fix(connection-form): remove dependency on Node.js crypto module (#7632)

addaleax · web-flow · commit da7393ae5745 · 2025-12-09T12:25:39.000+01:00
We can safely use the webcrypto API exposed through the `crypto`
global in both Node.js and Electron now.

This enables removing a polyfill with a known vulnerability in
the VSCode extension.
diff --git a/packages/connection-form/src/utils/csfle-handler.ts b/packages/connection-form/src/utils/csfle-handler.ts
@@ -1,4 +1,3 @@
-import { randomBytes } from 'crypto';
 import { cloneDeep } from 'lodash';
 import type { ConnectionOptions } from 'mongodb-data-service';
 import type {
@@ -356,7 +355,7 @@ export function adjustCSFLEParams(
 }
 
 export function randomLocalKey(): string {
-  return randomBytes(96).toString('base64');
+  return crypto.getRandomValues(Buffer.alloc(96)).toString('base64');
 }
 
 export function handleAddKmsProvider<T extends KMSProviderType>({

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-import { randomBytes } from 'crypto';`
`2`	`1`	`import { cloneDeep } from 'lodash';`
`3`	`2`	`import type { ConnectionOptions } from 'mongodb-data-service';`
`4`	`3`	`import type {`
`@@ -356,7 +355,7 @@ export function adjustCSFLEParams(`
`356`	`355`	`}`
`357`	`356`
`358`	`357`	`export function randomLocalKey(): string {`
`359`		`- return randomBytes(96).toString('base64');`
	`358`	`+ return crypto.getRandomValues(Buffer.alloc(96)).toString('base64');`
`360`	`359`	`}`
`361`	`360`
`362`	`361`	`export function handleAddKmsProvider<T extends KMSProviderType>({`