"you are using a pure-JavaScript implementation of bcrypt" warning in production

[jancurn]

Hi there, after I upgraded our app to Meteor 1.4.1.1, I received the "you are using a pure-JavaScript implementation of bcrypt" warning in my development environment. As advised, I ran

meteor npm install --save bcrypt

in the root directory of the application and indeed, the warning disappeared. However, when we build and deploy the app to production, the warning appears again. The development environment is on Mac OS X, the production runs Ubuntu 14.04 64-bit. Looking into

bundle/programs/server/npm/node_modules/bcrypt/build/Release

directory on the production server, it seems the bcrypt module was not rebuilt for Linux by the npm-rebuild.js script. Please can you help?

[laosb]

Did you do a meteor npm i before building your app?

[jancurn]

Yep, I'm running meteor npm install before every build. I tried deleting both node_modules and .meteor/local but it didn't help.

[MMrj9]

yep, me too, on windows (dev)

[benjamn]

Original pull request for reference: #7595

[benjamn]

What are the contents of bundle/programs/server/npm-rebuilds.json?

If you manually run npm rebuild in the bundle/programs/server/npm/ directory on Linux, do you get any different results?

[jancurn]

bundle/programs/server/npm-rebuilds.json contains:

[
  "npm/node_modules/meteor/meteorhacks_kadira-binary-deps",
  "npm"
]

and running npm rebuild in the bundle/programs/server/npm/ directory on Linux seems to remove the warning! I can add this command to our deployment script, although it would be great if it was working out of the box. Many thanks!

[benjamn]

I wonder if there's an error running npm rebuild in npm/node_modules/meteor/meteorhacks_kadira-binary-deps that prevents the npm-rebuild.js script from getting to the npm directory…

[jancurn]

I tried to remove all meteorhacks packages and still the same result.

In our deployment script I'm running npm install in the ./bundle/programs/server directory, which outputs:

npm WARN package.json meteor-dev-bundle@0.0.0 No description
npm WARN package.json meteor-dev-bundle@0.0.0 No repository field.
npm WARN package.json meteor-dev-bundle@0.0.0 No README data
npm WARN package.json meteor-dev-bundle@0.0.0 No license field.

> fibers@1.0.13 install /home/apifier-web/bundle/programs/server/node_modules/fibers
> node build.js || nodejs build.js

`linux-x64-v8-4.5` exists; testing
Binary is fine; exiting
npm WARN cannot run in wd meteor-dev-bundle@0.0.0 node npm-rebuild.js (wd=/home/apifier-web/bundle/programs/server)
amdefine@1.0.0 node_modules/amdefine

underscore@1.5.2 node_modules/underscore

meteor-promise@0.7.2 node_modules/meteor-promise

asap@2.0.4 node_modules/asap

semver@4.1.0 node_modules/semver

eachline@2.3.3 node_modules/eachline
└── type-of@2.0.1

source-map-support@0.3.2 node_modules/source-map-support

chalk@0.5.1 node_modules/chalk
├── ansi-styles@1.1.0
├── escape-string-regexp@1.0.5
├── supports-color@0.2.0
├── strip-ansi@0.3.0 (ansi-regex@0.2.1)
└── has-ansi@0.1.0 (ansi-regex@0.2.1)

source-map@0.1.32 node_modules/source-map

promise@7.1.1 node_modules/promise

fibers@1.0.13 node_modules/fibers

Apparently, none of the binary NPM packages referenced from my main web app's package.json are rebuilt, including bcrypt, bson-ext, bufferutil, utf-8-validate, ...

[jancurn]

Oh, I just realized the problem is that I was running npm install with sudo. When I rewrote my deployment script to run the command as a normal user, all binary NPM dependencies seem to rebuild well and the warning is gone. Sorry for wasting your time with a problem in my script, and thanks a million for your help!

[laosb]

Thank you for your clarification! Closing.

[sotarules]

Friends, I just ran into this same problem and I also was able to "resolve" the problem by not running npm install as sudo. Can some generous soul explain why this matters? I just want to make sure I understand this, because I'm about to go to several systems and change it so that the install script doesn't use sudo.

[benjamn]

@sotarules When you run npm as root, npm itself (sometimes?) refuses to create files in directories that aren't owned by root, even though it could (because root can do anything). The reason for this behavior is that the authors of npm didn't want to create files that can't be read by the owner of the directory.

You can let npm know that creating files as root is allowed by running sudo npm --unsafe-perm install, but I would definitely recommend changing your scripts to avoid sudo npm ... commands.

[erperejildo]

I'm facing the same issue with meteor npm install --save bcrypt

[erperejildo]

Still having the same issue after a while. Someone could help me?

[abernix]

@erperejildo Is your production server capable of compiling binary dependencies (like bcrypt), per these requirements? If not, it may be falling back to the JavaScript implementation! You should examine the output of your npm install on the server.

[erperejildo]

Thanks for the response @abernix.

That's estrange because the only thing I did was move my app from DigitalOcean to Vultr and both servers had the same configuration. The only difference is just the Ubuntu version: the first one was 16.04 and the new one 17.04.

I run npm install when I deployed my app on the programs/server folder but didn't have any problem.

However, I just installed Phyton 2.7 following these steps: https://askubuntu.com/questions/101591/how-do-i-install-the-latest-python-2-7-x-or-3-x-on-ubuntu
Also installed GCC following these other ones:
https://www.quora.com/How-do-I-install-GCC-4-9-0-in-Ubuntu-14-04-LTS-to-compile-C++

After deploy my app again still having same issue.

[erperejildo]

I also get this error which I think it might be related:

/home/recipic/apps/recipic/bundle/programs/server/npm/node_modules/meteor/cfs_gridfs/node_modules/mongodb/node_modules/bson/ext/index.js:15:10

---

 WARNING:
**cfs**:graphicsmagick could not find "graphicsMagic" or "imageMagic" on the system.

[pradeepcheekatla]

Simply uninstall the package and resinstall.

meteor npm uninstall bcrypt
meteor npm install bcrypt

if your bcrypt version is > 2.0.0 . You will never see this message again.

[pradeepcheekatla]

Hi there, after I upgraded our app to Meteor 1.4.1.1, I received the "you are using a pure-JavaScript implementation of bcrypt" warning in my development environment. As advised, I ran

meteor npm install --save bcrypt

in the root directory of the application and indeed, the warning disappeared. However, when we build and deploy the app to production, the warning appears again. The development environment is on Mac OS X, the production runs Ubuntu 14.04 64-bit. Looking into

bundle/programs/server/npm/node_modules/bcrypt/build/Release

directory on the production server, it seems the bcrypt module was not rebuilt for Linux by the npm-rebuild.js script. Please can you help?