nodejs · nodejs-github-bot · Apr 19, 2024 · Apr 17, 2024
diff --git a/doc/api/cli.md b/doc/api/cli.md
@@ -1388,14 +1388,6 @@ added: v21.2.0
 
 Disable exposition of [Navigator API][] on the global scope.
 
-### `--no-experimental-global-webcrypto`
-
-<!-- YAML
-added: v19.0.0
--->
-
-Disable exposition of [Web Crypto API][] on the global scope.
-
 ### `--no-experimental-repl-await`
 
 <!-- YAML
@@ -2682,7 +2674,6 @@ one is included in the list below.
 * `--no-experimental-fetch`
 * `--no-experimental-global-customevent`
 * `--no-experimental-global-navigator`
-* `--no-experimental-global-webcrypto`
 * `--no-experimental-repl-await`
 * `--no-experimental-websocket`
 * `--no-extra-info-on-fatal-exception`
@@ -3173,7 +3164,6 @@ node --stack-trace-limit=12 -p -e "Error.stackTraceLimit" # prints 12
 [Subresource Integrity]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
 [V8 JavaScript code coverage]: https://v8project.blogspot.com/2017/12/javascript-code-coverage.html
 [V8 code cache]: https://v8.dev/blog/code-caching-for-devs
-[Web Crypto API]: webcrypto.md
 [`"type"`]: packages.md#type
 [`--allow-child-process`]: #--allow-child-process
 [`--allow-fs-read`]: #--allow-fs-read

diff --git a/doc/api/globals.md b/doc/api/globals.md
@@ -361,13 +361,15 @@ added:
   - v17.6.0
   - v16.15.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/52564
+    description: No longer experimental.
   - version: v19.0.0
     pr-url: https://github.com/nodejs/node/pull/42083
     description: No longer behind `--experimental-global-webcrypto` CLI flag.
 -->
 
-> Stability: 1 - Experimental. Disable this API with the
-> [`--no-experimental-global-webcrypto`][] CLI flag.
+> Stability: 2 - Stable.
 
 A browser-compatible implementation of {Crypto}. This global is available
 only if the Node.js binary was compiled with including support for the
@@ -380,13 +382,15 @@ added:
   - v17.6.0
   - v16.15.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/52564
+    description: No longer experimental.
   - version: v19.0.0
     pr-url: https://github.com/nodejs/node/pull/42083
     description: No longer behind `--experimental-global-webcrypto` CLI flag.
 -->
 
-> Stability: 1 - Experimental. Disable this API with the
-> [`--no-experimental-global-webcrypto`][] CLI flag.
+> Stability: 2 - Stable.
 
 A browser-compatible implementation of the [Web Crypto API][].
 
@@ -397,13 +401,15 @@ added:
   - v17.6.0
   - v16.15.0
 changes:
+  - version: REPLACEME
+    pr-url: https://github.com/nodejs/node/pull/52564
+    description: No longer experimental.
   - version: v19.0.0
     pr-url: https://github.com/nodejs/node/pull/42083
     description: No longer behind `--experimental-global-webcrypto` CLI flag.
 -->
 
-> Stability: 1 - Experimental. Disable this API with the
-> [`--no-experimental-global-webcrypto`][] CLI flag.
+> Stability: 2 - Stable.
 
 A browser-compatible implementation of {CryptoKey}. This global is available
 only if the Node.js binary was compiled with including support for the
@@ -981,8 +987,7 @@ changes:
     description: No longer behind `--experimental-global-webcrypto` CLI flag.
 -->
 
-> Stability: 1 - Experimental. Disable this API with the
-> [`--no-experimental-global-webcrypto`][] CLI flag.
+> Stability: 2 - Stable.
 
 A browser-compatible implementation of {SubtleCrypto}. This global is available
 only if the Node.js binary was compiled with including support for the
@@ -1147,7 +1152,6 @@ A browser-compatible implementation of [`WritableStreamDefaultWriter`][].
 [Web Crypto API]: webcrypto.md
 [`--no-experimental-global-customevent`]: cli.md#--no-experimental-global-customevent
 [`--no-experimental-global-navigator`]: cli.md#--no-experimental-global-navigator
-[`--no-experimental-global-webcrypto`]: cli.md#--no-experimental-global-webcrypto
 [`--no-experimental-websocket`]: cli.md#--no-experimental-websocket
 [`AbortController`]: https://developer.mozilla.org/en-US/docs/Web/API/AbortController
 [`ByteLengthQueuingStrategy`]: webstreams.md#class-bytelengthqueuingstrategy

diff --git a/doc/node.1 b/doc/node.1
@@ -192,9 +192,6 @@ Disable experimental support for the WebSocket API.
 .It Fl -no-experimental-global-customevent
 Disable exposition of the CustomEvent on the global scope.
 .
-.It Fl -no-experimental-global-webcrypto
-Disable exposition of the Web Crypto API on the global scope.
-.
 .It Fl -no-experimental-repl-await
 Disable top-level await keyword support in REPL.
 .

diff --git a/lib/internal/bootstrap/web/exposed-window-or-worker.js b/lib/internal/bootstrap/web/exposed-window-or-worker.js
@@ -11,6 +11,7 @@
 const {
   globalThis,
   ObjectDefineProperty,
+  ObjectGetOwnPropertyDescriptor,
 } = primordials;
 
 const {
@@ -20,6 +21,11 @@ const {
   exposeLazyInterfaces,
 } = require('internal/util');
 
+const {
+  ERR_INVALID_THIS,
+  ERR_NO_CRYPTO,
+} = require('internal/errors').codes;
+
 // https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
 const timers = require('timers');
 defineOperation(globalThis, 'clearInterval', timers.clearInterval);
@@ -89,3 +95,29 @@ exposeLazyInterfaces(globalThis, 'internal/deps/undici/undici', ['WebSocket']);
 internalBinding('wasm_web_api').setImplementation((streamState, source) => {
   require('internal/wasm_web_api').wasmStreamingCallback(streamState, source);
 });
+
+// WebCryptoAPI
+if (internalBinding('config').hasOpenSSL) {
+  defineReplaceableLazyAttribute(
+    globalThis,
+    'internal/crypto/webcrypto',
+    ['crypto'],
+    false,
+    function cryptoThisCheck() {
+      if (this !== globalThis && this != null)
+        throw new ERR_INVALID_THIS(
+          'nullish or must be the global object');
+    },
+  );
+  exposeLazyInterfaces(
+    globalThis, 'internal/crypto/webcrypto',
+    ['Crypto', 'CryptoKey', 'SubtleCrypto'],
+  );
+} else {
+  ObjectDefineProperty(globalThis, 'crypto',
+                       { __proto__: null, ...ObjectGetOwnPropertyDescriptor({
+                         get crypto() {
+                           throw new ERR_NO_CRYPTO();
+                         },
+                       }, 'crypto') });
+}
diff --git a/lib/internal/crypto/webcrypto.js b/lib/internal/crypto/webcrypto.js
@@ -5,7 +5,6 @@ const {
   JSONParse,
   JSONStringify,
   ObjectDefineProperties,
-  ObjectDefineProperty,
   ReflectApply,
   ReflectConstruct,
   SafeSet,
@@ -21,10 +20,6 @@ const {
   kWebCryptoCipherDecrypt,
 } = internalBinding('crypto');
 
-const {
-  getOptionValue,
-} = require('internal/options');
-
 const { TextDecoder, TextEncoder } = require('internal/encoding');
 
 const {
@@ -1025,18 +1020,6 @@ ObjectDefineProperties(
     },
   });
 
-if (getOptionValue('--no-experimental-global-webcrypto')) {
-  // For backward compatibility, keep exposing CryptoKey in the Crypto prototype
-  // when using the flag.
-  ObjectDefineProperty(Crypto.prototype, 'CryptoKey', {
-    __proto__: null,
-    enumerable: true,
-    configurable: true,
-    writable: true,
-    value: CryptoKey,
-  });
-}
-
 ObjectDefineProperties(
   SubtleCrypto.prototype, {
     [SymbolToStringTag]: {

diff --git a/lib/internal/main/eval_string.js b/lib/internal/main/eval_string.js
@@ -31,9 +31,7 @@ if (getOptionValue('--input-type') === 'module' ||
 } else {
   // For backward compatibility, we want the identifier crypto to be the
   // `node:crypto` module rather than WebCrypto.
-  const isUsingCryptoIdentifier =
-                             getOptionValue('--experimental-global-webcrypto') &&
-                             RegExpPrototypeExec(/\bcrypto\b/, source) !== null;
+  const isUsingCryptoIdentifier = RegExpPrototypeExec(/\bcrypto\b/, source) !== null;
   const shouldDefineCrypto = isUsingCryptoIdentifier && internalBinding('config').hasOpenSSL;
 
