Files
nick-doc/Issues/ISSUE-104-backend-bcrypt-native-addon-alongside-used-bcryptjs.md
Siavash Sameni dceaf82934 audit: 2026-05-30 full-codebase audit — report, issues, docs, runbooks
Full-codebase-audit 2026-05-30 outputs:
- Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md
- 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer).
- Scanner docs from scratch (was zero): architecture, data model, API ref, payment
  flow, operations runbook + repo README.
- Doc-sync updates across API reference, data models, flows, design system.
- Secret Rotation Runbook (08 - Operations) for the exposed credentials.
- Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js.

Issues remain status:open intentionally — the code fixes are uncommitted-then-committed
working-tree changes per repo and aren't "resolved" until merged/deployed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-05-30 18:48:04 +04:00

1.2 KiB

issue, title, severity, domain, labels, status, created, source
issue title severity domain labels status created source
104 Backend: native bcrypt addon present alongside bcryptjs — unnecessary build toolchain dependency medium Dependencies
backend
dependencies
cleanup
open 2026-05-30 Full Codebase Audit 2026-05-30

Backend: native bcrypt addon present alongside bcryptjs — unnecessary build toolchain dependency

Severity: medium Domain: Dependencies Labels: backend, dependencies, cleanup

Description

backend/package.json:67 includes bcrypt (native C++ addon, requires build toolchain) alongside bcryptjs (pure JS). Code uses bcryptjs. The native addon adds unnecessary native build complexity and is an unused dependency.

Options

  1. Remove bcrypt (keep bcryptjs) after confirming no imports and no migration need.
  2. Standardize on native bcrypt instead (faster) and migrate hashes-compatible.
  3. Leave both.

Recommendation

Confirm bcryptjs is the sole hasher and remove native bcrypt to drop the build toolchain requirement. Hashing libs are sensitive — verify before removing.

Affected Files

  • backend/package.json:67

References