feat: add @constructive-io/noble-hashes — dual CJS+ESM fork

packages/noble-hashes/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Paul Miller (https://paulmillr.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

packages/noble-hashes/README.md

@@ -0,0 +1,45 @@
+# @constructive-io/noble-hashes
+
+> **NOTE:** This is a fork of [`@noble/hashes`](https://github.com/paulmillr/noble-hashes) (v2.2.0) by Paul Miller.
+> We dual-publish as both **CJS and ESM** to avoid downstream compatibility issues with tools and
+> runtimes that don't yet fully support ESM-only packages (e.g., Jest, older bundlers, CJS-based
+> Node.js tooling). The source code is unchanged from upstream — only the build tooling differs.
+
+Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt.
+
+## Installation
+
+```
+pnpm add @constructive-io/noble-hashes
+```
+
+## Usage
+
+```typescript
+import { sha256 } from '@constructive-io/noble-hashes/sha2';
+import { bytesToHex } from '@constructive-io/noble-hashes/utils';
+
+const hash = sha256(new Uint8Array([1, 2, 3]));
+console.log(bytesToHex(hash));
+```
+
+Works with both `require()` (CJS) and `import` (ESM).
+
+## Why fork?
+
+`@noble/hashes` v2.x ships as ESM-only (`"type": "module"`). This causes `require()` calls to fail
+with "Must use import to load ES Module" in CJS environments. Rather than patching every consumer,
+we maintain this fork with dual CJS+ESM output via [makage](https://github.com/constructive-io/dev-utils).
+
+## Syncing upstream
+
+To update from a new `@noble/hashes` release:
+
+1. Copy the `src/` files from the target version
+2. Strip `.ts` extensions from import paths (this repo uses `moduleResolution: "node"`)
+3. Build and run tests
+4. Bump the version and publish
+
+## License
+
+MIT — Copyright (c) 2022 Paul Miller (https://paulmillr.com). See [LICENSE](./LICENSE).

packages/noble-hashes/__tests__/sha256.test.ts

@@ -0,0 +1,88 @@
+import crypto from 'crypto';
+
+import { sha256 } from '../src/sha2';
+import { bytesToHex, hexToBytes, utf8ToBytes } from '../src/utils';
+
+// NIST test vectors from FIPS 180-4
+// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA256.pdf
+describe('sha256', () => {
+  it('should hash empty string', () => {
+    const hash = sha256(new Uint8Array(0));
+    expect(bytesToHex(hash)).toBe(
+      'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+    );
+  });
+
+  it('should hash "abc"', () => {
+    const hash = sha256(utf8ToBytes('abc'));
+    expect(bytesToHex(hash)).toBe(
+      'ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad'
+    );
+  });
+
+  it('should hash "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"', () => {
+    const hash = sha256(
+      utf8ToBytes('abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq')
+    );
+    expect(bytesToHex(hash)).toBe(
+      '248d6a61d20638b8e5c026930c3e6039a33ce45964ff2167f6ecedd419db06c1'
+    );
+  });
+
+  it('should hash "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"', () => {
+    const hash = sha256(
+      utf8ToBytes(
+        'abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu'
+      )
+    );
+    expect(bytesToHex(hash)).toBe(
+      'cf5b16a778af8380036ce59e7b0492370b249b11e8f07a51afac45037afee9d1'
+    );
+  });
+
+  it('should match Node.js crypto for random inputs', () => {
+    const inputs = [
+      '',
+      'hello world',
+      'The quick brown fox jumps over the lazy dog',
+      'a'.repeat(1000),
+      '\x00\x01\x02\x03\x04\x05',
+    ];
+
+    for (const input of inputs) {
+      const data = utf8ToBytes(input);
+      const noble = bytesToHex(sha256(data));
+      const node = crypto.createHash('sha256').update(data).digest('hex');
+      expect(noble).toBe(node);
+    }
+  });
+
+  it('should work with incremental hashing via .create()', () => {
+    const hasher = sha256.create();
+    hasher.update(utf8ToBytes('hello'));
+    hasher.update(utf8ToBytes(' '));
+    hasher.update(utf8ToBytes('world'));
+    const incremental = bytesToHex(hasher.digest());
+
+    const oneshot = bytesToHex(sha256(utf8ToBytes('hello world')));
+    expect(incremental).toBe(oneshot);
+  });
+});
+
+describe('utils', () => {
+  it('bytesToHex should convert bytes to hex', () => {
+    expect(bytesToHex(new Uint8Array([0xca, 0xfe, 0x01, 0x23]))).toBe(
+      'cafe0123'
+    );
+  });
+
+  it('hexToBytes should convert hex to bytes', () => {
+    const bytes = hexToBytes('cafe0123');
+    expect(Array.from(bytes)).toEqual([0xca, 0xfe, 0x01, 0x23]);
+  });
+
+  it('hexToBytes and bytesToHex should round-trip', () => {
+    const hex = 'deadbeef0123456789abcdef';
+    expect(bytesToHex(hexToBytes(hex))).toBe(hex);
+  });
+});

