Publish to Deno JSR

[hertzg]

Summary

Convert tl-api from JavaScript to TypeScript for JSR publishing. Need to determine the best crypto approach through benchmarking first.

Phase 1: Benchmark Crypto Options

Before implementation, test what Deno actually supports to make an informed decision.

Benchmark Script

Create scripts/crypto-benchmark.ts to test functionality and performance:

Tests to run:

1. Functionality tests (does it work at all?)

   • node:crypto RSA with RSA_NO_PADDING - critical, may not be supported
   • node:crypto MD5 hashing
   • node:crypto AES-128-CBC encrypt/decrypt

2. Performance benchmarks (ops/sec, 1000 iterations)

   • AES-128-CBC encrypt 1KB payload
   • MD5 hash 1KB payload
   • RSA encrypt 128-byte chunk (modulus size)

3. Compare all viable options:

   • node:crypto (baseline)
   • @noble/ciphers + @noble/hashes + BigInt RSA
   • Web Crypto + pure JS MD5 + BigInt RSA

Run with: deno run --allow-all scripts/crypto-benchmark.ts

Output format:

=== Functionality ===
node:crypto RSA_NO_PADDING: PASS/FAIL
node:crypto MD5: PASS/FAIL
...

=== Performance (ops/sec) ===
AES encrypt:  node:crypto=X  @noble=Y  webCrypto=Z
MD5 hash:     node:crypto=X  @noble=Y  pureJS=Z
RSA encrypt:  node:crypto=X  bigint=Y

Expected Outcomes

Feature	node:crypto on Deno	Web Crypto	@noble/*
AES-128-CBC	Yes	Yes (async)	Yes
MD5	Likely yes	No	Yes
RSA_NO_PADDING	Unknown	No	No (need BigInt impl)

Candidate Solutions (pick ONE)

Option	AES	MD5	RSA (no padding)	Dependencies
A: node:crypto	createCipheriv	createHash('md5')	publicEncrypt + RSA_NO_PADDING	None
B: @noble	@noble/ciphers	@noble/hashes	BigInt modPow	2 JSR deps
C: Manual	Web Crypto	Pure JS MD5	BigInt modPow	None

Note: @std/crypto is NOT viable - it uses Web Crypto which lacks MD5 and RSA_NO_PADDING.

Decision After Benchmarking

Pick one solution based on:

1. Functionality - Does it work for all required operations?
2. Performance - Benchmark results (ops/sec for AES, MD5, RSA)
3. Portability - Where does it run? (Node, Deno, browsers, edge)

---

Phase 2: Implementation (after benchmarking)

Step 1: Project Configuration

• deno.json - Deno config with JSR imports
• jsr.json - JSR registry config (@hertzg/tl-api)
• Keep package.json for Node.js compatibility via JSR

Step 2: Buffer → Uint8Array Migration

Use web standard methods (no custom utils):

• Uint8Array.prototype.toBase64() / Uint8Array.fromBase64() - ES2024
• Uint8Array.prototype.toHex() / Uint8Array.fromHex() - ES2024
• TextEncoder.encode() / TextDecoder.decode() - UTF-8
• Uint8Array.of(), spread, set() - Concatenation

Note: These ES2024 methods require Deno 1.40+ / Node 22+. If older support needed, fall back to btoa/atob.

Step 3: Crypto Implementation (ONE of these, based on benchmark)

Option A: node:crypto

• Keep existing code structure, convert .js → .ts
• Add types for crypto operations
• Requires Deno's node:crypto to support RSA_NO_PADDING

Option B: @noble libraries

• @noble/ciphers for AES-CBC
• @noble/hashes for MD5
• Implement modPow(base, exp, mod) using BigInt for RSA
• Adds 2 dependencies but well-audited, works everywhere

Option C: Manual (pure JS)

• Web Crypto API for AES-CBC (async)
• Pure JS MD5 implementation (~150 lines)
• BigInt modPow for RSA (~50 lines)
• Zero dependencies, maximum portability

Step 4: Convert All Files to TypeScript

File	Changes
src/index.ts	Re-exports with types
src/authenticate.ts	Add types
src/execute.ts	Add types
src/payload.ts	Types, ACT as const
src/client/*.ts	Buffer→Uint8Array, add types
src/client/cipher/*.ts	Crypto changes (per benchmark)

Step 5: Testing

• Convert existing tests to TypeScript
• Run on Deno only: deno test

Step 6: JSR Publishing

• CI workflow for deno publish
• Version management via jsr.json

---

Files to Modify/Create

Action	Path
Create	scripts/crypto-benchmark.ts
Create	deno.json
Create	jsr.json
Convert	All src/**/*.js → src/**/*.ts
Modify	.github/workflows/test.yml (Deno only)
Create	.github/workflows/publish.yml (JSR)

---

Execution Order

1. Benchmark first - Run crypto tests in Deno to determine what works
2. Choose crypto strategy - Based on benchmark results
3. Config setup - deno.json, jsr.json
4. Convert to TypeScript - All source files
5. Migrate Buffer → Uint8Array - Using web standards
6. Update tests - Convert to TypeScript, run with deno test
7. CI/CD setup - Deno test + JSR publishing workflow

[hertzg]

Crypto Benchmark Results for JSR Migration

Ran comprehensive benchmarks to determine the best crypto approach for Deno/JSR compatibility.

The Problem

The current implementation uses node:crypto for:

• AES-128-CBC encryption/decryption
• MD5 hashing
• RSA encryption with RSA_NO_PADDING (raw modular exponentiation)

Deno Compatibility Findings

Feature	node:crypto on Deno	Web Crypto	@noble
AES-128-CBC	✅ Works	✅ Works (async)	✅ Works
MD5	✅ Works	❌ Not supported	✅ @noble/hashes@2.0.1/legacy
RSA publicEncrypt	❌ Not implemented	❌ Only RSA-OAEP	N/A

Critical finding: Deno's node:crypto doesn't implement publicEncrypt - it fails with "Invalid key type" for ALL padding modes. This is tracked in denoland/deno#27295 (still open).

Performance Benchmarks

AES-128-CBC Encryption (1KB payload):

Implementation	Deno	Node.js
@noble/ciphers	78,835 ops/sec	-
node:crypto	31,195 ops/sec	-
Web Crypto	27,094 ops/sec	-

MD5 Hash (1KB payload):

Implementation	Deno	Node.js
node:crypto	356,527 ops/sec	-
@std/crypto (WASM)	122,804 ops/sec	-
@noble/hashes/legacy	92,529 ops/sec	-
Pure JS	82,952 ops/sec	-

RSA Encrypt (128-byte chunk):

Implementation	Deno	Node.js
node:crypto	❌ N/A	166,667 ops/sec
BigInt modPow	29,286 ops/sec	83,333 ops/sec

Recommended Approach

Use @noble libraries for everything, with BigInt for RSA:

Operation	Implementation	Package
AES-CBC	@noble/ciphers	jsr:@noble/ciphers
MD5	@noble/hashes/legacy	jsr:@noble/hashes@2.0.1/legacy
RSA	BigInt modPow	Pure TypeScript (~50 lines)

Why @noble?

• Well-audited, security-focused libraries
• Works on all platforms (Deno, Node, browsers)
• Consistent behavior everywhere
• Active maintenance

Why not node:crypto?

• RSA publicEncrypt is broken in Deno (#27295)
• Would require runtime detection for cross-platform support
• @noble is faster for AES anyway (2.5x)

Notes

• All performance numbers are more than sufficient for this use case
• BigInt RSA at 29k ops/sec = 0.034ms per operation (negligible for API calls)
• The async nature of operations is not a problem since the library is already async