Closed mikemaccana closed 1 year ago
Hey @mikemaccana thanks for the issue. Unfortunately, this is not directly solvable by us - as js-sha256 is an indirect dependency, see:
@bundlr-network/client@0.11.1
├─┬ @near-js/providers@0.0.4
│ └─┬ @near-js/transactions@0.1.0
│ └── js-sha256@0.9.0
├─┬ @near-js/transactions@0.1.1
│ ├─┬ @near-js/signers@0.0.4
│ │ └── js-sha256@0.9.0
│ └── js-sha256@0.9.0
├─┬ @near-js/wallet-account@0.0.4
│ ├─┬ @near-js/accounts@0.1.1
│ │ └─┬ @near-js/transactions@0.1.0
│ │ └── js-sha256@0.9.0
│ ├─┬ @near-js/signers@0.0.3
│ │ └── js-sha256@0.9.0
│ └─┬ @near-js/transactions@0.1.0
│ └── js-sha256@0.9.0
└─┬ algosdk@1.24.1
└── js-sha256@0.9.0
@JesseTheRobot understood re: plugins actually having the dependencies. Could you move to using optionalDependencies
for near and algo and whatever else? Like many other users, I'm doing nothing with near or algorand. See https://betterprogramming.pub/what-are-npms-optional-dependencies-and-when-should-we-use-them-796a6a964e73 for more info.
I can definitely look Into that, but if I recall correctly we had some issues with optional dependencies and tooling like webpack (or simply users trying to use the CLI via NPX) - I'll keep you in the loop regardless.
We do have a "split" client planned, where you only import the packages you're using, but that's still under development unfortunately.
The
js-sha256
module isn't necessary in current (last 10 years) browsers and causes warnings:All current browsers provide SHA256 natively. See https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest