kelektiv/node.bcrypt.js

npm warn deprecated inflight@1.0.6

HamzaMeneceur opened this issue · 4 comments

Issue with bcrypt and inflight@1.0.6

I received an npm warning regarding the use of inflight@1.0.6 as a sub-dependency of bcrypt, indicating that this module is deprecated, unsupported, and has memory leaks. Here's the complete warning message:

npm warn deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.

Dependencies Structure

dependencies
  • bcrypt: ^5.1.1
  • cors: ^2.8.5
  • debug: ^4.3.5
  • dotenv: ^16.4.5
  • express: ^4.19.2
  • express-rate-limit: ^7.3.1
  • helmet: ^7.1.0
  • joi: ^17.13.1
  • jsonwebtoken: ^9.0.2
  • pg: ^8.12.0
  • winston: ^3.13.0
  • xss: ^1.0.15
devDependencies
  • @types/express: ^4.17.21
  • @types/node: ^20.14.2
  • @types/pg: ^8.11.6
  • nodemon: ^3.1.3
  • rimraf: ^5.0.7
  • typescript: ^5.4.5

Problem Details

I want to avoid using inflight@1.0.6 due to its known issues and npm's warning. Currently, I'm using Node.js version v20.14 and Ubuntu.

Steps Taken

  • Checked existing issues, including closed ones, to see if this problem has been reported before.
  • Installed all required dependencies as specified in the project's readme file.
  • Checked npm error logs to identify any lines indicating failures, usually related to incorrect dependencies needed to build the native module.

Additional Information

  • Node.js Version: v20.14
  • Operating System: Ubuntu

Any assistance in resolving this issue would be greatly appreciated. Thank you!

P.S. I understand the importance of providing detailed information to facilitate issue resolution. I aim to avoid having my issue closed without a resolution, which can happen when insufficient information is provided.

Facing same issue

"npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful."

What I found at stackoverflow:

If you dig into package-lock.json, you can see that this is because vite is using the @typescript-eslint package, which require an outdated version of eslint, which in turn use an outdated version of file-entry-cache, which use an outdated version of flat-cache, which use an outdated version of rimraf, which use an outdated version of glob, which use inflight@1.0.6.

Unfortunately you have to wait for @typescript-eslint to release a new version that use eslint 9 to get rid of this warning.

SRC: https://stackoverflow.com/questions/78527247/have-used-npm-create-vitelatest-but-after-finishing-the-compilations-am-getting

Certainly! Thank you for your input on this issue.

I've decided to explore an alternative approach using a different package, and I'd like to close the issue now.
I appreciate your valuable assistance!

Kindly, What is the alternative you have settled for?