@upstash/qstash 0.1.6 → 0.1.8

package/script/deps/deno.land/std@0.161.0/crypto/keystack.js

@@ -0,0 +1,177 @@
+"use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+// This module is browser compatible.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _KeyStack_instances, _KeyStack_cryptoKeys, _KeyStack_keys, _KeyStack_toCryptoKey;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KeyStack = void 0;
+/**
+ * Provides the {@linkcode KeyStack} class which implements the
+ * {@linkcode KeyRing} interface for managing rotatable keys.
+ *
+ * @module
+ */
+const dntShim = __importStar(require("../../../../_dnt.shims.js"));
+const timing_safe_equal_js_1 = require("./timing_safe_equal.js");
+const base64url = __importStar(require("../encoding/base64url.js"));
+const encoder = new TextEncoder();
+function importKey(key) {
+    if (typeof key === "string") {
+        key = encoder.encode(key);
+    }
+    else if (Array.isArray(key)) {
+        key = new Uint8Array(key);
+    }
+    return dntShim.crypto.subtle.importKey("raw", key, {
+        name: "HMAC",
+        hash: { name: "SHA-256" },
+    }, true, ["sign", "verify"]);
+}
+function sign(data, key) {
+    if (typeof data === "string") {
+        data = encoder.encode(data);
+    }
+    else if (Array.isArray(data)) {
+        data = Uint8Array.from(data);
+    }
+    return dntShim.crypto.subtle.sign("HMAC", key, data);
+}
+/** Compare two strings, Uint8Arrays, ArrayBuffers, or arrays of numbers in a
+ * way that avoids timing based attacks on the comparisons on the values.
+ *
+ * The function will return `true` if the values match, or `false`, if they
+ * do not match.
+ *
+ * This was inspired by https://github.com/suryagh/tsscmp which provides a
+ * timing safe string comparison to avoid timing attacks as described in
+ * https://codahale.com/a-lesson-in-timing-attacks/.
+ */
+async function compare(a, b) {
+    const key = new Uint8Array(32);
+    dntShim.dntGlobalThis.crypto.getRandomValues(key);
+    const cryptoKey = await importKey(key);
+    const ah = await sign(a, cryptoKey);
+    const bh = await sign(b, cryptoKey);
+    return (0, timing_safe_equal_js_1.timingSafeEqual)(ah, bh);
+}
+/** A cryptographic key chain which allows signing of data to prevent tampering,
+ * but also allows for easy key rotation without needing to re-sign the data.
+ *
+ * Data is signed as SHA256 HMAC.
+ *
+ * This was inspired by [keygrip](https://github.com/crypto-utils/keygrip/).
+ *
+ * ### Example
+ *
+ * ```ts
+ * import { KeyStack } from "https://deno.land/std@$STD_VERSION/crypto/keystack.ts";
+ *
+ * const keyStack = new KeyStack(["hello", "world"]);
+ * const digest = await keyStack.sign("some data");
+ *
+ * const rotatedStack = new KeyStack(["deno", "says", "hello", "world"]);
+ * await rotatedStack.verify("some data", digest); // true
+ * ```
+ */
+class KeyStack {
+    /** A class which accepts an array of keys that are used to sign and verify
+     * data and allows easy key rotation without invalidation of previously signed
+     * data.
+     *
+     * @param keys An iterable of keys, of which the index 0 will be used to sign
+     *             data, but verification can happen against any key.
+     */
+    constructor(keys) {
+        _KeyStack_instances.add(this);
+        _KeyStack_cryptoKeys.set(this, new Map());
+        _KeyStack_keys.set(this, void 0);
+        const values = Array.isArray(keys) ? keys : [...keys];
+        if (!(values.length)) {
+            throw new TypeError("keys must contain at least one value");
+        }
+        __classPrivateFieldSet(this, _KeyStack_keys, values, "f");
+    }
+    get length() {
+        return __classPrivateFieldGet(this, _KeyStack_keys, "f").length;
+    }
+    /** Take `data` and return a SHA256 HMAC digest that uses the current 0 index
+     * of the `keys` passed to the constructor.  This digest is in the form of a
+     * URL safe base64 encoded string. */
+    async sign(data) {
+        const key = await __classPrivateFieldGet(this, _KeyStack_instances, "m", _KeyStack_toCryptoKey).call(this, __classPrivateFieldGet(this, _KeyStack_keys, "f")[0]);
+        return base64url.encode(await sign(data, key));
+    }
+    /** Given `data` and a `digest`, verify that one of the `keys` provided the
+     * constructor was used to generate the `digest`.  Returns `true` if one of
+     * the keys was used, otherwise `false`. */
+    async verify(data, digest) {
+        return (await this.indexOf(data, digest)) > -1;
+    }
+    /** Given `data` and a `digest`, return the current index of the key in the
+     * `keys` passed the constructor that was used to generate the digest.  If no
+     * key can be found, the method returns `-1`. */
+    async indexOf(data, digest) {
+        for (let i = 0; i < __classPrivateFieldGet(this, _KeyStack_keys, "f").length; i++) {
+            const cryptoKey = await __classPrivateFieldGet(this, _KeyStack_instances, "m", _KeyStack_toCryptoKey).call(this, __classPrivateFieldGet(this, _KeyStack_keys, "f")[i]);
+            if (await compare(digest, base64url.encode(await sign(data, cryptoKey)))) {
+                return i;
+            }
+        }
+        return -1;
+    }
+    [(_KeyStack_cryptoKeys = new WeakMap(), _KeyStack_keys = new WeakMap(), _KeyStack_instances = new WeakSet(), _KeyStack_toCryptoKey = async function _KeyStack_toCryptoKey(key) {
+        if (!__classPrivateFieldGet(this, _KeyStack_cryptoKeys, "f").has(key)) {
+            __classPrivateFieldGet(this, _KeyStack_cryptoKeys, "f").set(key, await importKey(key));
+        }
+        return __classPrivateFieldGet(this, _KeyStack_cryptoKeys, "f").get(key);
+    }, Symbol.for("Deno.customInspect"))](inspect) {
+        const { length } = this;
+        return `${this.constructor.name} ${inspect({ length })}`;
+    }
+    [Symbol.for("nodejs.util.inspect.custom")](depth, 
+    // deno-lint-ignore no-explicit-any
+    options, inspect) {
+        if (depth < 0) {
+            return options.stylize(`[${this.constructor.name}]`, "special");
+        }
+        const newOptions = Object.assign({}, options, {
+            depth: options.depth === null ? null : options.depth - 1,
+        });
+        const { length } = this;
+        return `${options.stylize(this.constructor.name, "special")} ${inspect({ length }, newOptions)}`;
+    }
+}
+exports.KeyStack = KeyStack;

