0

For a Node.js app, in order to use the node-argon2 package, the node-gyp package must be globally installed on the system first as well as a c/c++ compiler to build the Argon2 source. (I'm using Windows, but the production target instance is probably an Ubuntu instance) After which, the Argon2 hashing can be used.

When deploying to a platform like Google Cloud Platform, how would I fulfill this requirement? Do I need to create a script that runs the following commands,

npm i -g node-gyp
npm i node-argon2

or do I manage globally installed NPM packages somewhere else in this case?

Then, there is the matter of needing to compile it before being able to use it. Does this happen every time the app is deployed or just the first time?

slanden
  • 1,199
  • 2
  • 15
  • 35

1 Answers1

1

First, when you are deploying on a cloud service like Google Cloud Platform, your app is likely to be deployed on a different machine every time.

There is a difference between the two commands:

npm i -g node-gyp
npm i node-argon2

npm i node-argon2

This one is installed in your app package. Usually you have a package.json file which specifies these dependencies. So every time you deploy, the command npm i will install all packages specified in package.json file. This works the same as other packages like express, etc. You can use CI/CD (continuous integration and deployment) to simplify this. 

 npm i -g node-gyp

This one is install globally on the machine where your app is deployed. Again, it is necessary to make sure you run this script every time your deploy. You can either add this in your deployment script, or specify it in the docker file.

The app I worked on is deployed on Google Cloud Platform, and we recently switched to use the node-argon2 library for hashing. We use docker for deployment, so in docker file we run couple commands including apt-get update apt-get install build-essential these two commands make sure the latest C++ command is installed and node-gyp is installed. Depending on which type of server you app is deployed, you might need different commands. The general idea is the same, you need to run them every time and it is best to integrate this into your CI/CD pipeline.

wanderingPanda
  • 33
  • 6