We added an optionalDependency on saslprep to satisfy NODE-1303. saslprep is a huge library, and can add a full second to the mongodb package load-time. We originally made the decision to incur this cost at initial load: our users frequently consume our library server-side when starting up an http server, where initial load is much less important than the performance of the auth functions. However, this is causing a major impact to some testing frameworks, as seen in https://github.com/mongodb-js/mongodb-core/pull/355.

This issue is to discuss the possible solutions going forward

Option 1: Change Nothing

• Will still incur large initial load
• Will not inhibit execution of auth function

Option 2: Load saslprep upon first execution of SCRAM-SHA-256 auth

• Avoids incurring cost if SCRAM-SHA-256 is not used
• Adds enormous cost to first execution of SCRAM-SHA-256 auth

Option 3: Switch saslprep to peerOptionalDependency

• Will not inhibit execution of auth function
• Users concerned with performance can choose not to install saslprep, avoiding high load cost
• Users will not get saslprep for free anymore, will have to explicitly opt in. This will likely be a breaking change