From 348b1fffc34b7b5216166c93dc2c9371775d950f Mon Sep 17 00:00:00 2001
From: valadaptive <valadaptive@protonmail.com>
Date: Tue, 30 Sep 2025 12:34:36 -0400
Subject: [PATCH 1/6] Generate UID without randombytes dependency

---
 index.js          | 17 ++++++++++++++---
 package-lock.json | 16 ----------------
 package.json      |  3 ---
 3 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/index.js b/index.js
index 156f8f9..52e4d2c 100644
--- a/index.js
+++ b/index.js
@@ -6,8 +6,6 @@ See the accompanying LICENSE file for terms.
 
 'use strict';
 
-var randomBytes = require('randombytes');
-
 // Generate an internal UID to make the regexp pattern harder to guess.
 var UID_LENGTH          = 16;
 var UID                 = generateUID();
@@ -35,7 +33,20 @@ function escapeUnsafeChars(unsafeChar) {
 }
 
 function generateUID() {
-    var bytes = randomBytes(UID_LENGTH);
+    var bytes;
+    if (typeof crypto !== 'undefined' && typeof crypto.getRandomValues === 'function') {
+        bytes = crypto.getRandomValues(new Uint8Array(UID_LENGTH));
+    } else {
+        try {
+            var nodeCrypto = require('crypto');
+            bytes = nodeCrypto.randomBytes(UID_LENGTH);
+        } catch {
+            // We'll throw an error later
+        }
+    }
+    if (!bytes) {
+        throw new Error('Secure random number generation is not supported by this platform.');
+    }
     var result = '';
     for(var i=0; i<UID_LENGTH; ++i) {
         result += bytes[i].toString(16);
diff --git a/package-lock.json b/package-lock.json
index f10fa05..d89242d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,9 +8,6 @@
       "name": "serialize-javascript",
       "version": "6.0.2",
       "license": "BSD-3-Clause",
-      "dependencies": {
-        "randombytes": "^2.1.0"
-      },
       "devDependencies": {
         "benchmark": "^2.1.4"
       }
@@ -36,19 +33,6 @@
       "resolved": "https://registry.npmjs.org/platform/-/platform-1.3.5.tgz",
       "integrity": "sha512-TuvHS8AOIZNAlE77WUDiR4rySV/VMptyMfcfeoMgs4P8apaZM3JrnbzBiixKUv+XR6i+BXrQh8WAnjaSPFO65Q==",
       "dev": true
-    },
-    "node_modules/randombytes": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
-      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
-      "dependencies": {
-        "safe-buffer": "^5.1.0"
-      }
-    },
-    "node_modules/safe-buffer": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
     }
   }
 }
diff --git a/package.json b/package.json
index 1b66f37..7f3b13e 100644
--- a/package.json
+++ b/package.json
@@ -26,8 +26,5 @@
   "homepage": "https://github.com/yahoo/serialize-javascript",
   "devDependencies": {
     "benchmark": "^2.1.4"
-  },
-  "dependencies": {
-    "randombytes": "^2.1.0"
   }
 }

From 522d887af43324200b6824c949216c9989a6e4bd Mon Sep 17 00:00:00 2001
From: valadaptive <valadaptive@protonmail.com>
Date: Tue, 30 Sep 2025 23:47:19 -0400
Subject: [PATCH 2/6] Use web crypto global and add Node >=20 to engines

