WebOfTrust
libsodium dependency causes excessive bundle size
See result of esbuild --analyze:
$ npx esbuild src/index.ts --bundle --analyze --outdir=tmp
tmp/index.js 2.1mb 100.0%
├ node_modules/libsodium-sumo/dist/modules-sumo/libsodium-sumo.js 1.3mb 61.3%
├ node_modules/libsodium-wrappers-sumo/dist/modules-sumo/libsodium-wrappers.js 127.7kb 5.8%
├ node_modules/decimal.js/decimal.mjs 65.4kb 3.0%
├ node_modules/buffer/index.js 58.9kb 2.7%
├ node_modules/typed-function/lib/umd/typed-function.js 47.5kb 2.2%
├ node_modules/@noble/curves/esm/abstract/weierstrass.js 30.4kb 1.4%
├ node_modules/complex.js/complex.js 30.2kb 1.4%
├ node_modules/mathjs/lib/esm/type/matrix/SparseMatrix.js 26.8kb 1.2%
├ src/keri/core/manager.ts 26.4kb 1.2%
├ node_modules/mathjs/lib/esm/core/function/typed.js 25.2kb 1.2%
├ node_modules/fraction.js/fraction.js 19.9kb 0.9%
├ src/keri/core/matter.ts 16.2kb 0.7%
├ node_modules/mathjs/lib/esm/type/matrix/DenseMatrix.js 15.7kb 0.7%
├ src/keri/core/keeping.ts 15.4kb 0.7%
├ src/keri/app/credentialing.ts 15.2kb 0.7%
├ src/keri/core/indexer.ts 14.2kb 0.7%
├ src/keri/core/eventing.ts 12.0kb 0.5%
├ src/keri/app/aiding.ts 11.3kb 0.5%
├ src/keri/app/clienting.ts 11.2kb 0.5%
├ node_modules/structured-headers/dist/parser.js 10.7kb 0.5%
├ node_modules/mathjs/lib/esm/utils/number.js 9.9kb 0.5%
├ node_modules/mathjs/lib/esm/utils/array.js 9.1kb 0.4%
├ node_modules/@noble/curves/esm/abstract/utils.js 8.4kb 0.4%
├ src/keri/app/controller.ts 8.4kb 0.4%
├ node_modules/@noble/curves/esm/abstract/modular.js 8.1kb 0.4%
├ node_modules/@noble/curves/esm/abstract/curve.js 7.6kb 0.3%
├ node_modules/@noble/hashes/esm/blake3.js 7.3kb 0.3%
├ src/keri/core/counter.ts 7.2kb 0.3%
├ src/keri/app/coring.ts 6.4kb 0.3%
├ node_modules/mathjs/lib/esm/type/matrix/utils/matrixAlgorithmSuite.js 5.4kb 0.2%
├ src/keri/core/prefixer.ts 5.3kb 0.2%
├ src/keri/core/core.ts 5.0kb 0.2%
├ node_modules/structured-headers/dist/serializer.js 4.9kb 0.2%
├ src/keri/app/contacting.ts 4.8kb 0.2%
├ src/keri/core/tholder.ts 4.8kb 0.2%
├ src/exports.ts 4.6kb 0.2%
├ src/keri/core/salter.ts 4.6kb 0.2%
├ node_modules/mathjs/lib/esm/utils/is.js 4.6kb 0.2%
├ src/keri/end/ending.ts 4.1kb 0.2%
├ src/keri/core/httping.ts 4.0kb 0.2%
├ src/keri/app/exchanging.ts 3.9kb 0.2%
├ node_modules/base64-js/index.js 3.8kb 0.2%
├ src/keri/core/saider.ts 3.8kb 0.2%
├ node_modules/mathjs/lib/esm/utils/bignumber/formatter.js 3.6kb 0.2%
├ src/keri/core/utils.ts 3.5kb 0.2%
├ node_modules/mathjs/lib/esm/type/complex/Complex.js 3.4kb 0.2%
├ node_modules/@noble/hashes/esm/sha256.js 3.3kb 0.2%
├ node_modules/@noble/hashes/esm/_md.js 3.2kb 0.1%
├ node_modules/@noble/hashes/esm/_blake.js 3.2kb 0.1%
├ src/keri/app/habery.ts 3.2kb 0.1%
├ node_modules/mathjs/lib/esm/plain/number/arithmetic.js 3.1kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/utils/matAlgo04xSidSid.js 3.0kb 0.1%
├ src/keri/core/authing.ts 3.0kb 0.1%
├ src/keri/core/serder.ts 2.9kb 0.1%
