tink-crypto
[JavaScript Library] Why Bezel?
I was looking at some of the code for the JavaScript library, and I noticed that we were using Bezel for the building/testing. Is there a reason for this, considering we have tools like Gulp that can produce the same functionality with just a npm install and npm run build? Also, would you merge a PR that integrates Gulp instead of Bezel?
The primary reason is because Tink depends on Protocol Buffers, which are the primary serialization format used for key material. Bazel is the only build system I'm aware of for which support exists for building Protocol Buffers in JavaScript using the official API provided by the upstream protobuf project. I'm aware of some unofficial protobuf libraries on npm, but as far as I know they all use different, incompatible APIs.
If you're aware of a better way to build protobufs in JavaScript with support for the official API, I'd be interested to know about it, since there's a lot that's not ideal about the current setup.
If the concern is just about having to install a separate tool, I think Bazel offers an npm package that allows Bazel to be managed from within npm, such that you can just npm install without having to install anything else out of band. I don't know when I'm likely to have time to integrate it myself (it wasn't a priority for the Tink core developers since we all need to have Bazel installed anyway in order to build Tink for other languages), but we'd probably accept a PR to do so.
(Also, we're actually using Yarn rather than npm to manage JS ecosystem dependencies, but the same principles apply.)
Yes, npm and Yarn both install packages from the npm registry, and tink-crypto is published there. That we use Yarn and Bazel internally is only relevant if you're contributing to Tink, not if you're just using it.