---
 index.js     | 15 +--------------
 package.json |  3 +++
 2 files changed, 4 insertions(+), 14 deletions(-)

diff --git a/index.js b/index.js
index 52e4d2c..e8022a3 100644
--- a/index.js
+++ b/index.js
@@ -33,20 +33,7 @@ function escapeUnsafeChars(unsafeChar) {
 }
 
 function generateUID() {
-    var bytes;
-    if (typeof crypto !== 'undefined' && typeof crypto.getRandomValues === 'function') {
-        bytes = crypto.getRandomValues(new Uint8Array(UID_LENGTH));
-    } else {
-        try {
-            var nodeCrypto = require('crypto');
-            bytes = nodeCrypto.randomBytes(UID_LENGTH);
-        } catch {
-            // We'll throw an error later
-        }
-    }
-    if (!bytes) {
-        throw new Error('Secure random number generation is not supported by this platform.');
-    }
+    var bytes = crypto.getRandomValues(new Uint8Array(UID_LENGTH));
     var result = '';
     for(var i=0; i<UID_LENGTH; ++i) {
         result += bytes[i].toString(16);
diff --git a/package.json b/package.json
index 7f3b13e..adb49d2 100644
--- a/package.json
+++ b/package.json
@@ -26,5 +26,8 @@
   "homepage": "https://github.com/yahoo/serialize-javascript",
   "devDependencies": {
     "benchmark": "^2.1.4"
+  },
+  "engines": {
+    "node": ">=20.0.0"
   }
 }

From eb3db8c97cb64920e1c89da659520f5f15ed74dc Mon Sep 17 00:00:00 2001
From: valadaptive <valadaptive@protonmail.com>
Date: Wed, 1 Oct 2025 14:45:17 -0400
Subject: [PATCH 3/6] Remove Node 18 from test matrix

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index cff63f9..c484a61 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [18.x, 20.x, 22.x]
+        node-version: [20.x, 22.x]
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}

From a2a697c4deda22700093a85ecce7647dd5df4519 Mon Sep 17 00:00:00 2001
From: valadaptive <valadaptive@protonmail.com>
Date: Wed, 1 Oct 2025 21:15:12 -0400
Subject: [PATCH 4/6] Add Node 24 to the matrix

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index c484a61..0e548db 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [20.x, 22.x]
+        node-version: [20.x, 22.x, 24.x]
     steps:
       - uses: actions/checkout@v3
       - name: Use Node.js ${{ matrix.node-version }}

From df7a152d88774a6ebed73087864b92414737107d Mon Sep 17 00:00:00 2001
From: valadaptive <valadaptive@protonmail.com>
Date: Fri, 3 Oct 2025 16:44:53 -0400
Subject: [PATCH 5/6] Apparently `engines` is also in package-lock

---
 package-lock.json | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index d89242d..e8ddd4d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,6 +10,9 @@
       "license": "BSD-3-Clause",
       "devDependencies": {
         "benchmark": "^2.1.4"
+      },
+      "engines": {
+        "node": ">=20.0.0"
       }
     },
     "node_modules/benchmark": {

From 082d08554668326c60a8adc52afc86c4f6b98791 Mon Sep 17 00:00:00 2001
From: valadaptive <valadaptive@protonmail.com>
Date: Fri, 3 Oct 2025 17:04:06 -0400
Subject: [PATCH 6/6] Don't monkeypatch crypto.randomBytes in tests

As far as I can tell, this... never did anything? My guess is that
`crypto.randomBytes = oldRandom;`
was supposed to come *after* we require()'d `serialize`, but it just
didn't, so it ended up doing nothing.
---
 test/unit/serialize.js | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/test/unit/serialize.js b/test/unit/serialize.js
index 4d73b3c..62c0eee 100644
--- a/test/unit/serialize.js
+++ b/test/unit/serialize.js
@@ -3,20 +3,6 @@ const { deepStrictEqual, strictEqual, throws } = require('node:assert');
 
 var serialize = require('../../');
 
-// temporarily monkeypatch `crypto.randomBytes` so we'll have a
-// predictable UID for our tests
-var crypto = require('crypto');
-var oldRandom = crypto.randomBytes;
-crypto.randomBytes = function(len, cb) {
-    var buf = Buffer.alloc(len);
-    buf.fill(0x00);
-    if (cb)
-        cb(null, buf);
-    return buf;
-};
-
-crypto.randomBytes = oldRandom;
-
 describe('serialize( obj )', function () {
     it('should be a function', function () {
         strictEqual(typeof serialize, 'function');