feat(browser): Implement fallback SHA256 for non-HTTPS environments and enhance browser tests for consistent hashing

changelog.md

@@ -0,0 +1,74 @@
+# Changelog
+
+## 2025-06-19 - 3.1.0 - feat(browser)
+Implement fallback SHA256 for non-HTTPS environments and enhance browser tests for consistent hashing
+
+- Added a pure JavaScript SHA256 fallback in ts_web/sha256.fallback.ts for environments without crypto.subtle
+- Updated ts_web/index.ts to use the fallback when necessary
+- Enhanced browser tests in test/test.browser.ts to verify consistent hash outputs
+- Reflected new features in documentation updates (readme.plan.md)
+
+## 2025-06-19 - 3.0.4 - feat  
+Merge isohash functionality into smarthash to enable cross‐environment hash support. This release introduces browser‐compatible SHA256 functions via the Web Crypto API and plugins for environment detection and JSON handling.
+
+- Added new plan and implementation steps to merge isohash into smarthash.
+- Updated test files to use the new tapbundle import.
+- Implemented browser‐specific hashing functions in ts_web/index.ts and ts_web/plugins.ts.
+- Created browser tests in test/test.browser.ts for SHA256 functions.
+- Ensured consistent smarthash functionality across environments.
+
+Note: Several non–breaking maintenance updates (e.g. description, tsconfig, and npmextra.json adjustments) were applied between 2024 and 2023 alongside version marker commits.
+
+---
+
+## 2023-09-22 to 2022-06-26 - 3.0.0 - Maintenance  
+Between versions 3.0.3 and 3.0.0, a series of core fixes and organizational improvements were rolled out.
+
+- Multiple “fix(core)” commits addressed various update needs.
+- A couple of releases also switched to a new organization scheme.
+- Routine maintenance commits ensured stability across these versions.
+
+---
+
+## 2022-06-26 - 2.1.10 - BREAKING CHANGE  
+A major change was introduced by switching the module system.
+
+- BREAKING CHANGE(core): Switched to ESM, requiring consumers to update their imports accordingly.
+
+---
+
+## 2021-03-01 to 2019-11-21 - 2.1.0 - Maintenance  
+Across versions 2.1.9 down to 2.1.0, the project received multiple fixes and CI updates.
+
+- Repeated “fix(core)” commits improved internal stability.
+- A “fix(ci)” update was also introduced to streamline continuous integration processes.
+
+---
+
+## 2019-11-21 - 2.0.6 - feat  
+New functionality was added to expand the available hashing algorithms.
+
+- feat(md5): Now creates MD5 hashes, broadening the project’s cryptographic capabilities.
+
+---
+
+## 2019-07-04 to 2018-09-07 - 2.0.0 - Maintenance  
+This range of releases was dedicated to refining core functionality and enhancing security.
+
+- Numerous “fix(core)” commits ensured consistent behavior.
+- A “fix(snyk)” commit added a .snyk file and marked the project as Open Source for improved security auditing.
+
+---
+
+## 2018-09-07 - 1.0.4 - BREAKING CHANGE  
+A breaking change was introduced by renaming the package scope.
+
+- BREAKING CHANGE(scope): Changed the package name to @pushrocks/smarthash, requiring updates for consumers referencing the old name.
+
+---
+
+## 2016-08-16 to 2016-05-23 - 1.0.0 - Initial Setup  
+During the early days of the project, core implementation and structure were established.
+
+- Early commits included the initial implementation (“implementation is ready”), package metadata adjustments (e.g. “update package tags”, “fix README”), and structural additions (“add structure”).
+- The journey began with the Initial commit on 2016-05-23, setting the groundwork for future development.

