18 Nov 24 19:19 UTC] No.42175877[source]
I would heavily recommend to avoid NodeJS packages that depend on node-gyp. Node-gyp powered dependencies are very seldomly worth the hassle.

If you must depend on node-gyp, perhaps use dev containers so at least every developer in your team can work most of the time.

replies(4): >>42175988 #>>42176323 #>>42185890 #>>42191185 #
1. vivzkestrel ◴[20 Nov 24 06:03 UTC] No.42191185[source]
one of the most crucial packages that use node-gyp are bcrypt and argon2. Both are needed heavily for password hashing while implementing authentication and while pure js alternatives are available, they run terribly
replies(2): >>42191555 #>>42196458 #
2. speedgoose ◴[20 Nov 24 07:32 UTC] No.42191555[source]
That would be a good argument to not implement authentication again and go with a solid authentication and authorisation software like Keycloak, Zitadel, or Ory Kratos.
replies(1): >>42191585 #
3. vivzkestrel ◴[20 Nov 24 07:38 UTC] No.42191585[source]
if only integrating keycloak was simple eh?
replies(1): >>42191847 #
4. speedgoose ◴[20 Nov 24 08:32 UTC] No.42191847{3}[source]
If you are dealing with argon2 and bcrypt, I think you coud manage some JWT hell.
5. itsjzt ◴[20 Nov 24 17:51 UTC] No.42196458[source]
Use bcryptjs https://www.npmjs.com/package/bcryptjs
replies(1): >>42200943 #
6. vivzkestrel ◴[21 Nov 24 03:55 UTC] No.42200943[source]
i did mention "and while pure js alternatives are available, they run terribly"
replies(1): >>42209835 #
7. incrudible ◴[21 Nov 24 23:44 UTC] No.42209835{3}[source]
Slow is much faster than it not working at all. If this is a project that you might not touch for months or years, perhaps having fast bcrypt is not that important.