julien-f
commented
6 years ago bcrypt is a native library which, while performant, can fail to install, that's why bcrypjs is used as a fallback.
Open firrae opened 6 years ago
julien-f
commented
6 years ago bcrypt is a native library which, while performant, can fail to install, that's why bcrypjs is used as a fallback.
firrae
commented
6 years ago @julien-f That's not necessarily my issue, I'm curious as to why bcrypt/bcryptjs are forced at all? I only plan on using Argon2 yet to using this library's nicer API I have to accept bcrypt being downloaded as well even though I never plan to use it.
julien-f
commented
5 years ago The idea behind this library is to completely abstract the crypto details, such as the used algorithm.
If I were to remove support for an algo, users would find themselves with unusable hashes, I cannot do this.
But I removed the native bcrypt library from the peer dependencies and made Argon2 the default algo.
Hey there,
Just installed to use some of the nice extras this lib adds to Argon2 but I noticed that the package depends on bcrypt as well as has it named as a peer meaning that even those not wanting to use bcrypt are forced to have it downloaded.
Is this intended? If not I can do a PR for it. It's a fairly trivial fix, I just want to make sure there's not a specific reason it's forced before doing so.
Thanks,
Steve