supabase · ferhatelmas · Mar 3, 2026 · Mar 3, 2026
@@ -67,7 +67,6 @@
     "axios-retry": "^3.9.1",
     "connection-string": "^4.3.6",
     "conventional-changelog-conventionalcommits": "^5.0.0",
-    "crypto-js": "^4.2.0",
     "dotenv": "^16.0.0",
     "fastify": "^4.28.1",
     "fastify-plugin": "^4.5.1",
@@ -100,7 +99,6 @@
     "@types/async-retry": "^1.4.5",
     "@types/busboy": "^1.3.0",
     "@types/cloneable-readable": "^2.0.3",
-    "@types/crypto-js": "^4.1.1",
     "@types/fs-extra": "^9.0.13",
     "@types/glob": "^8.1.0",
     "@types/jest": "^29.2.1",

@@ -1,10 +1,11 @@
-import AES from 'crypto-js/aes'
-import Utf8 from 'crypto-js/enc-utf8'
-
 const originalAuthEncryptionKey = process.env.AUTH_ENCRYPTION_KEY
 const originalEncryptionKey = process.env.ENCRYPTION_KEY
 const testEncryptionKey = 'pässwörd🔐'
 const plaintext = 'payload-with-unicode-åß∂ƒ 🚀'
+const legacyCiphertext =
+  'U2FsdGVkX19JcSpAtQJU9fvPXdI8x6Z+4ypCCnuXdgd/Zs58/g+VpYtZbrJxC/IXXfEQuzgK4qamUe5rFiuxsA=='
+const deterministicCiphertext =
+  'U2FsdGVkX18AAQIDBAUGBygEQu5lvcWZgoqOtz6uMHKNaYgKr4hzXYxDM0EVHrks1kCp7vbFjcIAbNivFk4DzQ=='
 
 process.env.AUTH_ENCRYPTION_KEY = testEncryptionKey
 process.env.ENCRYPTION_KEY = testEncryptionKey
@@ -31,16 +32,12 @@ afterAll(() => {
 })
 
 describe('auth crypto', () => {
-  test('CryptoJS encrypt and Node decrypt are compatible', () => {
-    const legacyCiphertext = AES.encrypt(plaintext, testEncryptionKey).toString()
-
+  test('decrypts legacy CryptoJS ciphertext', () => {
     expect(decrypt(legacyCiphertext)).toBe(plaintext)
   })
 
-  test('Node encrypt and CryptoJS decrypt are compatible', () => {
-    const nodeCiphertext = encrypt(plaintext)
-
-    expect(AES.decrypt(nodeCiphertext, testEncryptionKey).toString(Utf8)).toBe(plaintext)
+  test('decrypts fixed-salt CryptoJS ciphertext', () => {
+    expect(decrypt(deterministicCiphertext)).toBe(plaintext)
   })
 
   test('Node encrypt/decrypt roundtrip is stable', () => {