cryptocoinjs / keccak

Keccak sponge function family
MIT License
86 stars 24 forks source link

Question: What's the reason for running `node-gyp rebuild` on install? #3

Closed lukehedger closed 4 years ago

lukehedger commented 6 years ago

Just wondering the reason behind running node-gyp rebuild on the install hook? This makes an install of the library pretty intensive so sure there is a sound reason behind it but be good to understand this. Thanks!

https://github.com/cryptocoinjs/keccak/blob/master/package.json#L34

fanatid commented 6 years ago

Not sure that I understand question. Are we use node-gyp in wrong way?

maxpaynestory commented 6 years ago

@lukehedger is right

npm install keccak

fails when trying to build it with node-gyp. It also try to find python executable in order to build it.

fanatid commented 6 years ago

@maxpaynestory can you explain?

maxpaynestory commented 6 years ago

When i do

npm install keccak

during installation keccak try to build it with node-gyp

node-gyp rebuild

and it fails giving the following error

gyp ERR! stack Error: Can't find Python executable "python", you can set the PYTHON env variable.

It seems like build process use python which is not available on my machine.

fanatid commented 6 years ago

@maxpaynestory changing node-gyp rebuild to node-gyp install will not fix your issue. If you want compiled bindings you should setup your environment. If you use windows, this should be helpful: https://github.com/cryptocoinjs/secp256k1-node#windows

fvictorio commented 5 years ago

@fanatid I think the OP is referring to the fact that you need to rebuild keccak every time you install it.

I don't know much about node-gyp and its ecosystem, but I looked around to see how other projects handle this. Most of them seem to use node-pre-gyp (for example, nodegit, node-libcurl, node-sqlite3, etc.). From what I can tell, this builds the module for several platforms and uploads it somewhere (S3 by default) and then, when someone installs the module, it checks if the binary for the user's platform is available for download. If it's not, then it's compiled with node-gyp.

node-sass doesn't use node-pre-gyp, but apparently it does something similar, using GitHub releases as the binary repository.

Sorry if you already knew all of this, but it might be useful if you didn't :slightly_smiling_face:

fanatid commented 5 years ago

We had prebuild binaries in the past, but then it was removed (as possible security vulnerability).

fvictorio commented 5 years ago

That makes sense, thanks! It's a pity, since this adds some friction when installing web3, but if it can't be helped security-wise, then I guess it's just the way it is.

fanatid commented 4 years ago

I added prebuild/node-gyp-build, so addon building should not be run often. (will be run only if prebuilds not exists)