Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@storacha/one-webcrypto

Package Overview
Dependencies
Maintainers
0
Versions
2
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@storacha/one-webcrypto

Import the webcrypto API as a single module in both nodejs and browsers.

  • 1.0.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
0
Created
Source

one-webcrypto

The WebCrypto API is available in most browsers, under a global variable:

// in web pages
const webcrypto = window.crypto
// in web workers, etc.
const webcrypto = self.crypto
// or generally under
const webcrypto = globalThis.crypto

It is also available in NodeJS since version 15.

However, it is accessed differently:

// in node with commonjs
const webcrypto = require("crypto").webcrypto
// in node with ES Modules
import crypto from "crypto"
const webcrypto = crypto.webcrypto

These different ways of getting access to valuable cryptographic primitives (see webcrypto.subtle) accross platforms (node & browsers) are hard to get right.

Usage

With this package, you can just import the WebCrypto API like so:

import { webcrypto } from "one-webcrypto"

webcrypto.getRandomValues( //...
await webcrypto.subtle.generateKey( //...

Or with CommonJS:

const { webcrypto } = require("one-webcrypto")

Compatibility Issues

This package uses a fairly new package.json standard field, the exports field.

Read more about it:

We're also making use of webpack's pseudo-standard of the "browser" flag for imports.

So if your environment doesn't support that, it may or may not work.

We know that this setup works (should work) with

  • NodeJS 15+ (thus also e.g. mocha)
  • ESBuild
  • Webpack 5
  • Vite
  • SvelteKit
  • Snowpack
  • Parcel 2

We know that this setup can have issues with

  • Create React App

If you have any experience (whether it supports the claims above or not), please create an issue. The idea is to help each other out in these crazy bundler times and document what works and what doesn't. :)

FAQs

Package last updated on 29 Jul 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc