#Add secure-password as optional peerDependency

Could we add secure-password as a peerDependency with peerDependenciesMeta -> optional: true?

It causes an issue in our CI server due to sodium-native which requires us to do a patch package, but it's a bit annoying as we do not even use secure-password in our code. Blitz-auth just seems to require it.

Yeah I agree with this, I also faced the sodium native error (node gyp no pre built binary error) recently.
We could either make it a peerDep like you are mentioning.
Or make it a devDependency and add it as an external. So we can install it, if we are gonna use it. Would this be okay?

Also, just for my curiosity what library do you use for password hashing?

Yup, that exact error indeed. Either solution would be fine for me, so long as it doesn't get auto-installed anymore.

And we do not use a library for password hashing at the moment, we come from a legacy Symfony application and need backwards compatability with that for now so we just rebuild what Symfony does in their hashing until we've completely rewritten our stuff

Yeah okay, so I will make a PR for that in some time.

Appreciate it!

@still surge can we do the same like node-gyp where it tries to install but if it fails it's optional and doesn't fail npm install?

Do you mean like a dynamic import of secure password in blitz auth?
I don't think the above error will fail the npm install, in my experience it fails during the initial nextjs compilation. In my case I cannot even manually build it using node gyp due to the necessity of other build tools for windows

in my experience it fails during the initial nextjs compilation
oh then disregard my comment.

we can make it optional peer dependency