Deprecate and replace uuid library with built-in JavaScript Crypto library
#1116
Labels
Comments
nelsonni
added
feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Entities stored in the Redux store are currently uniquely identified using the
uuidjs/uuidlibrary, but this dependency can be entirely removed in favor of the built-in JavaScriptCryptolibrary. Removing separate libraries in favor of built-ins reduces the package size, attack surface, and robustness of Synectic.Describe the solution you'd like
Replace all of the following:
uuid.v4()withcrypto.randomUUID()uuiddependency frompackage.jsonDescribe alternatives you've considered
Continuing to use the
uuidjs/uuidlibrary requires assuming that the library will remain well-maintained in the future, and any new vulnerabilities in UUID generation based on RFC4122 version 4 will be quickly fixed in this library. Switching to a built-in JavaScript library has a higher guarantee of future maintenance and timely updates.Additional context
Found via: https://www.youtube.com/shorts/cutfiIgyRao
The text was updated successfully, but these errors were encountered: