From 785278a3c7dcfc9526f9abc1c444f9fe2f9133ea Mon Sep 17 00:00:00 2001
From: Evan Hahn <me@evanhahn.com>
Date: Tue, 22 Oct 2024 21:48:03 +0000
Subject: [PATCH] chore: use more restrictive types for `timingSafeEqual`

This is a types-only change.

[`crypto.timingSafeEqual`][0] has some subtle behavior (highlighted in
bold red in the docs!) when passing a `Float32Array` or `Float64Array`.
Rather than adapt our wrapper to support this unusual situation, this
updates the types to avoid it.

We never took advantage of this unusual case, and now we are even less
likely to.

[0]: https://nodejs.org/api/crypto.html#cryptotimingsafeequala-b
---
 src/lib/timing-safe-equal.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/timing-safe-equal.js b/src/lib/timing-safe-equal.js
index 353c38c76..9548ec67c 100644
--- a/src/lib/timing-safe-equal.js
+++ b/src/lib/timing-safe-equal.js
@@ -1,8 +1,8 @@
 import * as crypto from 'node:crypto'
 
 /**
- * @param {string | NodeJS.ArrayBufferView} value
- * @returns {NodeJS.ArrayBufferView}
+ * @param {Readonly<string | Uint8Array>} value
+ * @returns {Uint8Array}
  */
 const bufferify = (value) =>
   // We use UTF-16 because it's the only supported encoding that doesn't
@@ -19,7 +19,7 @@ const bufferify = (value) =>
  * Like `crypto.timingSafeEqual`, but works with strings and doesn't throw if
  * lengths differ.
  *
- * @template {string | NodeJS.ArrayBufferView} T
+ * @template {string | Uint8Array} T
  * @param {T} a
  * @param {T} b
  * @returns {boolean}