Dependecy on deprecated node-scrypt
thaarok opened this issue · 2 comments
The packge depends on "node-scrypt" package which is deprecated:
#WARNING!!! This module is deprecated. Instead, use https://nodejs.org/api/crypto.html#crypto_crypto_scrypt_password_salt_keylen_options_callback
The package fails to build in last released version and it prevents to npm install projects having that or THIS package in dependencies:
web3/web3.js#3408 (comment)
(I had the same build issue on Fedora Linux in app with keythereum dependency - the scrypt was failing to build.)
The fix for this is merged, but the package maintainer is unable to release fixed version:
barrysteyn/node-scrypt#197 (comment)
The only solution is to use version from git:
npm install github:barrysteyn/node-scrypt#fb60a8d3c158fe115a624b5ffa7480f3a24b03fb
But that is pretty complicated if your package depends indirectly, like through keythereum.
You need to hack it using npm-shrinkwrap and lock all your dependencies on specified versions. (Which is not usable for libraries.)
Also the package author recommends to not use node-scrypt:
Sorry guys, I was having a bit of trouble updating things. I do intend to publish soon though.
Quick question for anyone out there: I was under the impression that Node provides Scrypt encryption in it's own core libraries. If so, why are people still using this?
Are there any plans to remove or replace this dependency?
Thanks!
Hey @hkalina, I upgraded to scrypt-js in #81 however I'm not sure if we've done a release yet. Could you try using the code from the master branch?
Seems it is already fixed in 1.2.0, wrong version on my side - sorry - closing issue.