Version 3

[paulmillr]

• aes: change from native async to noble-ciphers sync
• new bls module: bls12-381 operations
• new bn module: bn254 operations
• new math module: modPow and modInv operations
• Update dependencies
  • curves v1.6.0
  • hashes v1.5.0
  • bip32 v1.5.0
  • bip39 v1.4.0
  • base v1.1.8
  • new dependency: noble-ciphers, used for sync AES
• Add support for node.js v14
• Improve typescript compatibility by emitting separate types for cjs / esm

Backwards-incompatible changes:

1. utils: crypto var had been removed
2. aes: async methods became sync

[paulmillr]

cc @legobeat please review

[alcuadrado]

Is the intention to run the two builds before publishing? I guess so, but just double-checking.

Should we add info about the new modules to the readme?

[paulmillr]

@alcuadrado yes, in fact, we have been doing two builds for a long time, using npm run build:

    "build:tsc": "tsc --project tsconfig.prod.json && tsc --project tsconfig.prod.esm.json",

Should we add info about the new modules to the readme?

Yes, and tests for them.

[legobeat]

cc @legobeat please review

It's not clear to me if Node.js v14 compatibility is intended for this release or if that's a question in scope for this at all (here is BTW where an engines.node field is useful to set expectations straight)? Feel free to disregard points you think out of scope here.

• Dependency versions are aligned (no inconsistencies or dupes) 👍
• Seems to run fine on Node 16~22 👍
• v3 indicates breaking changes to me - what should be considered here? I am probably missing something.
• The aes module uses crypto.subtle.importKey, which is available in Node.js >=v16, not v14. (aes tests fail with TypeError: Cannot read property 'importKey' of undefined). It does not look like a regression, though.

Improve typescript compatibility by emitting separate types for cjs / esm

• While the implementations are expected to differ, is there some reason why we can't have a unified interface (making the ESM/CJS difference invisible from an API perspective) and the same .d.ts files? They *.d.ts and esm/*.d.ts files are currently identical from what I can tell?
• index.d.ts and esm/index.d.ts are present but empty - remove, or add explicit re-exports of public interfaces?

[legobeat]

Aside related to the two builds: It's not rare to see projects get caught inadvertently breaking either of CJS or ESM in a subtle but impacting change after transitioning to dual builds. While things look good here now, there is always the risk of future discrepancies (or even something we missed here).

The current mocha tests seem to be instrumented as commonjs from what I can tell. Could be worth looking at instrumenting the same tests twice, under esm and commonjs "modes", to catch any future discrepancies?

[paulmillr]

why we can't have a unified interface (making the ESM/CJS difference invisible from an API perspective) and the same .d.ts files

https://arethetypeswrong.github.io

https://arethetypeswrong.github.io/?p=%40metamask%2Feth-sig-util%407.0.3

index.d.ts and esm/index.d.ts are present but empty - remove, or add explicit re-exports of public interfaces?

ts auto-produces them, I don't think it's necessary to have script which rms them. Not sure what we can do here. explicit re-exports is no-go. does it matter? The files are small and don't enlarge the bundle massively.

v3 indicates breaking changes to me - what should be considered here? I am probably missing something.

I will be removing crypto export from utils. I also wanted to replace aes with something sync (from noble ciphers), while moving old version to aes-compat or aes-webcrypto, but it's not certain.

[paulmillr]

AES has been changed from native (async) to (audited) noble-ciphers (sync).

I believe this change should be done, because async methods are a big deal. They force all app code to become async. Native aes is also not available in all environments.

Ethers, for example, uses sync AES.

[legobeat]

LGTM!

Still curious on what the breaking change(s) beyond aes going sync are, if any.

v3 indicates breaking changes to me - what should be considered here? I am probably missing something.

[paulmillr]

Still curious on what the breaking change(s) beyond aes going sync are, if any.

1. crypto removed from utils
2. aes sync

that's it. nothing else

[paulmillr]

@legobeat do you know why nodejs v14 is failing on linux? The error is weird

npm ERR! Cannot read property '@noble/ciphers' of undefined

[legobeat]

@paulmillr Looks to be because of node 14 shipping with incompatible npm v6.

• Fix: [v3] npm version 9 #132

[legobeat]

Nit: Would be nice to list what's explicitly supported (node.js, bun, deno, browsers?)

[paulmillr]

Yeah, also would be good to somehow test in bun, deno

[alcuadrado]

Thanks for putting this together, @paulmillr! And @legobeat for also reviewing it :)