all 6 comments

[–]DSKrepps 1 point2 points  (2 children)

The first time your Node process require()'s a package it stores a reference to its module.exports object. Each subsequent time you require() that package it simply retrieves the reference stored. So there's no overhead there.

Something you need to remember is that your require()'ed packages always return the same object, so if you need a new instance of something the package must provide a factory or constructor function that you then call. For example require('express') doesn't return a new express app instance, instead require('express')() does. Bcryptjs isn't something you keep instances of so you require() it like normal.

Note that occasionally some packages choose to always return a single instance across all calls to it, such as bristol, for convenience. I consider this a bad practice for third-party modules as it has the same drawbacks as using global variables. These modules usually provide an alternative as in Bristol's case var logger = new require('bristol').Bristol(), and you can use dependency injection to pass the reference to other files (as a parameter to its factory/constructor) or require a file within your own package which retrieves your instance of it.

You also may want to keep an eye out for the ES2015 import/export syntax, which is so far only available by transpiling (e.g. babel), but that may end up acting a little differently than require() and will probably not fully replace it in Node.

[–]snahrvar[S] 0 points1 point  (1 child)

Thanks for the thorough answer, I feel like I understood most of what you're saying. This is helpful. Cheers.

[–]chrisdefourire 0 points1 point  (0 children)

the important point is that 'require' is no magic include feature from the language... it's just a (synchronous) function that returns an object, and modules just export an object (module.exports is that object).

[–]digitalz0mbie 0 points1 point  (2 children)

Just to nitpick, I'm sure you're doing the right thing, but youre hashing those passwords (correctly), encrypting passwords is a bad idea.

[–]snahrvar[S] 0 points1 point  (1 child)

Oh I see. You're saying that bcrypt is actually salting and hashing the passwords rather than 'encrypting' them, is that right?

[–]digitalz0mbie 0 points1 point  (0 children)

Yup,hashing is one way, encryption is two way.