feat: optimize bundle for server/client targets

Author: thedanchez

package.json

@@ -51,7 +51,7 @@
     ".": {
       "types": "./dist/index.d.ts",
       "import": "./dist/index.js",
-      "require": "./dist/index.js"
+      "default": "./dist/index.js"
     }
   },
   "scripts": {

src/signing/hmac.ts

@@ -1,49 +1,9 @@
-import { isBrowser } from "../utilities";
+import { createHmac } from "../utils/crypto";
 
 function replaceAll(s: string, search: string, replace: string) {
   return s.split(search).join(replace);
 }
 
-// Node.js/Bun/Deno HMAC implementation
-export async function createHmacNode(secret: string, message: string) {
-  const crypto = await import("crypto");
-  const base64Secret = Buffer.from(secret, "base64");
-  const hmac = crypto.createHmac("sha256", base64Secret);
-  return hmac.update(message).digest("base64");
-}
-
-// Browser HMAC implementation using Web Crypto API
-export async function createHmacBrowser(secret: string, message: string) {
-  // Decode base64 secret
-  const binarySecret = Uint8Array.from(atob(secret), (c) => c.charCodeAt(0));
-
-  // Import the key
-  const key = await window.crypto.subtle.importKey(
-    "raw",
-    binarySecret,
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign"],
-  );
-
-  // Create message buffer
-  const encoder = new TextEncoder();
-  const messageBuffer = encoder.encode(message);
-
-  // Sign the message
-  const signature = await window.crypto.subtle.sign("HMAC", key, messageBuffer);
-
-  // Convert to base64
-  const signatureArray = new Uint8Array(signature);
-  let binary = "";
-
-  for (let i = 0; i < signatureArray.byteLength; i++) {
-    binary += String.fromCharCode(signatureArray[i]!);
-  }
-
-  return btoa(binary);
-}
-
 /**
  * Builds the canonical Polymarket CLOB HMAC signature
  * @param secret - Base64 encoded secret key
@@ -66,10 +26,8 @@ export const buildPolyHmacSignature = async (
     message += body;
   }
 
-  // Use appropriate HMAC implementation based on environment
-  const sig = isBrowser()
-    ? await createHmacBrowser(secret, message)
-    : await createHmacNode(secret, message);
+  // Use cross-platform HMAC implementation
+  const sig = await createHmac(secret, message);
 
   // NOTE: Must be url safe base64 encoding, but keep base64 "=" suffix
   // Convert '+' to '-'

src/utilities.ts

@@ -1,39 +1,12 @@
 import { Side as UtilsSide, type SignedOrder } from "@dschz/polymarket-clob-order-utils";
 
 import { type NewOrder, type OrderBookSummary, OrderType, Side, type TickSize } from "./types";
-
-/**
- * Warning: SHA-1 is now considered vulnerable and should not be used for cryptographic applications.
- */
-type HashAlgorithm = "sha1" | "sha256" | "sha384" | "sha512";
+import { createHash } from "./utils/crypto";
 
 export const isBrowser = () => {
   return typeof window !== "undefined" && typeof window.document !== "undefined";
 };
 
-const createHash = async (algorithm: HashAlgorithm, data: string) => {
-  if (isBrowser()) {
-    const encoder = new TextEncoder();
-    const dataBuffer = encoder.encode(data);
-
-    // https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest#supported_algorithms
-    const cryptoAlgorithm = {
-      sha1: "SHA-1",
-      sha256: "SHA-256",
-      sha384: "SHA-384",
-      sha512: "SHA-512",
-    }[algorithm];
-
-    const hashBuffer = await window.crypto.subtle.digest(cryptoAlgorithm, dataBuffer);
-    const hashArray = Array.from(new Uint8Array(hashBuffer));
-
-    return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
-  }
-
-  const crypto = await import("crypto");
-  return crypto.createHash(algorithm).update(data).digest("hex");
-};
-
 export function orderToJson<T extends OrderType>(
   order: SignedOrder,
   owner: string,

