-
Notifications
You must be signed in to change notification settings - Fork 9
remove buffer-dep, replace with bufferFrom #445
Conversation
Looks GREAT! |
@@ -1,5 +1,4 @@ | |||
import { misc, codec } from "sjcl"; | |||
import { Buffer } from "buffer"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As weird as it looks, having this line in this file, though unused, was preventing a bug in the browser. This should be tested before we merge it in - I can do that by running the test-skapp tests when I have time.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With latest commits, I think this is fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't merge yet.
Another thing, can you please remove package-lock.json? |
When I try to webpack a skapp now I get this:
So it seems like it would require some more configuration on the part of the skapp author now... |
Ha, that's the exact error I was trying to run down, but for |
|
Ah okay -- yeah, I couldn't find an easy way to drop |
@dghelm I did some digging and the only dependency that uses safe-buffer is randombytes and we could replace it with https://github.com/consento-org/get-random-values-polypony (npm https://www.npmjs.com/package/get-random-values) - this should allow us to drop the crypto package too (I think) |
Good catch. |
Also, Also, Current output of
|
@m-cat updated upstream on our fork and seems like we're using buffer-from 1.1.2 now too so that should use the same version now https://github.com/SkynetLabs/tus-js-client/blob/master/package.json#L79 |
So afaik scjs is used only here: One method is pbkdf2 and we could use https://www.npmjs.com/package/pbkdf2 instead - it has sync alternative: pbkdf2.pbkdf2Sync('password', 'salt', 1, 32, 'sha512') Second method is codec.hex which looks like it's quite simple function that does not rely on crypto and maybe it could be copied over or replaced by something different: |
I reviewed that library last week, but afaik it still depends on
I'll give it a go and see what happens though. |
as far as I can tell, the browser build (browser.js entrypoint) does not require "crypto" package - the nodejs build (index.js entrypoint) does require it but that's fine, skynet-js should correctly pull the browser version for the browser build and nodejs version for the nodejs build (I guess it should) |
Now getting no errors or warnings on Create React App 5.0.1, which uses webpack 5. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I'm still getting this when I try to build a plain skapp (non-React) with Webpack:
ERROR in ./node_modules/skynet-js/node_modules/safe-buffer/index.js 3:13-30
Module not found: Error: Can't resolve 'buffer' in '/Users/marcin/Sync/Repos/github.com/m-cat/identity-test-skapp/node_modules/skynet-js/node_modules/safe-buffer'
BREAKING CHANGE: webpack < 5 used to include polyfills for node.js core modules by default.
This is no longer the case. Verify if you need this module and configure a polyfill for it.
If you want to include a polyfill, you need to:
- add a fallback 'resolve.fallback: { "buffer": require.resolve("buffer/") }'
- install 'buffer'
If you don't want to include a polyfill, you can use an empty module like this:
resolve.fallback: { "buffer": false }
And just to confirm -- you were also seeing this with webpack 5 and our current production version, right? If so, I think this is an improvement and we should identify the webpack configuration differences as a follow-up. |
@dghelm Yeah, I'm running "webpack": "^5.16.0", I think the situation is actually worse than before because I get errors now, whereas before I was only getting warners. Manually listing |
@dghelm @m-cat I added a commit that replaces pbkdf2 package with pbkdf2-hmac package here 2ba6606 Package pbkdf2-hmac uses native browser crypto function when running in browser and native node crypto package when running in node environment. Unfortunately, since browser native implementation is async, it means a breaking change in Implementation details: https://github.com/juanelas/pbkdf2-hmac/blob/master/src/ts/index.ts#L55-L79 |
Svelte is having trouble with randombytes when instantiating the skynet client. This is on Svelte version 3.48.0. |
I think this is off the table for right now -- if we planned to move forward with |
I think it's still pretty reasonable to bump the major to remove those deps, that's really going to help with package size and compatibility with webpack 5. I bet ether.js maintainers would be happy with that too. |
@kwypchlo I would be happy with that too, but we would need @DavidVorick to sign off on it. |
PULL REQUEST
Update
Changed dependencies:
Overview
I'm looking into other dependencies and found this...
In a recent PR @peterjan made to ethers-js, the lead dev mentioned
buffer
adding lots of overhead in browser builds. This made me wonder if we needed it, and I found bufferFrom, which removes the need for the much larger Buffer library.We already are using bufferFrom in tus-js-client dependency. So all we should be doing is dropping an unused dependency without actually adding an additional one.
Figured I'd submit the PR.
https://www.npmjs.com/package/buffer-from