packages/noble-hashes/jest.config.js

@@ -0,0 +1,18 @@
+/** @type {import('ts-jest').JestConfigWithTsJest} */
+module.exports = {
+  preset: 'ts-jest',
+  testEnvironment: 'node',
+  transform: {
+    '^.+\\.tsx?$': [
+      'ts-jest',
+      {
+        babelConfig: false,
+        tsconfig: 'tsconfig.json',
+      },
+    ],
+  },
+  transformIgnorePatterns: [`/node_modules/*`],
+  testRegex: '(/__tests__/.*|(\\.|/)(test|spec))\\.(jsx?|tsx?)$',
+  moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx', 'json', 'node'],
+  modulePathIgnorePatterns: ['dist/*'],
+};

packages/noble-hashes/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@constructive-io/noble-hashes",
+  "version": "0.1.0",
+  "description": "Audited & minimal 0-dependency JS implementation of SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt. Dual CJS+ESM fork of @noble/hashes.",
+  "author": "Constructive <developers@constructive.io>",
+  "homepage": "https://github.com/constructive-io/dev-utils",
+  "license": "MIT",
+  "main": "index.js",
+  "module": "esm/index.js",
+  "types": "index.d.ts",
+  "publishConfig": {
+    "access": "restricted",
+    "directory": "dist"
+  },
+  "scripts": {
+    "copy": "makage assets",
+    "clean": "makage clean",
+    "prepublishOnly": "npm run build",
+    "build": "makage build && cp LICENSE dist/LICENSE",
+    "lint": "eslint . --fix",
+    "test": "jest",
+    "test:watch": "jest --watch"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/constructive-io/dev-utils"
+  },
+  "keywords": [
+    "sha256",
+    "sha512",
+    "sha3",
+    "blake2",
+    "blake3",
+    "hmac",
+    "hkdf",
+    "pbkdf2",
+    "scrypt",
+    "hash",
+    "cryptography",
+    "noble-hashes"
+  ],
+  "bugs": {
+    "url": "https://github.com/constructive-io/dev-utils/issues"
+  },
+  "devDependencies": {
+    "makage": "0.1.10"
+  }
+}

packages/noble-hashes/src/_blake.ts

@@ -0,0 +1,57 @@
+/**
+ * Internal helpers for blake hash.
+ * @module
+ */
+import { rotr, type TRet } from './utils';
+
+/**
+ * Internal blake permutation table.
+ * Rows `0..9` serve BLAKE2s, rows `0..11` serve BLAKE2b with `10..11 = 0..1`, and Blake1 also
+ * reuses the later rows shown below. Blake1 expands rounds `10..15` as `SIGMA[i % 10]`, so rows
+ * `10..15` intentionally repeat rows `0..5` for the 14-round (256) and 16-round (512) variants.
+ */
+// prettier-ignore
+export const BSIGMA: TRet<Uint8Array> = /* @__PURE__ */ Uint8Array.from([
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+  14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+  11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
+  7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
+  9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
+  2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+  12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11,
+  13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10,
+  6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5,
+  10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0,
+  0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
+  14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3,
+  // Blake1, unused in others
+  11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4,
+  7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8,
+  9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13,
+  2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9,
+]);
+
+// prettier-ignore
+export type Num4 = { a: number; b: number; c: number; d: number; };
+
+// 32-bit / BLAKE2s first half of G, with the fixed `(16, 12)` rotation pair.
+// Parameter `x` is the RFC 7693 first-half message word, or Blake1's pre-mixed
+// `m[sigma[r][2i]] ^ u[sigma[r][2i+1]]` addend in the 32-bit path.
+export function G1s(a: number, b: number, c: number, d: number, x: number): Num4 {
+  a = (a + b + x) | 0;
+  d = rotr(d ^ a, 16);
+  c = (c + d) | 0;
+  b = rotr(b ^ c, 12);
+  return { a, b, c, d };
+}
+
+// 32-bit / BLAKE2s second half of G.
+// Parameter `x` is the RFC 7693 second-half (`y`) message word, or Blake1's pre-mixed
+// `m[sigma[r][2i + 1]] ^ u[sigma[r][2i]]` addend in the 32-bit path.
+export function G2s(a: number, b: number, c: number, d: number, x: number): Num4 {
+  a = (a + b + x) | 0;
+  d = rotr(d ^ a, 8);
+  c = (c + d) | 0;
+  b = rotr(b ^ c, 7);
+  return { a, b, c, d };
+}