deprecate crypto-js #8607
deprecate crypto-js #8607
Conversation
|
This pull request fixes 2 alerts when merging f602c6c into 34e7405 - view on LGTM.com fixed alerts:
|
Codecov Report
@@ Coverage Diff @@
## main #8607 +/- ##
==========================================
- Coverage 77.94% 77.78% -0.17%
==========================================
Files 237 240 +3
Lines 16810 17112 +302
Branches 3613 3651 +38
==========================================
+ Hits 13102 13310 +208
- Misses 3581 3677 +96
+ Partials 127 125 -2
Continue to review full report at Codecov.
|
|
This pull request fixes 2 alerts when merging bd4404a into 85e9b97 - view on LGTM.com fixed alerts:
|
| @@ -660,6 +657,7 @@ export default class CognitoUser { | |||
| authParameters.USERNAME = this.username; | |||
| authParameters.DEVICE_KEY = this.deviceKey; | |||
| authenticationHelper.getLargeAValue((errAValue, aValue) => { | |||
| console.log('get aValue', aValue); | |||
There was a problem hiding this comment.
good catch! no it is for my local debug, will remove it
| * Converts this word array to a string. | ||
| * | ||
| * @param {Encoder} encoder (Optional) The encoding strategy to use. Default: CryptoJS.enc.Hex | ||
| * |
There was a problem hiding this comment.
I believe it is copied from the original file, somehow I feel like each version of the crypto-js keeps the same styles to respect the original author, but I will do a clean up on the format :)
| }; | ||
|
|
||
| /** | ||
| * Abstract buffered block algorithm template. (checked, similar to crypto-es) |
There was a problem hiding this comment.
remove "(checked, similar to crypto-es)"
| /** | ||
| * HMAC algorithm. | ||
| */ | ||
| (function (algo) { |
There was a problem hiding this comment.
Can you explain what the algo parameter is in this scenario?
| (function (algo) { | ||
|
|
||
| // Initialization and round constants tables | ||
| const H = []; |
There was a problem hiding this comment.
| default: jest.fn(() => ''), | ||
| }; | ||
| }); | ||
|
|
There was a problem hiding this comment.
we should still have some tests for CryptoJSHelper.SHA256 I believe
There was a problem hiding this comment.
I need to think more of whether we want to add tests for it, as it is basically copied from third party logic. If we add test, we probably add similar tests like the original crypto-js. Adding test also means we want to maintain it, which I am trying to avoid.
|
close as the fix in crypto-js has been released #8626 |
|
This pull request has been automatically locked since there hasn't been any recent activity after it was closed. Please open a new issue for related bugs. Looking for a help forum? We recommend joining the Amplify Community Discord server |
Description of changes
Amplify has a dependency on crypto-js, yet we only use partial of its functions (Base64, SHA256, Hmac256). However, it is not actively maintained, and has introduced issue like NextJS bundle size to Amplify.
After reviewing available options, I decide to extract the Amplify needed codes from
cryto-js, re-org and refactor a bit based on our own need, and put it in a single fileCryptoJSHelper(the original partially implementedWordArrayis replaced as well). Below is a brief summary of build size comparison.Alternatives comparison
note: both crypto-js and crypto-es are forked and based on the original
crypto-jsfrom Jeff Wott, their codes (comments/logic/typing) are almost identical. This means the core algorithms/logics are stable. See more about its history.This is perhaps a temporary solution before we have a better option (either crypto-js merge the bundle size fix PR), or when
aws-crytosupports more algorithm and flexible data type.Issue #, if available
#7570
#8256
Description of how you validated changes
Checklist
yarn testpassesBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.