@lit-protocol/nacl - npm Package Compare versions

Comparing version 2.0.33 to 2.0.34

package.json

 {
   "name": "@lit-protocol/nacl",
-  "version": "2.0.33",
+  "version": "2.0.34",
   "type": "commonjs",
@@ -5,0 +5,0 @@ "tags": [

src/lib/nacl.js

@@ -1168,3 +1168,13 @@ "use strict";
         // Node.js.
-        crypto = require('crypto');
+        // this nodeRequire hack was added by Chris Cassano
+        // because webpack was complaining that "you might try to require crypto and that's not bundled" by webpack automatically anymore.
+        // but this code path will only run on nodejs so it's a non-issue.
+        // thus we have this hack to make webpack happy.
+        const nodeVer = typeof process !== 'undefined' && process.versions?.node;
+        const nodeRequire = nodeVer
+            ? typeof __webpack_require__ === 'function'
+                ? __non_webpack_require__
+                : require
+            : undefined;
+        crypto = nodeRequire('crypto');
         if (crypto && crypto.randomBytes) {
@@ -1171,0 +1181,0 @@ _nacl.setPRNG(function (x, n) {

New alerts

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

98028

increased by0.89%

Lines of code

1197

increased by0.84%

Worsened metrics

Number of low supply chain risk alerts

2

increased by100%

No dependency changes