fix: further obfuscate `node:crypto` import from overzealous static analysis (#17763)

Fixes #17762, hopefully
2 days ago · d75d1f7dbb
parent 6aa7b9c64a
commit d75d1f7dbb
2 changed files with 10 additions and 2 deletions
--- a/.changeset/shiny-places-make.md
+++ b/.changeset/shiny-places-make.md
@ -0,0 +1,5 @@
+---
+'svelte': patch
+---
+
+fix: further obfuscate `node:crypto` import from overzealous static analysis
--- a/packages/svelte/src/internal/server/crypto.js
+++ b/packages/svelte/src/internal/server/crypto.js
@ -4,6 +4,9 @@ let text_encoder;
 // TODO - remove this and use global `crypto` when we drop Node 18
 let crypto;

+/** @param {string} module_name */
+const obfuscated_import = (module_name) => import(/* @vite-ignore */ module_name);
+
 /** @param {string} data */
 export async function sha256(data) {
 	text_encoder ??= new TextEncoder();
@ -12,8 +15,8 @@ export async function sha256(data) {
 	crypto ??= globalThis.crypto?.subtle?.digest
 		? globalThis.crypto
 		: // @ts-ignore - we don't install node types in the prod build
-			// don't use 'node:crypto' because static analysers will think we rely on node when we don't
-			(await import(/* @vite-ignore */ 'node:' + 'crypto')).webcrypto;
+			// don't use import('node:crypto') directly because static analysers will think we rely on node when we don't
+			(await obfuscated_import('node:crypto')).webcrypto;

 	const hash_buffer = await crypto.subtle.digest('SHA-256', text_encoder.encode(data));