Consider bumping the version of dependency scrypt.js from 0.2.0 to 0.3.0

[Kaisle]

Expected behavior

The now deprecated node-scrypt should be an optional dependency.

Actual behavior

web3-eth-accounts depends on scrypt.js which has recently released a new version.

This version allows the users to optionally exclude the package node-scrypt

node-scrypt is treated as an optional dependency and users specifying --no-optional will install the JS-version of scrypt, scryptsy, only.

This is important because node-scrypt relies on node-gyp bindings and is problematic to install on some systems.

By bumping scrypt.js to 0.3.0 we will also be making node-scrypt optional.

Users not specifying --no-optional on installation will not be affected by this change.

Steps to reproduce the behavior

1. npm install --save web3@1.0.0-beta.46
2. it installs scrypt.js 0.2.0

Versions

web3.js 1.0

On a side note, node-scrypt is considered deprecated by the author since Node now has a standard library for scrypt.

It would be awesome if we could move to this long-term.

[nivida]

Thanks for submitting this issue. Could you update this issue to be align with the issue template?

[Kaisle]

No problem. I have updated the template.

[Ugarz]

Hi there,

Context
I'm facing a problem with one of my side-project.
I really want to put a step on blockchain development, and I'm trying to build my first front fetching accounts from blockchain. I went to Spectrum chat to see if it was a Nextjs related issue, someone in comments found that the scrypt module were required by a web3 dependency called ethers (cf: ethers npm package).

I am following a step by step introduction from this video (made by Gregory) where he is using the 1.0.0-beta.46. I'm currently using the 1.0.0-beta.48, but I still get the error :

Module not found: Can't resolve './build/Release/scrypt' in '/tmp/13f82355/node_modules/scrypt'

Here my questions

• Can I now use correctly web3 without my scrypt error with a specific release of web3 ?
• Does using crypto.scrypt module (cf: Node Crypto Scrypt Module) would solve this as @Kaisle suggests it ?

[levino]

Sorry. After reading this three times I still do not understand the issue. For me this works fine. Can you maybe provide a Dockerfile which shows how to reproduce the issue?

[levino]

Until then I would say that this is a non-important issue and should be dropped from the 1.0 Milestone.

[tcurdt]

I just got here from #2770. The install of node-scrypt is currently a blocker for me. Given that node-scrypt is deprecated it feels pointless to spend more time on trying to fix this. So it seems the upgrade to 0.3.0 would big be a big help - at least for me.

[tcurdt]

Using npm shrinkwrap and then install with --no-optional confirmed to solve my install problem. So a big please to bump the version ASAP.

[chrisveness]

On the deprecated node-scrypt module, if you are using scrypt.hash, it is now available natively in the Node.js crypto module.

If you are using scrypt.kdf / scrypt.verifyKdf, then scrypt-kdf is a close-to-direct replacement.

[levino]

Is this going to be published any time soon?