src/utils/crypto-browser.ts

@@ -0,0 +1,59 @@
+/**
+ * Browser crypto utilities using Web Crypto API
+ * This module should only be imported in browser environments
+ */
+
+type HashAlgorithm = "sha1" | "sha256" | "sha384" | "sha512";
+
+const algorithmMap: Record<HashAlgorithm, string> = {
+  sha1: "SHA-1",
+  sha256: "SHA-256",
+  sha384: "SHA-384",
+  sha512: "SHA-512",
+};
+
+export const createHash = async (algorithm: string, data: string): Promise<string> => {
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(data);
+
+  const cryptoAlgorithm = algorithmMap[algorithm as HashAlgorithm];
+  if (!cryptoAlgorithm) {
+    throw new Error(`Unsupported hash algorithm: ${algorithm}`);
+  }
+
+  const hashBuffer = await window.crypto.subtle.digest(cryptoAlgorithm, dataBuffer);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+
+  return hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+};
+
+export const createHmac = async (secret: string, message: string): Promise<string> => {
+  // Decode base64 secret
+  const binarySecret = Uint8Array.from(atob(secret), (c) => c.charCodeAt(0));
+
+  // Import the key
+  const key = await window.crypto.subtle.importKey(
+    "raw",
+    binarySecret,
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"],
+  );
+
+  // Create message buffer
+  const encoder = new TextEncoder();
+  const messageBuffer = encoder.encode(message);
+
+  // Sign the message
+  const signature = await window.crypto.subtle.sign("HMAC", key, messageBuffer);
+
+  // Convert to base64
+  const signatureArray = new Uint8Array(signature);
+  let binary = "";
+
+  for (let i = 0; i < signatureArray.byteLength; i++) {
+    binary += String.fromCharCode(signatureArray[i]!);
+  }
+
+  return btoa(binary);
+};

src/utils/crypto-node.ts

@@ -0,0 +1,16 @@
+/**
+ * Node.js/Bun/Deno crypto utilities
+ * This module should only be imported in server environments
+ */
+
+export const createHash = async (algorithm: string, data: string): Promise<string> => {
+  const crypto = await import("crypto");
+  return crypto.createHash(algorithm).update(data).digest("hex");
+};
+
+export const createHmac = async (secret: string, message: string): Promise<string> => {
+  const crypto = await import("crypto");
+  const base64Secret = Buffer.from(secret, "base64");
+  const hmac = crypto.createHmac("sha256", base64Secret);
+  return hmac.update(message).digest("base64");
+};

src/utils/crypto.ts

@@ -0,0 +1,40 @@
+/**
+ * Cross-platform crypto utilities
+ * Automatically selects the appropriate implementation based on environment
+ */
+
+import { isBrowser } from "../utilities";
+
+// Type-only imports to avoid bundling issues
+type CryptoModule = {
+  createHash: (algorithm: string, data: string) => Promise<string>;
+  createHmac: (secret: string, message: string) => Promise<string>;
+};
+
+let cryptoModule: CryptoModule | null = null;
+
+const getCryptoModule = async (): Promise<CryptoModule> => {
+  if (cryptoModule) {
+    return cryptoModule;
+  }
+
+  if (isBrowser()) {
+    // Dynamic import that won't be included in server bundles
+    cryptoModule = await import("./crypto-browser");
+  } else {
+    // Dynamic import that won't be included in browser bundles when using proper bundler config
+    cryptoModule = await import("./crypto-node");
+  }
+
+  return cryptoModule;
+};
+
+export const createHash = async (algorithm: string, data: string): Promise<string> => {
+  const crypto = await getCryptoModule();
+  return crypto.createHash(algorithm, data);
+};
+
+export const createHmac = async (secret: string, message: string): Promise<string> => {
+  const crypto = await getCryptoModule();
+  return crypto.createHmac(secret, message);
+};