node-argon2 icon indicating copy to clipboard operation
node-argon2 copied to clipboard
verified publisher icon ranisalt

Argan 0.28.x crashes on hash function call

Open molaeiali opened this issue 3 years ago • 6 comments

Before creating an issue, please be sure to:

  • [x] Checkout to the latest version, including submodules
  • [x] Try to find an isolated way to reproduce the behavior
  • [x] Fill in all the blanks in the most specific way you can

Steps to reproduce

  1. argon2.hash(password); Will crash consistently with any version greater than 0.27.2
  2. No error logs
  3. Maybe related: https://stackoverflow.com/a/71267996

Expected behaviour

Get hashed password?

Actual behaviour

Crash

Environment

Operating system: Arch Linux - Docker: 20.10.17 - image: node:16.15.1-alpine3.16

Node version: 16.15.1

Compiler version: gcc (Alpine 11.2.1_git20220219) 11.2.1 20220219

molaeiali avatar Jul 24 '22 16:07 molaeiali

Very likely a duplicate of #302

Try building from source (npm_config_build_from_source=true npm install) to see if it helps

ranisalt avatar Jul 24 '22 21:07 ranisalt

I found the problem, I was mapping my node_modules folder into my docker container in docker-compose.dev.yml so I don't have to run docker-compose build on every npm install

Looks like installing argon2 on an x86_64 system will have different results than installing it on alpine (binaries are different!)

This doesn't happen on versions 0.27.2 or before.

Is it downloading binaries based on the architecture you are on when installing? why this binary difference is not happening in 0.27.2?

molaeiali avatar Jul 25 '22 10:07 molaeiali

Is it downloading binaries based on the architecture you are on when installing?

Yes

why this binary difference is not happening in 0.27.2?

On 0.27.3, we upgraded node-gyp to v8. The major update to Alpine builds after that was #296. Can you check that 0.27.3 also does not work? So we can define that it was the first problematic version and build from there.

ranisalt avatar Jul 25 '22 14:07 ranisalt

Sorry, I'm late, but there is no 0.27.3 version https://www.npmjs.com/package/argon2?activeTab=versions

npm ERR! code ETARGET
npm ERR! notarget No matching version found for argon2@^0.27.3.
npm ERR! notarget In most cases you or one of your dependencies are requesting
npm ERR! notarget a package version that doesn't exist.

molaeiali avatar Jul 31 '22 11:07 molaeiali

It begins at 0.28.0 for me

molaeiali avatar Jul 31 '22 11:07 molaeiali

That's right, v0.27.3 failed to publish. That helps a lot, I'll try to find a commit between v0.27.2 and v0.28.0 that might be causing issues.

ranisalt avatar Jul 31 '22 17:07 ranisalt

Closing as duplicate of #302

ranisalt avatar Sep 19 '22 13:09 ranisalt