fix: Replace node-forge with native crypto for private key validation by ido-seraphic · Pull Request #3051 · firebase/firebase-admin-node
…ey validation Replaces node-forge dependency with Node.js native crypto module for validating PEM-formatted private keys in ServiceAccount credential. ## Motivation 1. **License concerns**: node-forge contains code sourced from StackOverflow which is licensed under CC-BY-SA 4.0, causing issues with license scanners. See: digitalbazaar/forge#1001 2. **Security**: Native crypto is maintained by Node.js core team and uses OpenSSL's battle-tested C++ implementation. 3. **Performance**: Native crypto is significantly faster than the pure JavaScript implementation in node-forge. 4. **Bundle size**: Removes ~500KB dependency from the package. ## Changes - Replace `forge.pki.privateKeyFromPem()` with `crypto.createPrivateKey()` - Remove `node-forge` from dependencies - Both functions throw on invalid PEM format, maintaining equivalent behavior
ido-seraphic
changed the title
chore: replace node-forge with native crypto for private key validation
Replace node-forge with native crypto for private key validation
lahirumaramba
changed the title
Replace node-forge with native crypto for private key validation
fix: Replace node-forge with native crypto for private key validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters