Dependencies with js-sha256 is risky #1
Description
Hi, there is a bug on some specific browser version with sha256 calculation error.
I found that the bitcore-lib depends on bip-schnorr then js-sha256
We should be careful and should changes it to @noble/hashes/sha256
And for Unisat Extension, for quick patch, you should use fix-modules to replace bip-schnorr package
const fixSha256 = () => {
const file = './node_modules/bip-schnorr/src/convert.js';
let fileData = fs.readFileSync(file).toString();
fileData = fileData.replace(
fileData,
`
const BigInteger = require('bigi');
const Buffer = require('safe-buffer').Buffer;
const binding = require('@noble/hashes/sha256');
const { sha256 } = binding;
function bufferToInt(buffer) {
return BigInteger.fromBuffer(buffer);
}
function intToBuffer(bigInteger) {
return bigInteger.toBuffer(32);
}
function hash(buffer) {
return Buffer.from(sha256.create().update(buffer).digest(), 'hex');
}
module.exports = {
bufferToInt,
intToBuffer,
hash,
};
`
);
fs.writeFileSync(file, fileData);
};then
const run = async () => {
let success = true;
try {
...
fixSha256();
} catch (e) {
console.error('error:', e.message);
success = false;
} finally {
console.log('Fix modules result: ', success ? 'success' : 'failed');
}
};Thanks