--- issue: 104 title: "Backend: native bcrypt addon present alongside bcryptjs — unnecessary build toolchain dependency" severity: medium domain: Dependencies labels: [backend, dependencies, cleanup] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Backend: native bcrypt addon present alongside bcryptjs — unnecessary build toolchain dependency **Severity:** medium **Domain:** Dependencies **Labels:** backend, dependencies, cleanup ## Description `backend/package.json:67` includes `bcrypt` (native C++ addon, requires build toolchain) alongside `bcryptjs` (pure JS). Code uses `bcryptjs`. The native addon adds unnecessary native build complexity and is an unused dependency. ## Options 1. Remove `bcrypt` (keep `bcryptjs`) after confirming no imports and no migration need. 2. Standardize on native `bcrypt` instead (faster) and migrate hashes-compatible. 3. Leave both. ## Recommendation Confirm `bcryptjs` is the sole hasher and remove native `bcrypt` to drop the build toolchain requirement. Hashing libs are sensitive — verify before removing. ## Affected Files - `backend/package.json:67` ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-53