   if (isUsingCryptoIdentifier && !shouldDefineCrypto) {

diff --git a/lib/internal/process/pre_execution.js b/lib/internal/process/pre_execution.js
@@ -12,7 +12,6 @@ const {
   NumberParseInt,
   ObjectDefineProperty,
   ObjectFreeze,
-  ObjectGetOwnPropertyDescriptor,
   SafeMap,
   String,
   StringPrototypeStartsWith,
@@ -36,9 +35,7 @@ const {
 } = require('internal/util');
 
 const {
-  ERR_INVALID_THIS,
   ERR_MANIFEST_ASSERT_INTEGRITY,
-  ERR_NO_CRYPTO,
   ERR_MISSING_OPTION,
   ERR_ACCESS_DENIED,
 } = require('internal/errors').codes;
@@ -107,7 +104,6 @@ function prepareExecution(options) {
   setupNavigator();
   setupWarningHandler();
   setupUndici();
-  setupWebCrypto();
   setupCustomEvent();
   setupCodeCoverage();
   setupDebugEnv();
@@ -341,41 +337,6 @@ function setupNavigator() {
   defineReplaceableLazyAttribute(globalThis, 'internal/navigator', ['navigator'], false);
 }
 
-// TODO(aduh95): move this to internal/bootstrap/web/* when the CLI flag is
-//               removed.
-function setupWebCrypto() {
-  if (getEmbedderOptions().noBrowserGlobals ||
-      getOptionValue('--no-experimental-global-webcrypto')) {
-    return;
-  }
-
-  if (internalBinding('config').hasOpenSSL) {
-    defineReplaceableLazyAttribute(
-      globalThis,
-      'internal/crypto/webcrypto',
-      ['crypto'],
-      false,
-      function cryptoThisCheck() {
-        if (this !== globalThis && this != null)
-          throw new ERR_INVALID_THIS(
-            'nullish or must be the global object');
-      },
-    );
-    exposeLazyInterfaces(
-      globalThis, 'internal/crypto/webcrypto',
-      ['Crypto', 'CryptoKey', 'SubtleCrypto'],
-    );
-  } else {
-    ObjectDefineProperty(globalThis, 'crypto',
-                         { __proto__: null, ...ObjectGetOwnPropertyDescriptor({
-                           get crypto() {
-                             throw new ERR_NO_CRYPTO();
-                           },
-                         }, 'crypto') });
-
-  }
-}
-
 function setupCodeCoverage() {
   // Resolve the coverage directory to an absolute path, and
   // overwrite process.env so that the original path gets passed

diff --git a/src/node_options.cc b/src/node_options.cc
@@ -416,11 +416,7 @@ EnvironmentOptionsParser::EnvironmentOptionsParser() {
             &EnvironmentOptions::experimental_global_navigator,
             kAllowedInEnvvar,
             true);
-  AddOption("--experimental-global-webcrypto",
-            "expose experimental Web Crypto API on the global scope",
-            &EnvironmentOptions::experimental_global_web_crypto,
-            kAllowedInEnvvar,
-            true);
+  AddOption("--experimental-global-webcrypto", "", NoOp{}, kAllowedInEnvvar);
   AddOption("--experimental-json-modules", "", NoOp{}, kAllowedInEnvvar);
   AddOption("--experimental-loader",
             "use the specified module as a custom loader",

diff --git a/test/parallel/test-cli-eval.js b/test/parallel/test-cli-eval.js
@@ -348,12 +348,6 @@ child.exec(
   common.mustSucceed((stdout) => {
     assert.match(stdout, /^number/);
   }));
-child.exec(
-  `${nodejs} --no-experimental-global-webcrypto ` +
-    '-p "var crypto = {randomBytes:1};typeof crypto.randomBytes"',
-  common.mustSucceed((stdout) => {
-    assert.match(stdout, /^number/);
-  }));
 
 // Regression test for https://github.com/nodejs/node/issues/45336
 child.execFile(process.execPath,

diff --git a/test/parallel/test-global-webcrypto-disbled.js b/test/parallel/test-global-webcrypto-disbled.js
diff --git a/test/parallel/test-process-env-allowed-flags-are-documented.js b/test/parallel/test-process-env-allowed-flags-are-documented.js
@@ -99,6 +99,7 @@ const undocumented = difference(process.allowedNodeEnvironmentFlags,
 assert(undocumented.delete('--debug-arraybuffer-allocations'));
 assert(undocumented.delete('--no-debug-arraybuffer-allocations'));
 assert(undocumented.delete('--es-module-specifier-resolution'));
+assert(undocumented.delete('--experimental-global-webcrypto'));
 assert(undocumented.delete('--experimental-report'));
 assert(undocumented.delete('--experimental-worker'));
 assert(undocumented.delete('--node-snapshot'));