crypto-browserify has an upstream dependency on node:crypto

[sagargurtu]

• crypto-browserify depends on browserify-sign@^4.2 link
• browserify-sign@^4.2 depends on elliptic@^6.5 link
• elliptic@^6.5 depends on brorand@^1.1 link
• brorand@^1.1 uses crypto link

[ljharb]

Looks like that will only affect a web worker, but also elliptic distributes a bundle, so it could be addressed in either place. (cc @indutny)

In a regular browser or node context, there shouldn't be any issue.

[sagargurtu]

I'm polyfilling Node.js builtins in my application using a Vite plugin. Whenever Vite encounters an import of "crypto", the plugin resolves it to "crypto-browserify". However, the issue mentioned above creates a cyclic dependency on "crypto", which ultimately breaks the build.

This condition in the upstream dependency will not be evaluated during vite build, causing Vite to resolve "crypto" in the else block, which in turn creates the cyclic dependency.

[ljharb]

A cyclic dependency shouldn't break the build either - cycles are perfectly supported by both CJS and ESM.