(abdisalan.com)

272 points abdisalan | 3 comments | 18 Nov 24 18:24 UTC | HN request time: 0s | source

Show context

speedgoose ◴[18 Nov 24 19:19 UTC] No.42175877[source]▶

I would heavily recommend to avoid NodeJS packages that depend on node-gyp. Node-gyp powered dependencies are very seldomly worth the hassle.

If you must depend on node-gyp, perhaps use dev containers so at least every developer in your team can work most of the time.

replies(4): >>42175988 #>>42176323 #>>42185890 #>>42191185 #

vivzkestrel ◴[20 Nov 24 06:03 UTC] No.42191185[source]▶

>>42175877 #

one of the most crucial packages that use node-gyp are bcrypt and argon2. Both are needed heavily for password hashing while implementing authentication and while pure js alternatives are available, they run terribly

replies(2): >>42191555 #>>42196458 #

1. itsjzt ◴[20 Nov 24 17:51 UTC] No.42196458[source]▶

>>42191185 #

Use bcryptjs https://www.npmjs.com/package/bcryptjs

replies(1): >>42200943 #

2. vivzkestrel ◴[21 Nov 24 03:55 UTC] No.42200943[source]▶

>>42196458 (TP) #

i did mention "and while pure js alternatives are available, they run terribly"

replies(1): >>42209835 #

3. incrudible ◴[21 Nov 24 23:44 UTC] No.42209835[source]▶

>>42200943 #

Slow is much faster than it not working at all. If this is a project that you might not touch for months or years, perhaps having fast bcrypt is not that important.

↑

The tragedy of running an old Node project