From bddf7bed1f9f914760dbac949f90445a31b17157 Mon Sep 17 00:00:00 2001
From: Evan Hahn <me@evanhahn.com>
Date: Tue, 22 Oct 2024 18:10:35 -0500
Subject: [PATCH] chore: use more restrictive types for `timingSafeEqual`
 (#936)

This is a types-only change.

[`crypto.timingSafeEqual`][0] has some subtle behavior (highlighted in
bold red in the docs!) when passing a `Float32Array` or `Float64Array`.
Rather than adapt our wrapper to support this unusual situation, this
updates the types to avoid it.

We never took advantage of this unusual case, and now we are even less
likely to.

[0]: https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b
---
 src/lib/timing-safe-equal.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/timing-safe-equal.js b/src/lib/timing-safe-equal.js
index 353c38c76..9548ec67c 100644
--- a/src/lib/timing-safe-equal.js
+++ b/src/lib/timing-safe-equal.js
@@ -1,8 +1,8 @@
 import * as crypto from 'node:crypto'
 
 /**
- * @param {string | NodeJS.ArrayBufferView} value
- * @returns {NodeJS.ArrayBufferView}
+ * @param {Readonly<string | Uint8Array>} value
+ * @returns {Uint8Array}
  */
 const bufferify = (value) =>
   // We use UTF-16 because it's the only supported encoding that doesn't
@@ -19,7 +19,7 @@ const bufferify = (value) =>
  * Like `crypto.timingSafeEqual`, but works with strings and doesn't throw if
  * lengths differ.
  *
- * @template {string | NodeJS.ArrayBufferView} T
+ * @template {string | Uint8Array} T
  * @param {T} a
  * @param {T} b
  * @returns {boolean}