sjudson
commented
6 years ago @mikkomustikkamaa - This PR loses package information in package.json and makes a number of aggressive formatting changes irrelevant to the ES version, which I'd need removed before considering inclusion. However - before even that - although this code may be used with ES5 idioms it is only presently intended for use with ES6-compatible runtimes, mainly all currently supported Node versions (6.x.x and above). I intend to keep the internal ES6 structure, so will not accept these changes.
In addition, this package as presently designed should not be used in the browser. Browser cryptography is of debatable validity and security, and even then should likely only be done with the WebCrypto API, which this library does not support integration with. As noted in the README, I do intend to add support for a limited browser-compatible API for the validation of public PASETOs only - a process which requires no secret information, and therefore may be more safely (but still not trivially) undertaken in the browser. I'll be sure to be conscious of build and minification tools when I do that.
As such, I'm not going to merge this PR. Thanks however for the work and opening it, and I'll be sure to pay attention to the concerns you've raised when I do embark on the limited browser support.
I tried to use the library in browser in React application. create-react-app build failed to minify some javascript files in the library because all scripts are not ES5 compatible (more about this can be read here http://bit.ly/2tRViJ9). Because of mentioned reason, i forked the repository and rebuild some of the scripts with Babel to ES5 compliant. With these actions i achieved succesful minifying during create-react-app build and successful runtime usage in browser.
I made this pull request so you are aware of this and hopefully browser support is improved in upcoming releases related to mentioned issue.