Closed eau-de-la-seine closed 8 months ago
These are dev dependencies, bcrypt doesn't need mock-aws-sdk to run.
Bcrypt however needs node-pre-gyp to install itself, node-pre-gyp requires AWS-sdk. It should be possible to exclude certain modules from embedding.
PS: bcrypt and other native addons don't like to be embedded and may not work due to differences in paths for their native counterparts.
Yes mock-aws-s3
and even aws-sdk
are declared as dev dependencies but they're used in a production file.
When I import bcrypt
, bcrypt
itself imports var nodePreGyp = require('@mapbox/node-pre-gyp');
, and if I check node_modules/@mapbox/node-pre-gyp/lib/node-pre-gyp.js
it imports exports.mockS3Http = require('./util/s3_setup').get_mockS3Http();
that contains const AWSMock = require('mock-aws-s3');
Maybe these AWS dependencies are never used and I just encounter them because I use esbuild
(very powerful but not very configurable) that recursively analyze imported dependencies. Anyway in order to make bcrypt
work, I had to install aws-sdk
and mock-aws-s3
explicitely, but these indirect requirements from @mapbox/node-pre-gyp
are not mentioned in bcrypt
's README
Just noticed there's a node-pre-gyp issue about this problem that exists since July 6!
Yeah, we don't have control over what node-pre-gyp is doing.
We are trying to move away from node-pre-gyp and use prebuildify, should land in v6 which is due soon.
Yeah, we don't have control over what node-pre-gyp is doing.
We are trying to move away from node-pre-gyp and use prebuildify, should land in v6 which is due soon.
How soon will this happen?
No work around for this, no?
Yeah, we don't have control over what node-pre-gyp is doing. We are trying to move away from node-pre-gyp and use prebuildify, should land in v6 which is due soon.
Any word on a fix? I'm having the most frustrating time bundling my app with esbuild because of this. Anybody find a workaround that does not require changing my dependencies, etc.?
No work around for this, no?
Hi @Aid19801 , for me the solution was to use bcryptjs
(it's bcrypt with pure JS implementation)
Advantages:
bcrypt
contract, I just had to change the dependency from bcrypt
to bcryptjs
in package.json
, zero code to changeDrawbacks:
bcryptjs
is slower than bcrypt
, but the bcrypt algorithm is slow in general. That drawback wasn't really a problem for me because I already execute the bcrypt algorithm in a AWS Lambda Authorizer which has a 5 minutes cacheSorry for my naivety, but is it ok to use a lib that has not been updated for 6 years ?? Last update of bcryptjs 6 years!
I noticed some of the difficulty in installation happens when trying to install bcrypt on a nodejs 19 engine. I had to downgrade my nodejs before it worked.
the same problem
✘ [ERROR] Could not resolve "mock-aws-s3"
node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js:43:28:
43 │ const AWSMock = require('mock-aws-s3');
╵ ~~~~~~~~~~~~~
You can mark the path "mock-aws-s3" as external to
exclude it from the bundle, which will remove this
error. You can also surround this "require" call with
a try/catch block to handle this failure at run-time
instead of bundle-time.
✘ [ERROR] Could not resolve "aws-sdk"
node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js:76:22:
76 │ const AWS = require('aws-sdk');
╵ ~~~~~~~~~
You can mark the path "aws-sdk" as external to
exclude it from the bundle, which will remove this
error. You can also surround this "require" call with
a try/catch block to handle this failure at run-time
instead of bundle-time.
✘ [ERROR] Could not resolve "nock"
node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js:112:23:
112 │ const nock = require('nock');
╵
I use nx and node.s( v18.12.1)
Still getting this issue!
The Same is here
I'm facing the same issue even after installing https://www.npmjs.com/package/node-gyp.
Still getting this issue.
Same issue on my side 😅
Same here
Same here
... and same here
still have this issue, not sure if we still are waiting for v6 for this to be fixed
Still having this issue :D
catastrophical exception. Are there any other solution?
catastrophical exception. Are there any other solution?
You can exclude it from the bundle.
Sen help please, I'm stuck too.
Still got it. 2024...
The fix for the issue for me was excluding those packages when building;
"build": "esbuild src/index.ts --bundle --minify --sourcemap --platform=node --target=es2022 --outfile=dist/index.js --external:aws-sdk --external:nock --external:mock-aws-s3 --loader:.html=text",
I added these lines in the build code and worked fine for me.
No work around for this, no?
Hi @Aid19801 , for me the solution was to use
bcryptjs
(it's bcrypt with pure JS implementation)Advantages:
- Completely fits
bcrypt
contract, I just had to change the dependency frombcrypt
tobcryptjs
inpackage.json
, zero code to change- Implementation is pure JS, there's no problem related to third party dependencies
Drawbacks:
bcryptjs
is slower thanbcrypt
, but the bcrypt algorithm is slow in general. That drawback wasn't really a problem for me because I already execute the bcrypt algorithm in a AWS Lambda Authorizer which has a 5 minutes cache
This solved my problem! Just replaced bcrypt
with bcryptjs
and it just worked. No coding changes required. Even though is 6-7 years without updates, seem to work fine.
Encountered error
When I execute this
esbuild
command:I encounter the following error:
Analysis
As you can see, the
bcrypt
lib is using thenode-pre-gyp:1.0.10
dependency that has as3_setup.js
production file that containsmock-aws-s3
(a testing library) andaws-sdk
... doesbcrypt
need that? Isn't this a security issue?Question
Am I really supposed to embbed
mock-aws-s3
andaws-sdk
dependencies in order to usebcrypt
?bcrypt
README file does not tell to install these AWS dependenciesbcrypt
should add them in itspackge.json
dependencies block, no?My env: NodeJS:
v16.17.1
on Ubuntu 20.04 LTS, I'm usingnpm
+esbuild
Thanks