recrsn
commented
1 year ago Please update, bcrypt 3.0.6 generates insecure hashes and has a high severity CVE against it
Closed RadomirKus closed 1 year ago
recrsn
commented
1 year ago Please update, bcrypt 3.0.6 generates insecure hashes and has a high severity CVE against it
I know this might seem outdated but I have an old project which relies on bcrypt version 3.0.6 on nodejs 12. The problem is that when I try to install bcrypt package, the precompiled version cannot be donwloaded as https://github.com/kelektiv/node.bcrypt.js/releases/download/v3.0.6/bcrypt_lib-v3.0.6-node-v72-linux-x64-glibc.tar.gz results in HTTP 404.
It seems to me that someone forgot to put this specific tar in the release folder as all other v72 architectures as well as all other vXY node module versions for linux are available on the release site.
Steps to reproduce: node --version -> 12.13.0 npm init foo foo cd foo npm install bcrypt@3.0.6 -> node-pre-gyp WARN Tried to download(404): https://github.com/kelektiv/node.bcrypt.js/releases/download/v3.0.6/bcrypt_lib-v3.0.6-node-v72-linux-x64-glibc.tar.gz
Thank you