several Node.js c++ modules are packaged using node-pre-gyp as
build tool. Upstream usually do so in order to download prebuilt binaries
if some have been made available, or fallback to building from source.
The debian package of node-pre-gyp is patched to *always*
build from source.
Downloading binaries from untrusted sources seemed bad enough
to me to not even let the user choose that option.
So debian packages like node-sqlite3 for example, can now safely
use "node-pre-gyp configure", "node-pre-gyp build" and don't need a
patch to be built.
I'm not sure it's worth reporting bugs to all concerned packages.