veramo icon indicating copy to clipboard operation
veramo copied to clipboard

Published 20 hours ago verified publisher icon decentralized-identity

Remove isomorphic-webcrypto dependency from veramo/didcom

Open vadimchilinciuc opened this issue 1 year ago • 1 comments

Bug severity 4 being critical

**When build with expo i get an error related to veramo/didcom specificaly to isomorphic-webcrypto dependency ,that have @unimodule/core dependency **

Error: Build file '...../node_modules/@unimodules/core/android/build.gradle' line: 3

  • What went wrong: A problem occurred evaluating project ':unimodules-core'.

Plugin with id 'maven' not found.

i ask if its possible to find a way to change the package cause its old and he need to Migrate to Expo-Modules for Expo SDK 43 and newer, and not use unimodules-core but expo-modules instead. Versions (please complete the following information):

  • Veramo: 6
  • Browser [ chrome]
  • Node Version 22.12.2

vadimchilinciuc avatar May 30 '24 16:05 vadimchilinciuc

seems related to #1381

mirceanis avatar Jun 27 '24 16:06 mirceanis

Thanks @mirceanis ! <3 Can we know when they will bee release ? Cause for know i can directly install them through : npm install veramo , its install the 6.0 version

vadimchilinciuc avatar Oct 24 '24 08:10 vadimchilinciuc

Can we know when they will bee release ?

@vadimchilinciuc you can already test this installing your veramo packages from the @next dist-tag; for example npm install @veramo/did-comm@next. Remember that veramo packages are not meant to be used with mixed versions. They might work but there is no guarantee. Try to keep all of them at the same version.

The next release will be a breaking change release (v7.0.0), as the credential plugins have changed API to allow easier extension without needing to modify the veramo core. Installing from the @next dist-tag gives you a preview of the upcoming changes.

mirceanis avatar Oct 24 '24 09:10 mirceanis

Thank you for the work on removing isomorphic-webcrypto from @veramo/did-comm. I’ve updated all my Veramo packages to @next (which resolved the deep dependency on isomorphic-webcrypto), but I noticed that the versions installed are still on ^6.0.1-next.40, not 7.0.0.

I understand this is part of the pre-release cycle, but I wanted to confirm: • Is next.40 the most stable snapshot of what will become 7.0.0? • Are there any breaking changes expected between next.40 and the final 7.0.0 release? • Is there an estimated timeline for the official 7.0.0 release to help plan production deployment?

I appreciate all the effort going into modernizing the stack — especially the work to make it Expo-compatible. Let me know if I should test anything further or contribute feedback.

enjora avatar May 08 '25 18:05 enjora

  • 6.0.1-next.40 is the closest release to what will become 7.0.0
  • there might still be breaking changes, but nothing big; renaming some constructor parameters for credential plugins
  • there is no release date set. This is all voluntary work subject to the limited bandwidth of maintainers

mirceanis avatar May 08 '25 18:05 mirceanis

Feedback about the @next releases is always welcome. Please test it in your configuration. Thank you!

mirceanis avatar May 08 '25 18:05 mirceanis

What I discovered is that the isomorphic-webcrypto package is still a dependency of @veramo/credential-w3c. For the build to succeed, I had to entirely remove the @veramo/credential-w3c. Is there any workaround, as I believe the credential-w3c is an essential package to the ecosystem?

@veramo/credential-w3c > "@veramo/credential-ld" > @digitalcredentials/jsonld-signatures > @sphereon/isomorphic-webcrypto

enjora avatar May 08 '25 20:05 enjora

Our project does not use React Native, and yet until this point we've always had to add the expo peer dependency.

Image

pauldesmondparker avatar Jun 10 '25 06:06 pauldesmondparker