Warnings on require

[asymmetric]

I'm using ethers.js in a node CLI tool, and I can't seem to disable warnings that are produced on load:

❯ result/bin/seth abi "execute(bytes)"
WARNING: Missing strong random number source; using weak randomBytes
Warning: XMLHttpRequest is not defined
{ constant: false,
  gas: null,
  inputs: [ { type: 'bytes', name: '' } ],
  name: 'execute',
  outputs: [],
  payable: false,
  stateMutability: null,
  type: 'function' }

The code is here.

The options mentioned here don't work, because I think the warnings are produced on require, so before ethers.errors.setLogLevel("off") could take effect.

Is there a way to completely disable these warnings?

[ricmoo]

What version of node are you using? How are you importing the ethers library?

That indicates that the environment is missing a strong random number generator, such as crypto.randomBytes.

It seems like your CLI may be importing the browser version.

[ricmoo]

Also note, that in v5, any calls (mainly Wallet.createRandom()) that require a reliable random number source will simply fail (with a warning) unless a proper shim for createBytes is provided.

This means that on those environments, if a random source is unnecessary, there will be no issue and no warning.

[asymmetric]

@ricmoo I'm using Node 8x, and I'm importing using require("./dist/ethers.min.js"), as shown here,

I realize I might indeed have been importing the browser version for a Node tool. Importing the version installed by npm i --save ethers fixed the issue.

Thanks!

[ricmoo]

That explains it. Yes, for node, const ethers = require(“ethers”) is what you should use. :)

[asymmetric]

For the record, I ended up force-silencing the warnings with a console.log = () => {} right before the require("./dist/ethers.min.js"). This allows me to only deploy a single file, rather than the whole 7MBs of node_modules.

It's a hack, but it works for us :)

[ricmoo]

Eek. That feels... Not clean. :p

I think you should be able to use require("ethers") without causing any size increase (other than functionality that is actually required anyways).

But if you really want this, a slightly less worse option may be to use global.randomBytes = require("crypto").randomBytes?

[asymmetric]

I think you should be able to use require("ethers") without causing any size increase (other than functionality that is actually required anyways).

Don't I need to do npm i ethers to be able to do require("ethers")? If so, that pulls in around 7MB of dependencies, which is what we avoid by only copying the minified JS and the license.

But if you really want this, a slightly less worse option may be to use global.randomBytes = require("crypto").randomBytes?

That doesn't seem to silence the warnings:

#!/usr/bin/env node

global.randomBytes = require("crypto").randomBytes
const ethers = require("./ethers.min.js");

const sig = process.argv[2];
if (!sig) {
  console.error("Usage: seth-abi <solidity-fragment>")
  process.exit(1);
}

try {
  console.log(JSON.stringify([ethers.utils.parseSignature(sig)]));
} catch (e) {
  console.error(`seth-abi: error: ${e.message}`);
  process.exit(1);
}

still produces:

❯ result/bin/seth abi "foo()"
WARNING: Missing strong random number source; using weak randomBytes
Warning: XMLHttpRequest is not defined
[{"constant":false,"gas":null,"inputs":[],"name":"foo","outputs":[],"payable":false,"stateMutability":null,"type":"function"}]

[billtlee]

@ricmoo I am building an app on expo with ethers and am getting this warning. According to expo, expo-random is preinstalled and should do the job. How do I get ethers to use expo-random?

[ricmoo]

Hmmm. Is it possible to set window.randomBytes = ... before the require for ethers? That way it will think the environment is providing the randomBytes function, but it’s actually coming from the expo-random?

[kamescg]

Would it be possible to use https://www.npmjs.com/package/randombytes or extend the random-bytes shiv to be included during the Webpack build.

Including ethers.js in a Webpack build and trying to shiv the packages crypto dependency is a blocker for the Browser.

[ricmoo]

That should already work, as I have a similar method as a browser shim.

When using webpack, make sure you enable the browser mainField in your config, something like mainFields: [ “browser”, “module”, “main” ], so that it knows to pull the browser versions in.

If you use v5, the module field should be enough, so you won’t need to adjust your webpack config if you are only using the umbrella package. :)

Let me know if this helps.

[kamescg]

Updating ethers@next solved the issue. Thank you.

[robin0f7]

in rollup.config.js

export default [
  {
    input: "deploycli.js",
    output: {
      inlineDynamicImports: true,
      name: pkg.name,
      file: pkg.deploycli,
      format: "es",
      banner: `
import * as xcrypto from 'crypto';
global.crypto = xcrypto;
`
    },
    plugins: [json(), nodeResolve(), commonjs()],
  },