package/script/deps/deno.land/{std@0.149.0 → std@0.161.0}/crypto/mod.js

@@ -1,4 +1,5 @@
 "use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     var desc = Object.getOwnPropertyDescriptor(m, k);
@@ -23,15 +24,36 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.crypto = void 0;
-// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+exports.crypto = exports.toHashString = exports.KeyStack = void 0;
+/**
+ * Extensions to the
+ * [Web Crypto](https://developer.mozilla.org/en-US/docs/Web/API/Web_Crypto_API)
+ * supporting additional encryption APIs.
+ *
+ * Provides additional digest algorithms that are not part of the WebCrypto
+ * standard as well as a `subtle.digest` and `subtle.digestSync` methods. It
+ * also provide a `subtle.timingSafeEqual()` method to compare array buffers
+ * or data views in a way that isn't prone to timing based attacks.
+ *
+ * The "polyfill" delegates to `WebCrypto` where possible.
+ *
+ * The {@linkcode KeyStack} export implements the {@linkcode KeyRing} interface
+ * for managing rotatable keys for signing data to prevent tampering, like with
+ * HTTP cookies.
+ *
+ * @module
+ */
 const dntShim = __importStar(require("../../../../_dnt.shims.js"));
-const mod_js_1 = require("../_wasm_crypto/mod.js");
+const mod_js_1 = require("./_wasm_crypto/mod.js");
+const timing_safe_equal_js_1 = require("./timing_safe_equal.js");
 const index_js_1 = require("./_fnv/index.js");
+var keystack_js_1 = require("./keystack.js");
+Object.defineProperty(exports, "KeyStack", { enumerable: true, get: function () { return keystack_js_1.KeyStack; } });
+var util_js_1 = require("./util.js");
+Object.defineProperty(exports, "toHashString", { enumerable: true, get: function () { return util_js_1.toHashString; } });
 /**
  * A copy of the global WebCrypto interface, with methods bound so they're
  * safe to re-export.
- * @module
  */
 const webCrypto = ((crypto) => ({
     getRandomValues: crypto.getRandomValues?.bind(crypto),
@@ -74,8 +96,8 @@ const stdCrypto = ((x) => x)({
     subtle: {
         ...webCrypto.subtle,
         /**
-         * Returns a new `Promise` object that will digest `data` using the specified
-         * `AlgorithmIdentifier`.
+         * Polyfills stream support until the Web Crypto API does so:
+         * @see {@link https://github.com/wintercg/proposal-webcrypto-streams}
          */
         async digest(algorithm, data) {
             const { name, length } = normalizeAlgorithm(algorithm);
@@ -127,10 +149,6 @@ const stdCrypto = ((x) => x)({
                 throw new TypeError(`unsupported digest algorithm: ${algorithm}`);
             }
         },
-        /**
-         * Returns a ArrayBuffer with the result of digesting `data` using the
-         * specified `AlgorithmIdentifier`.
-         */
         digestSync(algorithm, data) {
             algorithm = normalizeAlgorithm(algorithm);
             const bytes = bufferSourceBytes(data);
@@ -157,6 +175,8 @@ const stdCrypto = ((x) => x)({
                 throw new TypeError("data must be a BufferSource or Iterable<BufferSource>");
             }
         },
+        // TODO(@kitsonk): rework when https://github.com/w3c/webcrypto/issues/270 resolved
+        timingSafeEqual: timing_safe_equal_js_1.timingSafeEqual,
     },
 });
 exports.crypto = stdCrypto;

