The bcrypt module has out dated dependencies that are generating lots of 'deprecated' messages when installing Node-RED. The lack of activity on the module means I don't hold out much hope they will do the work to update their dependency.
One option is to move fully over to bcryptjs - which we already require as a fallback for when bcrypt couldn't install on a given platform.
However that module doesn't get any attention either and whilst it has zero dependencies, it does have out of date devDependencies - so much so it isn't currently possible to clone the repo and run npm install for it.
Instead, I've moved over to @node-rs/bcrypt that uses rust under the covers. As far as I can tell, they have pretty good platform support in terms of os/arch combinations (https://www.npmjs.com/package/@node-rs/bcrypt). But I'm keeping the fall back to bcryptjs just in case.
Also updated the script we use to verify dependency updates are made across all package.json files to include the optionalDependencies section that this module lives under.
The
bcryptmodule has out dated dependencies that are generating lots of 'deprecated' messages when installing Node-RED. The lack of activity on the module means I don't hold out much hope they will do the work to update their dependency.One option is to move fully over to
bcryptjs- which we already require as a fallback for whenbcryptcouldn't install on a given platform.However that module doesn't get any attention either and whilst it has zero dependencies, it does have out of date
devDependencies- so much so it isn't currently possible to clone the repo and run npm install for it.Instead, I've moved over to
@node-rs/bcryptthat uses rust under the covers. As far as I can tell, they have pretty good platform support in terms of os/arch combinations (https://www.npmjs.com/package/@node-rs/bcrypt). But I'm keeping the fall back tobcryptjsjust in case.Also updated the script we use to verify dependency updates are made across all package.json files to include the
optionalDependenciessection that this module lives under.