Error: Your browser does not support window.crypto.

[deckar01]

When I call cryptocoin.secureRandom(bytes) in browsers that support crypto.getRandomValues(clampedArray), I get the error Error: Your browser does not support window.crypto.

The node module secure-random looks for globals.crypto, but is unable to find it.

In the official repo secure-random.js#L23 the function looks for window.crypto. Is this an issue with the way browserify is injecting globals?

Note: I am using bower to include cryptocoin.
I added secure-random with bower and it works fine on its own.

[jprichardson]

Hi, sorry...

Bower is only supported at the top level cryptocoin package which is very outdated. The future of the big cryptcoin package is uncertain at this moment. This is because each individual package receives changes, bug fixs, updates frequently and we're not sure how to incorporate them into cryptocoin just yet.

Would you be willing to use the individual packages along with npm/browserify or is that more trouble than it's worth since you're already using bower?

[deckar01]

I will likely just pull in the parts that I need.

Considering this repo just aggregates the others, fixing this should be as simple as updating the version numbers in package.json then running make min. Are you interested in reviewing a PR that uses the newest versions, or is there something more to it?

[jprichardson]

My concern of having the cryptocoin package just use wildcards for all of the CryptoCoinJS package is that incorporationg cryptocoin in your package brings in a lot of instability then because you don't have control of versions.

Thoughts?

[deckar01]

You don't have to use wildcards, you just need to occasionally bump the version numbers to a configuration that you know is good.
This will allow devs to use a specific version of cryptocoin, then when they find something broken in one of the packages, they can try a newer version of cryptocoin.

Also, if newer versions of these packages break your apps, they are doing it wrong. Updates should contain bug fixes and new features. If they are removing things from the documented interface, they should be deprecating instead.

I am currently not using cryptocoin due to lack of maintenance.

[jprichardson]

The problem with bumping versions (how we were doing it) is that the version for cryptocoin must match the changes. i.e. if there is a major change in one of the packages, then cryptocoin major must be bumped as well. It's possible, I'm just not sure that it's worth the effort.

I'm not sure how you can claim lack of maintenance of CryptoCoinJS. You can clearly see that the packages are in constant development. I guess if "lack of maintenance" means lack of daily updates, then you'd be correct. But if the project's principles and values (found here http://cryptocoinjs.com/) match your own, then your contributions and input would be welcomed.

[deckar01]

The version of secure-random currently used is ~0.1.0, which is 5 months old and broken.

I would love to help by bumping it to a working version.

The future maintenance of this repo could be improved with a make command that queries the latest versions of the packages, bumps the versions in package.json, and rebuilds the distribution files.

Since testing a bundle of repos would be difficult, I would suggest bumping the version in bower.json with each rebuild, but only tagging for bower release after a few devs have confirmed that everything is still working. This would be the "alpha" group that tries new releases with their existing apps, and comments on the health of the repo.

[jprichardson]

Hmm, fair points. I take it your preferred method of consuming JS packages is via Bower?