Warn if fake secure random is on the classpath
See original GitHub issueIn light of https://github.com/scalatest/scalatest/issues/2116, I think it would be a very good thing if there was more hand-holding regarding the fake secure random artifact. Since downstreams can receive this dependency transitively, it is really not a nice situation for them if an upstream accidentally forgets to add % Test
or worse.
This is a similar situation to https://github.com/scala-js/scala-js/issues/4610 or the warning for the global EC. Warn, because it’s probably not what the user wants, and give actionable instructions how to fix it.
If the sbt-plugin could make a best effort to check the classpath for the fake secure random and log a warning that alerts users to its presence. Or honestly even raise a fatal error, unless you explicitly opt-in a setting clearly indicating that this is what you want to do. Although the dependency can be inherited transitively, this opt-in cannot be, which is the point.
Or maybe this could be done on the linker level, IDK.
Thanks.
Issue Analytics
- State:
- Created a year ago
- Comments:18 (15 by maintainers)
Top GitHub Comments
Trying to address that at the source: https://github.com/jsdom/jsdom/pull/3352
I think that JSDOM is only modern JSEnv that doesn’t currently support cryptographically secure random numbers. But Seb has already fixed that in https://github.com/jsdom/jsdom/pull/3352 😃