solana-web3.js icon indicating copy to clipboard operation
solana-web3.js copied to clipboard
verified publisher icon solana-labs

Suggestion: drop node 16 (and the node-fetch and ed25519 polyfills)

Open mikemaccana opened this issue 2 years ago • 3 comments

Motivation

node 16 is already end of life. Current web3.js includes polyfills for fetch and for Ed25519 in global.crypto. Current supported versions of node have both fetch and (from SL on Twitter) Ed25519 support.

Details

Downsides:

  • Will hurt people using an already end of life version of node. They'll receive the following message on install:
npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: '@solana/[email protected]',
npm WARN EBADENGINE   required: { node: '>=18.0.0' },
npm WARN EBADENGINE   current: { node: 'v16.6.0', npm: '9.8.1' }
npm WARN EBADENGINE }

Upsides:

  • Avoid discussion of polyfills that may or may not be necessary for the users version of node
  • Reduce additional dependencies
  • Reduce work by users to remove unnecessary dependencies (I made just-use-native-fetch
  • Reduce support issues from users using an unsupported node, that probably have other issues

engines in the package.json can be used to specify minimum node versions.

  "engines": {
    "node": ">=18.0.0"
  },

mikemaccana avatar Oct 05 '23 17:10 mikemaccana

I'm a huge fan of making Node LTS+ the requirement, I added this in few packages but seem to have missed some others.

"engine": {
  "node": ">=17.4"
},

I don't know that there's much benefit at this point to churning everyone on the current web3.js. Might as well churn the API and the Node requirement all at once.

steveluscher avatar Oct 06 '23 06:10 steveluscher

What about browsers though?

On the latest Chrome this is an error:

await window.crypto.subtle.generateKey('Ed25519', false, ['sign'])
Uncaught DOMException: Failed to execute 'generateKey' on 'SubtleCrypto': Algorithm: Unrecognized name

Seems to be behind a feature flag on Chrome: https://chromestatus.com/feature/4913922408710144

Caniuse doesn't seem to have this nuance, but from a quick check Firefox also doesn't work, Safari does.

mcintyre94 avatar Oct 17 '23 15:10 mcintyre94

When you try to use generateKeyPair() in the new library, the error message tells you to install and import @solana/webcrypto-ed25519-polyfill.

https://github.com/solana-labs/solana-web3.js/blob/7adc22b1a57cff867d2f735301725dc6384c3e5e/packages/assertions/src/subtle-crypto.ts#L46-L56

steveluscher avatar Oct 17 '23 21:10 steveluscher

I've put up a PR that does this, but I don't think it's going to be particularly useful. The engines field doesn't prevent anyone from installing this library, even if they're running an older version of Node. I think it might produce a warning, but that's all.

Other than that, node-fetch is gone, gone, gone from 2.0.

steveluscher avatar Oct 21 '24 21:10 steveluscher

Because there has been no activity on this issue for 7 days since it was closed, it has been automatically locked. Please open a new issue if it requires a follow up.

github-actions[bot] avatar Oct 30 '24 08:10 github-actions[bot]