├ node_modules/mathjs/lib/esm/type/number.js 2.9kb 0.1%
├ node_modules/ieee754/index.js 2.6kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/Matrix.js 2.5kb 0.1%
├ node_modules/@noble/hashes/esm/utils.js 2.5kb 0.1%
├ src/keri/core/signer.ts 2.4kb 0.1%
├ node_modules/mathjs/lib/esm/utils/string.js 2.4kb 0.1%
├ src/keri/app/grouping.ts 2.2kb 0.1%
├ src/keri/core/decrypter.ts 2.2kb 0.1%
├ node_modules/mathjs/lib/esm/utils/object.js 2.2kb 0.1%
├ node_modules/@noble/hashes/esm/blake2s.js 2.1kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/utils/matAlgo01xDSid.js 2.1kb 0.1%
├ node_modules/@noble/hashes/esm/hmac.js 1.9kb 0.1%
├ node_modules/mathjs/lib/esm/function/matrix/concat.js 1.9kb 0.1%
├ src/keri/core/diger.ts 1.8kb 0.1%
├ src/keri/core/encrypter.ts 1.8kb 0.1%
├ node_modules/mathjs/lib/esm/utils/customs.js 1.8kb 0.1%
├ node_modules/mathjs/lib/esm/utils/collection.js 1.7kb 0.1%
├ src/keri/app/notifying.ts 1.7kb 0.1%
├ node_modules/mathjs/lib/esm/entry/pureFunctionsAny.generated.js 1.6kb 0.1%
├ node_modules/mathjs/lib/esm/type/bignumber/function/bignumber.js 1.6kb 0.1%
├ src/keri/core/vdring.ts 1.5kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/utils/broadcast.js 1.5kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/utils/matAlgo13xDD.js 1.5kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/utils/matAlgo10xSids.js 1.5kb 0.1%
├ node_modules/mathjs/lib/esm/function/utils/numeric.js 1.5kb 0.1%
├ src/keri/core/bexter.ts 1.4kb 0.1%
├ node_modules/mathjs/lib/esm/utils/map.js 1.4kb 0.1%
├ node_modules/structured-headers/dist/index.js 1.3kb 0.1%
├ node_modules/mathjs/lib/esm/function/statistics/sum.js 1.3kb 0.1%
├ node_modules/mathjs/lib/esm/function/arithmetic/add.js 1.3kb 0.1%
├ src/keri/core/pather.ts 1.3kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/function/matrix.js 1.2kb 0.1%
├ node_modules/mathjs/lib/esm/utils/factory.js 1.2kb 0.1%
├ src/keri/core/number.ts 1.2kb 0.1%
├ node_modules/mathjs/lib/esm/type/fraction/function/fraction.js 1.2kb 0.1%
├ node_modules/mathjs/lib/esm/function/relational/equalScalar.js 1.2kb 0.1%
├ node_modules/@noble/hashes/esm/_assert.js 1.2kb 0.1%
├ node_modules/mathjs/lib/esm/function/arithmetic/addScalar.js 1.1kb 0.1%
├ node_modules/mathjs/lib/esm/type/matrix/utils/matAlgo14xDs.js 1.1kb 0.1%
├ node_modules/structured-headers/dist/util.js 1.1kb 0.0%
├ src/keri/core/verfer.ts 1.1kb 0.0%
├ node_modules/mathjs/lib/esm/type/bignumber/BigNumber.js 985b 0.0%
├ node_modules/mathjs/lib/esm/error/IndexError.js 930b 0.0%
├ node_modules/mathjs/lib/esm/core/config.js 867b 0.0%
├ node_modules/mathjs/lib/esm/type/fraction/Fraction.js 817b 0.0%
├ src/keri/core/cipher.ts 809b 0.0%
├ node_modules/@noble/curves/esm/p256.js 805b 0.0%
├ src/keri/app/delegating.ts 775b 0.0%
├ src/keri/core/seqner.ts 748b 0.0%
├ node_modules/mathjs/lib/esm/error/DimensionError.js 745b 0.0%
├ node_modules/mathjs/lib/esm/function/statistics/utils/improveErrorMessage.js 708b 0.0%
