fix: Remove eval usage (box/box-codegen#636) (#474)

box-sdk-build · web-flow · commit 7c86f345e863 · 2025-01-16T16:32:21.000+01:00
diff --git a/.codegen.json b/.codegen.json
@@ -1 +1 @@
-{ "engineHash": "ab51050", "specHash": "00c93fe", "version": "1.10.0" }
+{ "engineHash": "b2c3124", "specHash": "90b039e", "version": "1.10.0" }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -50,6 +50,9 @@
     "rollup": "^4.4.0"
   },
   "files": [
-    "lib"
+    "lib",
+    "src",
+    "README.md",
+    "LICENSE"
   ]
 }
diff --git a/src/internal/utils.ts b/src/internal/utils.ts
@@ -10,6 +10,13 @@ export function isBrowser() {
   );
 }
 
+export function evalRequire(lib: string) {
+  if (isBrowser()) {
+    throw new Error('This method is not usable in the browser');
+  }
+  return require(lib);
+}
+
 export function getUuid() {
   return uuidv4();
 }
@@ -102,7 +109,7 @@ export class Hash {
     if (isBrowser()) {
       this.#hash = undefined;
     } else {
-      this.#hash = eval('require')('crypto').createHash(algorithm);
+      this.#hash = evalRequire('crypto').createHash(algorithm);
     }
   }
 
@@ -153,7 +160,7 @@ export function generateByteBuffer(size: number): Buffer {
     window.crypto.getRandomValues(buffer);
     return Buffer.from(buffer);
   }
-  const crypto = eval('require')('crypto');
+  const crypto = evalRequire('crypto');
   return crypto.randomBytes(size);
 }
 
@@ -167,7 +174,7 @@ export function generateByteStreamFromBuffer(
           controller.close();
         },
       })
-    : eval('require')('stream').Readable.from(Buffer.from(buffer));
+    : evalRequire('stream').Readable.from(Buffer.from(buffer));
 }
 
 export function generateByteStream(size: number): Readable {
@@ -196,7 +203,7 @@ export function decodeBase64ByteStream(data: string): Readable {
           controller.close();
         },
       })
-    : eval('require')('stream').Readable.from(Buffer.from(data, 'base64'));
+    : evalRequire('stream').Readable.from(Buffer.from(data, 'base64'));
 }
 
 export function stringToByteStream(data: string): Readable {
@@ -212,7 +219,7 @@ export function stringToByteStream(data: string): Readable {
           controller.close();
         },
       })
-    : eval('require')('stream').Readable.from(Buffer.from(data, 'ascii'));
+    : evalRequire('stream').Readable.from(Buffer.from(data, 'ascii'));
 }
 
 export async function readByteStream(byteStream: Readable): Promise<Buffer> {
@@ -365,7 +372,7 @@ export async function createJwtAssertion(
   key: JwtKey,
   options: JwtSignOptions,
 ): Promise<string> {
-  const crypto = eval('require')('crypto');
+  const crypto = evalRequire('crypto');
   const privateKey = crypto.createPrivateKey({
     key: key.key,
     format: 'pem',
@@ -394,7 +401,7 @@ export async function createJwtAssertion(
  * Reads a text file and returns its content.
  */
 export function readTextFromFile(filepath: string): string {
-  return eval('require')('fs').readFileSync(filepath, 'utf8');
+  return evalRequire('fs').readFileSync(filepath, 'utf8');
 }
 
 /**
@@ -411,7 +418,7 @@ export function createAgent(options?: AgentOptions, proxyConfig?: any): Agent {
   if (isBrowser()) {
     return undefined;
   }
-  const ProxyAgent = eval('require')('proxy-agent').ProxyAgent;
+  const ProxyAgent = evalRequire('proxy-agent').ProxyAgent;
   let agentOptions = options;
 
   if (proxyConfig && proxyConfig.url) {
@@ -519,7 +526,7 @@ export async function computeWebhookSignature(
     const result = await hmac.digest('binary');
     signature = Buffer.from(result).toString('base64');
   } else {
-    let crypto = eval('require')('crypto');
+    let crypto = evalRequire('crypto');
     let hmac = crypto.createHmac('sha256', signatureKey);
     hmac.update(escapedBody);
     hmac.update(headers['box-delivery-timestamp']);
diff --git a/src/managers/chunkedUploads.generated.ts b/src/managers/chunkedUploads.generated.ts
@@ -1,5 +1,3 @@
-import { serializeFileFull } from '../schemas/fileFull.generated.js';
-import { deserializeFileFull } from '../schemas/fileFull.generated.js';
 import { serializeUploadSession } from '../schemas/uploadSession.generated.js';
 import { deserializeUploadSession } from '../schemas/uploadSession.generated.js';
 import { serializeClientError } from '../schemas/clientError.generated.js';
@@ -12,10 +10,11 @@ import { serializeFiles } from '../schemas/files.generated.js';
 import { deserializeFiles } from '../schemas/files.generated.js';
 import { serializeUploadPart } from '../schemas/uploadPart.generated.js';
 import { deserializeUploadPart } from '../schemas/uploadPart.generated.js';
+import { serializeFileFull } from '../schemas/fileFull.generated.js';
+import { deserializeFileFull } from '../schemas/fileFull.generated.js';
 import { ResponseFormat } from '../networking/fetchOptions.generated.js';
 import { Buffer } from '../internal/utils.js';
 import { HashName } from '../internal/utils.js';
-import { FileFull } from '../schemas/fileFull.generated.js';
 import { Iterator } from '../internal/utils.js';
 import { UploadSession } from '../schemas/uploadSession.generated.js';
 import { ClientError } from '../schemas/clientError.generated.js';
@@ -41,6 +40,7 @@ import { readByteStream } from '../internal/utils.js';
 import { reduceIterator } from '../internal/utils.js';
 import { Hash } from '../internal/utils.js';
 import { bufferLength } from '../internal/utils.js';
+import { FileFull } from '../schemas/fileFull.generated.js';
 import { sdIsEmpty } from '../serialization/json.js';
 import { sdIsBoolean } from '../serialization/json.js';
 import { sdIsNumber } from '../serialization/json.js';
diff --git a/src/networking/boxNetworkClient.ts b/src/networking/boxNetworkClient.ts
@@ -5,6 +5,7 @@ import { sha1 } from 'hash-wasm'; // Use hash-wasm to calculate SHA1 hash in bro
 import { BoxApiError, BoxSdkError } from '../box/errors';
 import {
   ByteStream,
+  evalRequire,
   generateByteStreamFromBuffer,
   isBrowser,
   readByteStream,
@@ -55,9 +56,7 @@ async function createRequestInit(options: FetchOptions): Promise<RequestInit> {
   }> => {
     const contentHeaders: { [key: string]: string } = {};
     if (options.multipartData) {
-      const FormData = isBrowser()
-        ? window.FormData
-        : eval('require')('form-data');
+      const FormData = isBrowser() ? window.FormData : evalRequire('form-data');
       const formData = new FormData();
       for (const item of options.multipartData) {
         if (item.fileStream) {
@@ -290,7 +289,7 @@ async function calculateMD5Hash(data: string | Buffer): Promise<string> {
   }
 
   // Node environment
-  createHash = eval('require')('crypto').createHash;
+  createHash = evalRequire('crypto').createHash;
   return createHash('sha1').update(data).digest('hex');
 }
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-{ "engineHash": "ab51050", "specHash": "00c93fe", "version": "1.10.0" }`
	`1`	`+{ "engineHash": "b2c3124", "specHash": "90b039e", "version": "1.10.0" }`
Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,9 @@`
`50`	`50`	`"rollup": "^4.4.0"`
`51`	`51`	`},`
`52`	`52`	`"files": [`
`53`		`- "lib"`
	`53`	`+ "lib",`
	`54`	`+ "src",`
	`55`	`+ "README.md",`
	`56`	`+ "LICENSE"`
`54`	`57`	`]`
`55`	`58`	`}`