Merge pull request #4744 from node-red/bcrypt-bump

Replace bcrypt with @node-rs/bcrypt
2025-03-01 10:36:34 +00:00 · 2024-06-10 16:16:19 +01:00 · 2024-06-10 16:16:19 +01:00 · 27fc89ba33
commit 27fc89ba33
parent 47dd08e74a 51edb1ef19
6 changed files with 24 additions and 18 deletions
--- a/package.json
+++ b/package.json
@ -83,7 +83,7 @@
        "xml2js": "0.6.2"
    },
    "optionalDependencies": {
-        "bcrypt": "5.1.1"
+        "@node-rs/bcrypt": "1.10.4"
    },
    "devDependencies": {
        "dompurify": "2.4.1",
--- a/packages/node_modules/@node-red/editor-api/lib/auth/users.js
+++ b/packages/node_modules/@node-red/editor-api/lib/auth/users.js
@ -17,7 +17,7 @@
 var util = require("util");
 var clone = require("clone");
 var bcrypt;
-try { bcrypt = require('bcrypt'); }
+try { bcrypt = require('@node-rs/bcrypt'); }
 catch(e) { bcrypt = require('bcryptjs'); }
 var users = {};
 var defaultUser = null;
@ -33,11 +33,11 @@ function authenticate() {
            if (args.length === 2) {
                // Username/password authentication
                var password = args[1];
-                return new Promise(function(resolve,reject) {
-                    bcrypt.compare(password, user.password, function(err, res) {
-                        resolve(res?cleanUser(user):null);
-                    });
-                });
+                return bcrypt.compare(password, user.password).then(res => {
+                    return res ? cleanUser(user) : null
+                }).catch(err => {
+                    return null
+                })
            } else {
                // Try to extract common profile information
                if (args[0].hasOwnProperty('photos') && args[0].photos.length > 0) {
--- a/packages/node_modules/@node-red/editor-api/package.json
+++ b/packages/node_modules/@node-red/editor-api/package.json
@ -35,6 +35,6 @@
        "ws": "7.5.6"
    },
    "optionalDependencies": {
-        "bcrypt": "5.1.1"
+        "@node-rs/bcrypt": "1.10.4"
    }
 }
--- a/packages/node_modules/node-red/package.json
+++ b/packages/node_modules/node-red/package.json
@ -44,7 +44,7 @@
        "semver": "7.5.4"
    },
    "optionalDependencies": {
-        "bcrypt": "5.1.1"
+        "@node-rs/bcrypt": "1.10.4"
    },
    "engines": {
        "node": ">=18.5"
--- a/packages/node_modules/node-red/red.js
+++ b/packages/node_modules/node-red/red.js
@ -38,7 +38,7 @@ var https = require('https');
 var util = require("util");
 var express = require("express");
 var crypto = require("crypto");
-try { bcrypt = require('bcrypt'); }
+try { bcrypt = require('@node-rs/bcrypt'); }
 catch(e) { bcrypt = require('bcryptjs'); }
 var nopt = require("nopt");
 var path = require("path");
--- a/scripts/verify-package-dependencies.js
+++ b/scripts/verify-package-dependencies.js
@ -5,7 +5,6 @@ const fs = require("fs-extra");
 const should = require("should");

 const rootPackage = require(path.join("..","package.json"));
-const rootDependencies = rootPackage.dependencies;
 const packages = [
    "node-red",
    "@node-red/editor-api",
@ -18,21 +17,23 @@ const packages = [

 const fixFlag = process.argv[2] === '--fix';

-function verifyDependencies() {
+async function verifyDependencies(depType = 'dependencies') {
+    const rootDependencies = rootPackage[depType];
+
    let failures = [];
    let packageUpdates = {};
    packages.forEach(package => {
        let modulePackage = require(path.join("../packages/node_modules",package,"package.json"));
-        let dependencies = Object.keys(modulePackage.dependencies||{});
+        let dependencies = Object.keys(modulePackage[depType]||{});
        dependencies.forEach(module => {
            try {
                if (!/^@node-red\//.test(module)) {
-                    should.exist(rootDependencies[module],`[${package}] '${module}' missing from root package.json`);
+                    should.exist(rootDependencies[module],`[${package}] '${module}' missing from root package.json ${depType}`);
                    try {
-                        rootDependencies[module].should.eql(modulePackage.dependencies[module],`[${package}] '${module}' version mismatch. Expected '${modulePackage.dependencies[module]}' (got '${rootDependencies[module]}') `);
+                        rootDependencies[module].should.eql(modulePackage[depType][module],`[${package}] '${module}' version mismatch. Expected '${modulePackage.dependencies[module]}' (got '${rootDependencies[module]}') in ${depType} `);
                    } catch(err) {
                        if (fixFlag) {
-                            modulePackage.dependencies[module] = rootDependencies[module];
+                            modulePackage[depType][module] = rootDependencies[module];
                            packageUpdates[package] = modulePackage;
                        } else {
                            failures.push(err.toString());
@ -56,12 +57,17 @@ function verifyDependencies() {
            process.exit(1);
        })
    } else {
-        return Promise.resolve(failures);
+        return failures;
    }
 }

 if (require.main === module) {
-    verifyDependencies().then(failures => {
+    let failures = []
+    verifyDependencies('dependencies').then(depFailures => {
+        failures = failures.concat(depFailures)
+        return verifyDependencies('optionalDependencies')
+    }).then(optDepFailures => {
+        failures = failures.concat(optDepFailures)
        if (failures.length > 0) {
            failures.forEach(f => console.log(` - ${f}`));
            console.log("Run with --fix option to fix up versions")