├ node_modules/structured-headers/dist/token.js 700b 0.0%
├ src/keri/app/escrowing.ts 689b 0.0%
├ src/keri/core/base64.ts 672b 0.0%
├ node_modules/mathjs/lib/esm/function/utils/isInteger.js 560b 0.0%
├ node_modules/mathjs/lib/esm/utils/bignumber/nearlyEqual.js 499b 0.0%
├ node_modules/structured-headers/dist/types.js 474b 0.0%
├ node_modules/mathjs/lib/esm/entry/configReadonly.js 467b 0.0%
├ src/keri/core/siger.ts 437b 0.0%
├ node_modules/mathjs/lib/esm/function/relational/compareUnits.js 428b 0.0%
├ node_modules/@babel/runtime/helpers/esm/extends.js 322b 0.0%
├ node_modules/@noble/curves/esm/_shortw_utils.js 318b 0.0%
├ node_modules/@noble/hashes/esm/_u64.js 313b 0.0%
├ node_modules/mathjs/lib/esm/function/string/format.js 307b 0.0%
├ src/keri/core/cigar.ts 294b 0.0%
├ node_modules/mathjs/lib/esm/utils/switch.js 275b 0.0%
├ node_modules/mathjs/lib/esm/utils/function.js 227b 0.0%
├ node_modules/mathjs/lib/esm/utils/noop.js 188b 0.0%
├ src/ready.ts 170b 0.0%
├ src/keri/core/kering.ts 149b 0.0%
├ node_modules/mathjs/lib/esm/utils/complex.js 127b 0.0%
├ node_modules/mathjs/lib/esm/core/function/config.js 104b 0.0%
├ node_modules/@noble/hashes/esm/crypto.js 103b 0.0%
├ (disabled):path 72b 0.0%
├ (disabled):fs 68b 0.0%
└ src/index.ts 39b 0.0%
tmp/index.js 2.1mb ⚠️
⚡ Done in 306ms
The libsodium dependency accounts for > 60% of the resulting bundle. I think most things that libsodium is used for can be accomplished with @noble/curves and @noble/hashes to a significantly lower price. I believe the WebCrypto API can be used generating random bytes with crypto.getRandomValues().
ESSR uses libsodium crypto box seal, which according to the SPAC paper seems to be one of the only implementations of HPKE available.
From dev call: there may be a WebAssembly or other libsodium library. The current library we use was selected many years ago. There may be a different usable one we could use now. Or potentially fork the libsodium library and have only the features that we need.
Charles node_modules/libsodium-sumo/dist/modules-sumo/libsodium-sumo.js is the WASM version, that's why it's so big.
Sam: we may be getting the tradeoff of speed vs size here. There is a full JavaScript impl that is pretty small.
Also see here from author of libsodium.js: https://github.com/jedisct1/libsodium.js/issues/327#issuecomment-1793419292
libsodium.js was a nice contribution, but honestly, for crypto in JavaScript today, I'd rather use WebCrypto when possible, and Noble cryptography for everything else.
@iFergal: Here is an implementation of crypto box seal based on Noble libraries as well https://github.com/serenity-kit/noble-sodium/blob/main/src/crypto-box-seal.ts
@lenkan Makes sense to me then - if we switch I'd be happy to test it on my ESSR work for a sanity check too
I'm in favor of switching libraries to either Noble or WebCrypto. If the tests pass and integration tests with KERIA work, then why not?