coreutils: Missing dependency "crypto"

[GordonSmith]

random.ts has a "require" for "crypto", but package.json has no reference to that package:

phosphor/packages/coreutils/src/random.ts

Line 42 in 51a6530

(typeof require !== 'undefined' && require('crypto')) || null

phosphor/packages/coreutils/package.json

Line 14 in 39d54e8

"dependencies": {},

• This causes issues with rollup.js
• This is apparently causing issues downstream in Angular 6 (newer WebPack?).

Edit: After a bit of digging I see that "crypto" is now a core Node module and that while you do have runtime checking for the current environment (Node or Browser), it hasn't been isolated for downstream bundlers in general.

FWIW in scenarios like this I typically create two "index.ts" files:

• index.client.ts (no reference to require("crypto"))
• index.server.ts (has reference to require("crypto"))

Then update package.json with:

  "main": "dist/index.server.js",
  "browser": "dist/index.client.js",

I can issue a PR for the above if you like (but want to make sure you are happy with the proposed solution before I do the work).

[blink1073]

Hi @GordonSmith, see discussion in #349.

[GordonSmith]

@blink1073 That PR works 100% for me (and all browser users) - but if there is a genuine need to fallback to the Node crypto library for some reason (the coreutils might be used in other scenarios like unit tests etc.), then my proposed solution might be more acceptable to @sccolbert

(thx for the cross-link BTW)

[blink1073]

Does webpack honor the browser field for the entry point?

[GordonSmith]

Yes (99% sure) - webpack defaults to browser = true as well (which shouldn't be a surprise).

[SimonBiggs]

@GordonSmith my method was a hacky workaround to be sure. We should close my pull request and replace it with yours.