@noble/utils - Githubissues

steida commented 3 hours ago

I suppose it should be one library to save some bytes when people use both @noble/ciphers and @noble/hashes. Thank you very much for your work.

paulmillr commented 2 hours ago

Adding dependency to save 500 bytes is not worth it.

Inlining all the way.

steida commented 2 hours ago

OK, but it's your dependency, so I don't understand why it should be a problem. Anyway, it was just an idea. Feel free to ignore it.

paulmillr commented 1 hour ago

Imagine all packages incorporate utils tomorrow:

utils will need to be constantly updated
someone using hashes v1.7 which depend on utils v1.0.0. the same person is using ciphers v1.1 which depend on utils v1.1.0. The person will have two utils, duplicated.
How can duplication be prevented? By using version ranges (^1.0.0). However, doing so would increase risk of supply chain attacks. Badly published utils will be able to break all dependants at once
Also, version ranges can't really be used, because upstream dependents lock version of noble packages themselves.

So, overall, brings too much complexity. 500 bytes is not a huge deal.

paulmillr / noble-ciphers