fix: further obfuscate `node:crypto` import from overzealous static analysis (#17763)

Fixes #17762, hopefully
pull/17768/head
Conduitry 2 days ago committed by GitHub
parent 6aa7b9c64a
commit d75d1f7dbb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -0,0 +1,5 @@
---
'svelte': patch
---
fix: further obfuscate `node:crypto` import from overzealous static analysis

@ -4,6 +4,9 @@ let text_encoder;
// TODO - remove this and use global `crypto` when we drop Node 18
let crypto;
/** @param {string} module_name */
const obfuscated_import = (module_name) => import(/* @vite-ignore */ module_name);
/** @param {string} data */
export async function sha256(data) {
text_encoder ??= new TextEncoder();
@ -12,8 +15,8 @@ export async function sha256(data) {
crypto ??= globalThis.crypto?.subtle?.digest
? globalThis.crypto
: // @ts-ignore - we don't install node types in the prod build
// don't use 'node:crypto' because static analysers will think we rely on node when we don't
(await import(/* @vite-ignore */ 'node:' + 'crypto')).webcrypto;
// don't use import('node:crypto') directly because static analysers will think we rely on node when we don't
(await obfuscated_import('node:crypto')).webcrypto;
const hash_buffer = await crypto.subtle.digest('SHA-256', text_encoder.encode(data));

Loading…
Cancel
Save