←back to thread

272 points abdisalan | 1 comments | | HN request time: 0s | source
Show context
speedgoose ◴[] No.42175877[source]
I would heavily recommend to avoid NodeJS packages that depend on node-gyp. Node-gyp powered dependencies are very seldomly worth the hassle.

If you must depend on node-gyp, perhaps use dev containers so at least every developer in your team can work most of the time.

replies(4): >>42175988 #>>42176323 #>>42185890 #>>42191185 #
vivzkestrel ◴[] No.42191185[source]
one of the most crucial packages that use node-gyp are bcrypt and argon2. Both are needed heavily for password hashing while implementing authentication and while pure js alternatives are available, they run terribly
replies(2): >>42191555 #>>42196458 #
speedgoose ◴[] No.42191555[source]
That would be a good argument to not implement authentication again and go with a solid authentication and authorisation software like Keycloak, Zitadel, or Ory Kratos.
replies(1): >>42191585 #
vivzkestrel ◴[] No.42191585[source]
if only integrating keycloak was simple eh?
replies(1): >>42191847 #
1. speedgoose ◴[] No.42191847[source]
If you are dealing with argon2 and bcrypt, I think you coud manage some JWT hell.