crypto-browserify icon indicating copy to clipboard operation
crypto-browserify copied to clipboard
verified publisher icon browserify

`crypto-browserify` has an upstream dependency on `node:crypto`

Open sagargurtu opened this issue 1 year ago • 3 comments

  • crypto-browserify depends on browserify-sign@^4.2 link
  • browserify-sign@^4.2 depends on elliptic@^6.5 link
  • elliptic@^6.5 depends on brorand@^1.1 link
  • brorand@^1.1 uses crypto link

sagargurtu avatar Jan 03 '25 03:01 sagargurtu

Looks like that will only affect a web worker, but also elliptic distributes a bundle, so it could be addressed in either place. (cc @indutny)

In a regular browser or node context, there shouldn't be any issue.

ljharb avatar Jan 03 '25 04:01 ljharb

I'm polyfilling Node.js builtins in my application using a Vite plugin. Whenever Vite encounters an import of "crypto", the plugin resolves it to "crypto-browserify". However, the issue mentioned above creates a cyclic dependency on "crypto", which ultimately breaks the build.

This condition in the upstream dependency will not be evaluated during vite build, causing Vite to resolve "crypto" in the else block, which in turn creates the cyclic dependency.

sagargurtu avatar Jan 03 '25 05:01 sagargurtu

A cyclic dependency shouldn't break the build either - cycles are perfectly supported by both CJS and ESM.

ljharb avatar Jan 03 '25 05:01 ljharb