Version >=7.0.0 is not compatible with React Native / Expo #375
Comments
|
+1 |
|
Same goes for Azure functions. Getting the message:
|
|
Is this just affecting React Native? or also desktop browsers? I have like MANY libs for Node and browser that depends on |
|
Thanks for the reports, we‘ll have to investigate. Could anyone of you provide a minimal reproduction case? That would be extremely helpful! |
|
I just confirm that the issue does NOT happen in browsers (using |
|
@TrySound thanks for the hint, maybe we can go a similar route. Will check it out in detail. |
I think the issue is that node LTS (12.16.1 as of this message) does not offer the Output: |
|
@ZebraFlesh You are right getRandomValues is not part of node crypto. Also it's not used in node version. The problem are environments. They provides own sandboxes. |
|
Here's what I know: performing the following code in a serverless handler which is bundled with webpack fails with the crypto.getRandomValues is not a function message: Looking at @TrySound's links it's very strange to me that this would go into the browser code instead of the node variant, but it is. (And my webpack config explicitly has a |
|
Very good catch! @ctavan main does not always mean node environment and module does not always mean browser environment. There is special browser field for this. You should provide commonjs and esm for both node and browser environment. Look how this is solved here in react-map-gl project |
Jeez. It took a bit of digging to unpack all that, but you totally nailed it and made me smarter -- so thank you! Here's a link to npm's docs on |
|
Here's spec Also you can do the same to provide react-native specific solution |
|
"module" field is just a convention. Modern bundlers prefer it over "main". Though node will provide soon conditional exports as official solution. |
|
I believe we have two distinct issues in this one:
With regards to react-native I'm happy to take a deeper look at the solution that nanoid chose but I'm equally happy to accept pull-requests that add such a feature. The good news is that all of the implementations that are now broken very likely were using flawed random number generators with a much higher likelihood of UUID collisions (see https://github.com/tc39/proposal-uuid#how-unique-are-v4-uuids for examples) so we're finally discovering those implementations and now have a chance to fix them. |
Same as for AWS, Azure, is also true for google cloud functions such as firebase cloud functions:
|
|
@ctavan 3. Also main/module is confused with node/browser |
|
Looking at nanoid it looks like a solution for react-native is unfortunately not 100% straightforward: The random number generators used in node ( The approach that nanoid takes is to offer async variants of the methods and then makes use of expo-random to generate cryptographically secure random numbers. Nanoid also offers non-secure variants which use That said there seem to be plenty of attempts on npm to provide Polyfills for either node's However I found it really hard to judge if any of these implementations satisfy the two criteria
@LinusU I saw that you authored one of these libraries (https://github.com/LinusU/react-native-get-random-values) and since you have been contributing to this library as well, maybe you can shed a bit more light on the situation w.r.t. sync CSPRNGs in react-native (or anyone else who is familiar with the matter)? |
|
I think it's fixed in version |
|
I still have the same error in import { v4 as uuid4 } from 'uuid'
uuid4() |
This comment has been minimized.
This comment has been minimized.
|
The react-native problem has not yet been fixed and as explained above a fix is not straightforward. 7.0.1 fixed problem with Node.js cloud environments. |
|
@ctavan I think it's very unfortunate that React Native doesn't provide a proper Personally, I think that the best approach is to have instructions to install the Something like:
I'd be happy to update documentation in that package as well if there is anything that is unclear 👍 oh, and for anyone else in this thread, if you want a fix to this problem you should be able to install |
|
Thank you so much for your contributions! I think we could go even one step further and make this work out of the box using a Just one thing I'm really curious about: Does your polyfill use a random number generator on both platforms (iOS and Android) that qualifies as "cryptographically secure"? And if so, why on earth do all other polyfill libraries for react-native that I found out there only provide async methods and no sync methods (most that I found seem to be using https://www.npmjs.com/package/sjcl as a fallback for their sync implementations)? So I'm happy to merge your changes I just want to ensure that we are getting the same quality of randomness that we get with node and webcrypto. |
I'm not exactly sure what we would put in that file? Do you mean that it would require the polyfill there? 🤔
I'm not sure that declaring
It does. It uses
The fact that you can have synchronous methods in a React Native module isn't all that well documented. In fact, I only found out when I tried to add
