Memory Leak

[johanlajili]

Hi everyone, I've used this package in Bun (where it is used as part of the crypto module) and in Deno (importing it manually with npm:create-hmac).

Through using it and measuring performance, I noticed that this library creates memory leak when used as so:

const tokenString = `${secret}:${timestamp}`;

 const hmac = createHmac("md5", secret);
 const token = hmac.update(tokenString).digest("hex");
  
  return {
    token,
    timestamp: timestamp,
  };

despite the hmac getting freed from the scope and not stored in any global object / event handler, I could notice that the memory of the project would increased significantly. My test was calling this function once per second, and log the heapsize every 30s. Nothing else was happening in the code. Yet the memory increased every time (5MB for every 30s measurement).

However, the following code does not generate the memory leak:

 const tokenString = `${secret}:${timestamp}`;

  const hmac = createHmac("md5", secret);
  const token = hmac.update(tokenString).digest("hex");

  for (const property in hmac) {
    delete hmac[property as keyof typeof hmac];
  }

  return {
    token,
    timestamp: timestamp,
  };

I'm not sure if the issues lies in your own code (could not see anything incriminating in Legacy.js), or in a dependency you are using, but it is certainly there. I'm also not sure there is anything you can do about it as you need to support the nodeJS crypto signature so it's not like you can add a destroy function.

But I figured it was worth raising as an issue with this working solution in case anyone else falls down the same rabbit hole.