readme.plan.md

@@ -37,4 +37,9 @@ Merge the functionality from @push.rocks/isohash into @push.rocks/smarthash to p
 - The web version uses native Web Crypto API for performance
 - The Node.js version continues using the existing crypto implementation
 - API remains consistent across both environments
-- No breaking changes to existing smarthash functionality
+- No breaking changes to existing smarthash functionality
+
+## Additional Features Implemented
+- **Fallback for non-HTTPS environments**: Added pure JavaScript SHA256 implementation that automatically activates when crypto.subtle is not available (e.g., HTTP or file:// protocols)
+- **Comprehensive browser tests**: Created test.browser.ts with specific browser environment tests
+- **Cross-environment consistency**: Ensured hash outputs match across Node.js and browser implementations

test/test.browser.ts

@@ -62,4 +62,16 @@ tap.test('md5FromString should throw in browser environment', async () => {
   await expect(smarthash.md5FromString('test')).rejects.toThrow();
 });
 
+tap.test('sha256 produces consistent results across environments', async () => {
+  // Test that our implementation produces the same hash as Node.js crypto
+  const testHash = await smarthash.sha256FromString('test');
+  const expectedHash = '9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08';
+  expect(testHash).toEqual(expectedHash);
+  
+  // Test with different string
+  const testHash2 = await smarthash.sha256FromString('hello world');
+  const expectedHash2 = 'b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9';
+  expect(testHash2).toEqual(expectedHash2);
+});
+
 export default tap.start();

ts/00_commitinfo_data.ts

@@ -1,8 +1,8 @@
 /**
- * autocreated commitinfo by @pushrocks/commitinfo
+ * autocreated commitinfo by @push.rocks/commitinfo
  */
 export const commitinfo = {
   name: '@push.rocks/smarthash',
-  version: '3.0.4',
-  description: 'simplified access to node hash functions'
+  version: '3.1.0',
+  description: 'Cross-environment hash functions (SHA256 and MD5) for Node.js and browsers, with support for strings, streams, and files.'
 }

ts_web/00_commitinfo_data.ts

@@ -0,0 +1,8 @@
+/**
+ * autocreated commitinfo by @push.rocks/commitinfo
+ */
+export const commitinfo = {
+  name: '@push.rocks/smarthash',
+  version: '3.1.0',
+  description: 'Cross-environment hash functions (SHA256 and MD5) for Node.js and browsers, with support for strings, streams, and files.'
+}

ts_web/index.ts

@@ -1,4 +1,5 @@
 import * as plugins from './plugins.js';
+import { sha256Fallback } from './sha256.fallback.js';
 
 /**
  * Convert ArrayBuffer to hex string
@@ -21,15 +22,28 @@ const hex = (buffer: ArrayBuffer): string => {
   return hexCodes.join("");
 };
 
+/**
+ * Check if crypto.subtle is available
+ */
+const isCryptoSubtleAvailable = (): boolean => {
+  return typeof crypto !== 'undefined' && crypto.subtle !== undefined;
+};
+
 /**
  * Computes sha256 Hash from String
  */
 export const sha256FromString = async (stringArg: string): Promise<string> => {
   // Get the string as arraybuffer.
   const buffer = (new TextEncoder()).encode(stringArg);
-  const hash = await crypto.subtle.digest("SHA-256", buffer);
-  const result = hex(hash);
-  return result;
+  
+  if (isCryptoSubtleAvailable()) {
+    const hash = await crypto.subtle.digest("SHA-256", buffer);
+    const result = hex(hash);
+    return result;
+  } else {
+    // Use fallback for non-HTTPS environments
+    return sha256Fallback(buffer);
+  }
 };
 
 /**
@@ -45,9 +59,15 @@ export const sha256FromStringSync = (stringArg: string): string => {
  * Computes sha256 Hash from ArrayBuffer
  */
 export const sha256FromBuffer = async (bufferArg: ArrayBuffer | Uint8Array): Promise<string> => {
-  const hash = await crypto.subtle.digest("SHA-256", bufferArg);
-  const result = hex(hash);
-  return result;
+  if (isCryptoSubtleAvailable()) {
+    const hash = await crypto.subtle.digest("SHA-256", bufferArg);
+    const result = hex(hash);
+    return result;
+  } else {
+    // Use fallback for non-HTTPS environments
+    const uint8Array = bufferArg instanceof Uint8Array ? bufferArg : new Uint8Array(bufferArg);
+    return sha256Fallback(uint8Array);
+  }
 };
 
 /**

ts_web/sha256.fallback.ts

@@ -0,0 +1,121 @@
+/**
+ * Pure JavaScript SHA256 implementation
+ * Used as fallback when crypto.subtle is not available (non-HTTPS contexts)
+ */
+
+/**
+ * SHA256 constants
+ */
+const K: number[] = [
+  0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
+  0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
+  0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
+  0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
+  0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
+  0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
+  0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
+  0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
+];
+
+/**
+ * Initial hash values
+ */
+const H: number[] = [
+  0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a,
+  0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
+];
+
+/**
+ * Rotate right
+ */
+function rotr(n: number, b: number): number {
+  return (n >>> b) | (n << (32 - b));
+}
+
+/**
+ * SHA256 compression function
+ */
+function sha256Transform(W: number[], H: number[]): void {
+  let a = H[0];
+  let b = H[1];
+  let c = H[2];
+  let d = H[3];
+  let e = H[4];
+  let f = H[5];
+  let g = H[6];
+  let h = H[7];
+  
+  for (let j = 0; j < 64; j++) {
+    if (j >= 16) {
+      const s0 = rotr(W[j - 15], 7) ^ rotr(W[j - 15], 18) ^ (W[j - 15] >>> 3);
+      const s1 = rotr(W[j - 2], 17) ^ rotr(W[j - 2], 19) ^ (W[j - 2] >>> 10);
+      W[j] = (W[j - 16] + s0 + W[j - 7] + s1) >>> 0;
+    }
+    
+    const S1 = rotr(e, 6) ^ rotr(e, 11) ^ rotr(e, 25);
+    const ch = (e & f) ^ ((~e) & g);
+    const temp1 = (h + S1 + ch + K[j] + W[j]) >>> 0;
+    
+    const S0 = rotr(a, 2) ^ rotr(a, 13) ^ rotr(a, 22);
+    const maj = (a & b) ^ (a & c) ^ (b & c);
+    const temp2 = (S0 + maj) >>> 0;
+    
+    h = g;
+    g = f;
+    f = e;
+    e = (d + temp1) >>> 0;
+    d = c;
+    c = b;
+    b = a;
+    a = (temp1 + temp2) >>> 0;
+  }
+  
+  H[0] = (H[0] + a) >>> 0;
+  H[1] = (H[1] + b) >>> 0;
+  H[2] = (H[2] + c) >>> 0;
+  H[3] = (H[3] + d) >>> 0;
+  H[4] = (H[4] + e) >>> 0;
+  H[5] = (H[5] + f) >>> 0;
+  H[6] = (H[6] + g) >>> 0;
+  H[7] = (H[7] + h) >>> 0;
+}
+
+/**
+ * Calculate SHA256 hash from bytes
+ */
+export function sha256Fallback(bytes: Uint8Array): string {
+  const H_copy = [...H];
+  const msgLen = bytes.length;
+  const msgBitLen = msgLen * 8;
+  
+  // Padding
+  const padLen = (msgLen % 64 < 56) ? 56 - (msgLen % 64) : 120 - (msgLen % 64);
+  const padded = new Uint8Array(msgLen + padLen + 8);
+  padded.set(bytes);
+  padded[msgLen] = 0x80;
+  
+  // Append length (64-bit big-endian)
+  const dataView = new DataView(padded.buffer);
+  dataView.setUint32(padded.length - 8, 0, false); // high 32 bits
+  dataView.setUint32(padded.length - 4, msgBitLen >>> 0, false); // low 32 bits
+  
+  // Process blocks
+  for (let offset = 0; offset < padded.length; offset += 64) {
+    const W = new Array(64);
+    
+    // Copy block into W[0..15]
+    for (let i = 0; i < 16; i++) {
+      W[i] = dataView.getUint32(offset + i * 4, false);
+    }
+    
+    sha256Transform(W, H_copy);
+  }
+  
+  // Convert to hex string
+  let hex = '';
+  for (let i = 0; i < 8; i++) {
+    hex += H_copy[i].toString(16).padStart(8, '0');
+  }
+  
+  return hex;
+}