Sounds good 👍 |
|
This issue also refers to the problems with Azure Functions/AWS Lambda/Firebase Functions etc too. Are we saying the same resolution is to use the |
|
@jameswoodley I don't think so. For node.js environments this is working now without extra packages. For react-native you must also install a random number generator, These are my current dependencies, all tested + working + in production; firebase is cloud functions, public-app is react-native |
|
Hi @mikehardy thanks for the update. I found that rollup was defaulting to browser and not node. Have resolved by adding
Thanks! |
|
@jameswoodley the issue you are describing is being tracked in #544 |
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
Current uuid is not compatible with RN/Expo at all. See uuidjs/uuid#375
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [uuid](https://github.com/uuidjs/uuid) | dependencies | major | [`^8.3.2` -> `^9.0.0`](https://renovatebot.com/diffs/npm/uuid/8.3.2/9.0.0) | | [@types/uuid](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/uuid) ([source](https://github.com/DefinitelyTyped/DefinitelyTyped)) | dependencies | major | [`^8.3.0` -> `^9.0.0`](https://renovatebot.com/diffs/npm/@types%2fuuid/8.3.0/9.0.1) | --- ### Release Notes <details> <summary>uuidjs/uuid</summary> ### [`v9.0.0`](https://github.com/uuidjs/uuid/blob/HEAD/CHANGELOG.md#​900-httpsgithubcomuuidjsuuidcomparev832v900-2022-09-05) [Compare Source](uuidjs/uuid@v8.3.2...v9.0.0) ##### ⚠ BREAKING CHANGES - Drop Node.js 10.x support. This library always aims at supporting one EOLed LTS release which by this time now is 12.x which has reached EOL 30 Apr 2022. - Remove the minified UMD build from the package. Minified code is hard to audit and since this is a widely used library it seems more appropriate nowadays to optimize for auditability than to ship a legacy module format that, at best, serves educational purposes nowadays. For production browser use cases, users should be using a bundler. For educational purposes, today's online sandboxes like replit.com offer convenient ways to load npm modules, so the use case for UMD through repos like UNPKG or jsDelivr has largely vanished. - Drop IE 11 and Safari 10 support. Drop support for browsers that don't correctly implement const/let and default arguments, and no longer transpile the browser build to ES2015. This also removes the fallback on msCrypto instead of the crypto API. Browser tests are run in the first supported version of each supported browser and in the latest (as of this commit) version available on Browserstack. ##### Features - optimize uuid.v1 by 1.3x uuid.v4 by 4.3x (430%) ([#​597](uuidjs/uuid#597)) ([3a033f6](uuidjs/uuid@3a033f6)) - remove UMD build ([#​645](uuidjs/uuid#645)) ([e948a0f](uuidjs/uuid@e948a0f)), closes [#​620](uuidjs/uuid#620) - use native crypto.randomUUID when available ([#​600](uuidjs/uuid#600)) ([c9e076c](uuidjs/uuid@c9e076c)) ##### Bug Fixes - add Jest/jsdom compatibility ([#​642](uuidjs/uuid#642)) ([16f9c46](uuidjs/uuid@16f9c46)) - change default export to named function ([#​545](uuidjs/uuid#545)) ([c57bc5a](uuidjs/uuid@c57bc5a)) - handle error when parameter is not set in v3 and v5 ([#​622](uuidjs/uuid#622)) ([fcd7388](uuidjs/uuid@fcd7388)) - run npm audit fix ([#​644](uuidjs/uuid#644)) ([04686f5](uuidjs/uuid@04686f5)) - upgrading from uuid3 broken link ([#​568](uuidjs/uuid#568)) ([1c849da](uuidjs/uuid@1c849da)) ##### build - drop Node.js 8.x from babel transpile target ([#​603](uuidjs/uuid#603)) ([aa11485](uuidjs/uuid@aa11485)) - drop support for legacy browsers (IE11, Safari 10) ([#​604](uuidjs/uuid#604)) ([0f433e5](uuidjs/uuid@0f433e5)) - drop node 10.x to upgrade dev dependencies ([#​653](uuidjs/uuid#653)) ([28a5712](uuidjs/uuid@28a5712)), closes [#​643](uuidjs/uuid#643) ##### [8.3.2](uuidjs/uuid@v8.3.1...v8.3.2) (2020-12-08) ##### Bug Fixes - lazy load getRandomValues ([#​537](uuidjs/uuid#537)) ([16c8f6d](uuidjs/uuid@16c8f6d)), closes [#​536](uuidjs/uuid#536) ##### [8.3.1](uuidjs/uuid@v8.3.0...v8.3.1) (2020-10-04) ##### Bug Fixes - support expo>=39.0.0 ([#​515](uuidjs/uuid#515)) ([c65a0f3](uuidjs/uuid@c65a0f3)), closes [#​375](uuidjs/uuid#375) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC43NC4yIiwidXBkYXRlZEluVmVyIjoiMzQuNzQuMiJ9--> Co-authored-by: Renovate Bot <[email protected]> Reviewed-on: https://gitea.vylpes.xyz/RabbitLabs/Droplet/pulls/111 Reviewed-by: Vylpes <[email protected]> Co-authored-by: RenovateBot <[email protected]> Co-committed-by: RenovateBot <[email protected]>
- crypto-js is no longer maintained, and it was only being used in Secret.base64, so it seemed better to remove it completely - https://github.com/brix/crypto-js?tab=readme-ov-file#discontinued - This change partially reverts 51a7968 - Note that it's not possible to remove react-native-get-random-values with this change, since it's still required by the uuid library to create random UUIDv4s - uuidjs/uuid#375
and others
When I'm upgrading from 3.4.0 to 7.0.0 an error saying it can't require "crypto" pops up in a React Native app. It used to work fine before.
The text was updated successfully, but these errors were encountered: