paulmillr / noble-ciphers

Audited & minimal JS implementation of Salsa20, ChaCha and AES
https://paulmillr.com/noble
MIT License
214 stars 8 forks source link

@noble/utils #42

Closed steida closed 3 weeks ago

steida commented 3 weeks ago

I suppose it should be one library to save some bytes when people use both @noble/ciphers and @noble/hashes. Thank you very much for your work.

paulmillr commented 3 weeks ago

Adding dependency to save 500 bytes is not worth it.

Inlining all the way.

steida commented 3 weeks ago

OK, but it's your dependency, so I don't understand why it should be a problem. Anyway, it was just an idea. Feel free to ignore it.

paulmillr commented 3 weeks ago

Imagine all packages incorporate utils tomorrow:

So, overall, brings too much complexity. 500 bytes is not a huge deal.

steida commented 3 weeks ago

utils will need to be constantly updated

That's okay, IMHO.

someone using hashes v1.7 which depend on utils v1.0.0. the same person is using ciphers v1.1 which depend on utils v1.1.0. The person will have two utils, duplicated.

That's expected.

How can duplication be prevented?

No need to do that. That's the feature, not a bug.

What I wanted to say. Each lib can and shall have fixed dependencies, so there is no need to use the last one.

I'm just brainstorming. I thought it would be easier for you to have a single source of truth. But I understand that could lead to a dangerous zone - a monorepo 😂, because with dependencies, you would need a changeset for releasing.

I understand your hesitations; it was just an idea.