search

simplyhexagonal / string-crypto

Small and simple (yet secure) library to encrypt and decrypt strings using PBKDF2 for key derivation and AES (defaulted to 256-bit / SHA512)
https://www.npmjs.com/package/string-crypto
21 stars 1 forks source link

Implicit `tslib` dependency #4

Closed faustbrian closed 3 years ago

faustbrian commented 3 years ago

Since the release of 2.0.0 it looks like tslib is used somewhere but not included as a dependency. This makes it impossible to use the package when using yarn berry, at least out of the box without workarounds.

  ● Test suite failed to run

    string-crypto tried to access tslib, but it isn't declared in its dependencies; this makes the require call ambiguous and unsound.

    Required package: tslib (via "tslib")
    Required by: string-crypto@npm:2.0.0 (via /home/runner/work/platform-sdk/platform-sdk/.yarn/cache/string-crypto-npm-2.0.0-e609e2f4e1-2.zip/node_modules/string-crypto/dist/)
jeanlescure commented 3 years ago

Hi @faustbrian , thanks for reporting this issue!

This is a problem with yarn berry, rollup, and typescript, and quite an annoying one at that.

Rather than transpiling to vanilla JS, the combo of berry/rollup/ts turns things like this expansion syntax:

    const {
      salt,
      iterations,
      digest,
    } = {
      ...StringCrypto.defaultDeriveKeyOpts,
      ...options,
    };

into this nonesense:

var _a = tslib.__assign(tslib.__assign({}, StringCrypto.defaultDeriveKeyOpts), options),
  salt = _a.salt,
  iterations = _a.iterations,
  digest = _a.digest;

rather than just using Object.assign 🤦🏼

In any case I have gone and removed the expansion syntax in the following commit:

https://github.com/jeanlescure/string-crypto/commit/9d9a43c00022bb72eed33a835c8129aeec6763c3

and will proceed to release v2.0.1 🚀

Cheers and happy Monday

faustbrian commented 3 years ago

Thanks for the quick fix.