Closed benmccann closed 3 months ago
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
Package | New capabilities | Transitives | Size | Publisher |
---|---|---|---|---|
npm/argon2@0.40.3 | None | +2 |
1.28 MB | ranisalt |
npm/node-gyp-build@4.8.1 | environment, filesystem | 0 |
13.4 kB | mafintosh |
🚮 Removed packages: npm/argon2@0.31.2, npm/node-gyp-build@4.7.1
Since argon2 is a devDependency, it's not related to https://github.com/vercel/nft/issues/421
Could you clarify your comment from https://github.com/vercel/nft/pull/407#issuecomment-2113765135? I thought you were saying the only reason @mapbox/node-pre-gyp
is in dependencies
is because argon2
uses it. The old version of argon2
depends on it, but the new version doesn't, so it sounded to me like upgrading argon2
would allow us to remove @mapbox/node-pre-gyp
thus fixing https://github.com/vercel/nft/issues/421
@benmccann My comment was about replacing @mapbox/node-pre-gyp
with our own implementation since its only using find()
. I was using argon2 as an example of one of the packages that uses @mapbox/node-pre-gyp
since I've never used it before so I had to look at how its used in real packages.
Ah, I see. Thanks for clarifying. I'll go ahead and close this then since it won't help with my goal of resolving https://github.com/vercel/nft/issues/421
ref https://github.com/vercel/nft/issues/421. I think this should unblock that issue, but I believe there is more required. Would you be able to fix it as a follow up or at least provide some pointers?