Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto.getRandomValues support (compatibility with uuid 7.x, nanoid, etc.) #915

Closed
LinusU opened this issue Feb 17, 2023 · 3 comments
Closed

crypto.getRandomValues support (compatibility with uuid 7.x, nanoid, etc.) #915

LinusU opened this issue Feb 17, 2023 · 3 comments
Labels
enhancement New feature or request

Comments

@LinusU
Copy link

LinusU commented Feb 17, 2023

Problem

Today, almost all JavaScript environments supports a way to get cryptographically secure random data: crypto.getRandomValues. This has led many libraries to switch away from the insecure Math.random to this crypto.getRandomValue. This is supported in all modern browsers, Node.js, Deno, etc.

When using these libraries inside of Hermes, they do not work. There is a (react native specific) polyfill available: https://github.com/LinusU/react-native-get-random-values

But having to add a polyfill isn't a great user experience.

Solution

I think that we should add support for crypto.getRandomValues directly into Hermes. This way we could ensure that a performant implementation is always available for this libraries to use.

I would be happy to submit a PR for this, with some guidance!

Additional Context

I originally proposed adding this to React Native a long time ago: facebook/react-native#20686

There is also some discussion here: expo/expo#7209, expo/expo#17270

I think that it's even more relevant now, since e.g. Node.js has added this, and it's even more widespread now since most JS libraries aren't written with React Native in mind.
@LinusU LinusU added the enhancement New feature or request label Feb 17, 2023
@LinusU LinusU mentioned this issue Feb 17, 2023
Closed
@tmikov
Copy link
Contributor

tmikov commented Feb 17, 2023
edited
Loading

Hmm, I understand the pain and the inconvenience, but this feels like a React Native packaging issue. AFAIK, crypto is not a part of the JS spec, so it falls outside of the JS engine's purview.

Browsers and NodeJS have it, but they package a JS engine together with tons of additional libraries. In other word, it is not provided by v8 or JavaScriptCore.

I understand that it is tempting to make it a part of Hermes, because it would be convenient to have Hermes as a centralized point for distribution of additional libraries, but that means endlessly extending the scope of the project and having to maintain code in areas like crypto, that frankly are not our area of expertise.

I think this should be added to React Native, which already has other similar APIs. In theory there could also be a community project to package Hermes with additional APIs (but I doubt there is sufficient interest for that).

@tmikov tmikov closed this as completed May 16, 2023
@LinusU
Copy link
Author

LinusU commented May 17, 2023

@tmikov sorry for not responding earlier. Your reasoning makes sense, thank you for taking the time to post it 👍

@paulmillr
Copy link

To reconsideration, additional points in #1003

@paulmillr paulmillr mentioned this issue May 19, 2023
Closed
@johnculviner johnculviner mentioned this issue Oct 20, 2023
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@LinusU @paulmillr @tmikov