(abdisalan.com)

272 points abdisalan | 2 comments | 18 Nov 24 18:24 UTC | HN request time: 0.45s | source

Show context

speedgoose ◴[18 Nov 24 19:19 UTC] No.42175877[source]▶

I would heavily recommend to avoid NodeJS packages that depend on node-gyp. Node-gyp powered dependencies are very seldomly worth the hassle.

If you must depend on node-gyp, perhaps use dev containers so at least every developer in your team can work most of the time.

replies(4): >>42175988 #>>42176323 #>>42185890 #>>42191185 #

vivzkestrel ◴[20 Nov 24 06:03 UTC] No.42191185[source]▶

>>42175877 #

one of the most crucial packages that use node-gyp are bcrypt and argon2. Both are needed heavily for password hashing while implementing authentication and while pure js alternatives are available, they run terribly

replies(2): >>42191555 #>>42196458 #

speedgoose ◴[20 Nov 24 07:32 UTC] No.42191555[source]▶

>>42191185 #

That would be a good argument to not implement authentication again and go with a solid authentication and authorisation software like Keycloak, Zitadel, or Ory Kratos.

replies(1): >>42191585 #

1. vivzkestrel ◴[20 Nov 24 07:38 UTC] No.42191585[source]▶

>>42191555 #

if only integrating keycloak was simple eh?

replies(1): >>42191847 #

2. speedgoose ◴[20 Nov 24 08:32 UTC] No.42191847[source]▶

>>42191585 (TP) #

If you are dealing with argon2 and bcrypt, I think you coud manage some JWT hell.

↑

The tragedy of running an old Node project