Generate UID without randombytes dependency #196
Conversation
|
Since I was planning to bump the major version anyway when removing By the way, is my understanding correct that this patch also resolves the browser support issue? |
|
I've updated the PR to use the
I haven't tested it in the browser, but it should. We're not accessing |
|
Got it. Let’s give it a try. Could you remove Node.js v18 from the GitHub Actions config? |
Whoops; just did that. Node 24 is out, should I add that to the test matrix? |
|
Yeah, please go ahead and add 24 as well 🙏 |
|
Added it; still needs approval to run but everything passes locally (as expected) |
|
Could you try running |
|
Huh, I didn't know the |
As far as I can tell, this... never did anything? My guess is that `crypto.randomBytes = oldRandom;` was supposed to come *after* we require()'d `serialize`, but it just didn't, so it ended up doing nothing.
|
Thanks! We’ve released v7.0.0, so please give it a try. Let us know if you run into any issues. |
I confirm that this contribution is made under the terms of the license found in the root directory of this repository's source tree and that I have the authority necessary to make this contribution on behalf of its copyright owner.
Resolves #134. Instead of taking an external dependency on
randombytes, which accessesglobal(doesn't work in the browser) and depends on aBufferpolyfill, we check first forcrypto.getRandomValuessupport and only import Node'scryptomodule if it's not found.If you're OK with dropping support for Node <19, the
cryptoglobal is available in newer versions of Node (it technically didn't stop being "experimental" until Node 23, but I don't get any annoyingExperimentalWarningmessages when trying to access it in older versions).An alternative option would be to add separate browser and Node entrypoints; this would avoid the dynamic
requirethat might(?) cause trouble for some bundlers. I have that code in a separate branch if you'd prefer it.