feat: use @noble and @scure libraries for cryptography (#2273)

Switch to using `@noble/hashes`, `@noble/curves`, `@scure/base`, `@scure/bip32`, and `@scure/bip39`. This replaces `crypto` polyfills (such as `crypto-browserify`), `create-hash`, `elliptic`, `hash.js`, `bn.js` (both versions), and their many dependencies. This also means there are 33 less dependencies downloaded when running a fresh `npm install` and will make the project much easier to maintain. This reduces the bundle size by 44% (82kb minified and gzipped) over the current 3.0 branch as well as reducing the amount of configuration required to bundle. Closes #1814, #1817, #2272, and #2306 Co-authored-by: Caleb Kniffen <ckniffen@ripple.com>
2025-11-29 00:25:48 +00:00 · 2023-10-10 02:45:58 +07:00
parent 5607320ce2
commit 217b111ef2
78 changed files with 2911 additions and 2621 deletions
--- a/packages/ripple-keypairs/HISTORY.md
+++ b/packages/ripple-keypairs/HISTORY.md
@@ -6,6 +6,13 @@
 * Remove Node 14 support
 * Remove `assert` dependency. If you were catching `AssertionError` you need to change to `Error`.
 * Fix `deriveKeypair` ignoring manual decoding algorithm. (Specifying algorithm=`ed25519` in `opts` now works on secrets like `sNa1...`)
+* Remove `crypto` polyfills, `create-hash`, `elliptic`, `hash.js`, and their many dependencies in favor of `@noble/hashes` and `@nobel/curves`
+* Remove `bytesToHex` and `hexToBytes`.  They can now be found in `@xrplf/isomorphic/utils`
+* `verifyTransaction` will throw an error if there is no signature
+* Improved key algorithm detection. It will now throw Errors with helpful messages
+
+### Changes
+* Remove `brorand` as a dependency and use `@xrplf/isomorphic` instead.

 ## 1.3.1 (2023-09-27)
 ### Fixed