Closed benmccann closed 3 months ago
socket-security[bot]
commented
3 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/argon2@0.40.3 | None | +2 |
1.28 MB | ranisalt |
| npm/node-gyp-build@4.8.1 | environment, filesystem | 0 |
13.4 kB | mafintosh |
🚮 Removed packages: npm/argon2@0.31.2, npm/node-gyp-build@4.7.1
benmccann
commented
3 months ago Since argon2 is a devDependency, it's not related to https://github.com/vercel/nft/issues/421
Could you clarify your comment from https://github.com/vercel/nft/pull/407#issuecomment-2113765135? I thought you were saying the only reason @mapbox/node-pre-gyp is in dependencies is because argon2 uses it. The old version of argon2 depends on it, but the new version doesn't, so it sounded to me like upgrading argon2 would allow us to remove @mapbox/node-pre-gyp thus fixing https://github.com/vercel/nft/issues/421
styfle
commented
3 months ago @benmccann My comment was about replacing @mapbox/node-pre-gyp with our own implementation since its only using find(). I was using argon2 as an example of one of the packages that uses @mapbox/node-pre-gyp since I've never used it before so I had to look at how its used in real packages.
benmccann
commented
3 months ago Ah, I see. Thanks for clarifying. I'll go ahead and close this then since it won't help with my goal of resolving https://github.com/vercel/nft/issues/421
ref https://github.com/vercel/nft/issues/421. I think this should unblock that issue, but I believe there is more required. Would you be able to fix it as a follow up or at least provide some pointers?