Why is a Shockwave Flash SWF file included

[mehboob-alam81]

We noticed that google-p12-pem@3.1.4 has a dependency on node-forge. node-forge@1.3.1 is includes swf/SocketPool.swf, apparently for some special networking features that can be optionally use a Flash component. As you know most browsers have disabled flash support for security reason. But customers are not allowing flash components (.swf files etc.) to be deployed. Can this be cleaned up from google-p12-pem?

[alexander-fenster]

Hi @mehboob-at-ibm,

Are you aware of any replacement for node-forge that can be used instead of it?

I will keep this PR open as a feature request for now; if the existence of this swf file bothers anyone else, please +1 and we'll see what we can do. Probably one easy thing we could technically do without rewriting the code is forking node-forge and shipping the fork without an swf file. If any of the folks who experience this problem has a support contract, please mention this issue there.

Thank you!

[mehboob-alam81]

@alexander-fenster I am not aware. But I am not sure if " swf/SocketPool.swf" is really useful/needed anymore either. There is an open an issue on the node-forege side as well - https://github.com/digitalbazaar/forge/issues/843

[danielbankhead]

I think we should work on internalizing the key functionality for node-forge - we use a very limited subset of it's API capabilities.

Related: It's also the largest dependency for downstream modules, such as @google-cloud/storage, which include node-forge from this package:

• https://github.com/googleapis/nodejs-storage/issues/1888
  • visual representation: https://bundlephobia.com/package/@google-cloud/storage@6.3.0