←back to thread

272 points abdisalan | 2 comments | | HN request time: 0.51s | source
Show context
speedgoose ◴[] No.42175877[source]
I would heavily recommend to avoid NodeJS packages that depend on node-gyp. Node-gyp powered dependencies are very seldomly worth the hassle.

If you must depend on node-gyp, perhaps use dev containers so at least every developer in your team can work most of the time.

replies(4): >>42175988 #>>42176323 #>>42185890 #>>42191185 #
vivzkestrel ◴[] No.42191185[source]
one of the most crucial packages that use node-gyp are bcrypt and argon2. Both are needed heavily for password hashing while implementing authentication and while pure js alternatives are available, they run terribly
replies(2): >>42191555 #>>42196458 #
itsjzt ◴[] No.42196458[source]
Use bcryptjs https://www.npmjs.com/package/bcryptjs
replies(1): >>42200943 #
1. vivzkestrel ◴[] No.42200943[source]
i did mention "and while pure js alternatives are available, they run terribly"
replies(1): >>42209835 #
2. incrudible ◴[] No.42209835[source]
Slow is much faster than it not working at all. If this is a project that you might not touch for months or years, perhaps having fast bcrypt is not that important.