package/script/deps/deno.land/std@0.161.0/crypto/timing_safe_equal.js

@@ -0,0 +1,28 @@
+"use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.timingSafeEqual = void 0;
+const asserts_js_1 = require("../testing/asserts.js");
+/** Compare to array buffers or data views in a way that timing based attacks
+ * cannot gain information about the platform. */
+function timingSafeEqual(a, b) {
+    if (a.byteLength !== b.byteLength) {
+        return false;
+    }
+    if (!(a instanceof DataView)) {
+        a = new DataView(ArrayBuffer.isView(a) ? a.buffer : a);
+    }
+    if (!(b instanceof DataView)) {
+        b = new DataView(ArrayBuffer.isView(b) ? b.buffer : b);
+    }
+    (0, asserts_js_1.assert)(a instanceof DataView);
+    (0, asserts_js_1.assert)(b instanceof DataView);
+    const length = a.byteLength;
+    let out = 0;
+    let i = -1;
+    while (++i < length) {
+        out |= a.getUint8(i) ^ b.getUint8(i);
+    }
+    return out === 0;
+}
+exports.timingSafeEqual = timingSafeEqual;

package/script/deps/deno.land/std@0.161.0/crypto/util.js

@@ -0,0 +1,54 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.toHashString = void 0;
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+const hex = __importStar(require("../encoding/hex.js"));
+const base64 = __importStar(require("../encoding/base64.js"));
+const decoder = new TextDecoder();
+/**
+ * Converts a hash to a string with a given encoding.
+ * @example
+ * ```ts
+ * import { crypto, toHashString } from "https://deno.land/std@$STD_VERSION/crypto/mod.ts";
+ *
+ * const hash = await crypto.subtle.digest("SHA-384", new TextEncoder().encode("You hear that Mr. Anderson?"));
+ *
+ * // Hex encoding by default
+ * console.log(toHashString(hash));
+ *
+ * // Or with base64 encoding
+ * console.log(toHashString(hash, "base64"));
+ * ```
+ */
+function toHashString(hash, encoding = "hex") {
+    switch (encoding) {
+        case "hex":
+            return decoder.decode(hex.encode(new Uint8Array(hash)));
+        case "base64":
+            return base64.encode(hash);
+    }
+}
+exports.toHashString = toHashString;

package/script/deps/deno.land/std@0.161.0/encoding/base64.js

@@ -0,0 +1,127 @@
+"use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decode = exports.encode = void 0;
+/**
+ * {@linkcode encode} and {@linkcode decode} for
+ * [base64](https://en.wikipedia.org/wiki/Base64) encoding.
+ *
+ * This module is browser compatible.
+ *
+ * @module
+ */
+const base64abc = [
+    "A",
+    "B",
+    "C",
+    "D",
+    "E",
+    "F",
+    "G",
+    "H",
+    "I",
+    "J",
+    "K",
+    "L",
+    "M",
+    "N",
+    "O",
+    "P",
+    "Q",
+    "R",
+    "S",
+    "T",
+    "U",
+    "V",
+    "W",
+    "X",
+    "Y",
+    "Z",
+    "a",
+    "b",
+    "c",
+    "d",
+    "e",
+    "f",
+    "g",
+    "h",
+    "i",
+    "j",
+    "k",
+    "l",
+    "m",
+    "n",
+    "o",
+    "p",
+    "q",
+    "r",
+    "s",
+    "t",
+    "u",
+    "v",
+    "w",
+    "x",
+    "y",
+    "z",
+    "0",
+    "1",
+    "2",
+    "3",
+    "4",
+    "5",
+    "6",
+    "7",
+    "8",
+    "9",
+    "+",
+    "/",
+];
+/**
+ * CREDIT: https://gist.github.com/enepomnyaschih/72c423f727d395eeaa09697058238727
+ * Encodes a given Uint8Array, ArrayBuffer or string into RFC4648 base64 representation
+ * @param data
+ */
+function encode(data) {
+    const uint8 = typeof data === "string"
+        ? new TextEncoder().encode(data)
+        : data instanceof Uint8Array
+            ? data
+            : new Uint8Array(data);
+    let result = "", i;
+    const l = uint8.length;
+    for (i = 2; i < l; i += 3) {
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[((uint8[i - 1] & 0x0f) << 2) | (uint8[i] >> 6)];
+        result += base64abc[uint8[i] & 0x3f];
+    }
+    if (i === l + 1) {
+        // 1 octet yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[(uint8[i - 2] & 0x03) << 4];
+        result += "==";
+    }
+    if (i === l) {
+        // 2 octets yet to write
+        result += base64abc[uint8[i - 2] >> 2];
+        result += base64abc[((uint8[i - 2] & 0x03) << 4) | (uint8[i - 1] >> 4)];
+        result += base64abc[(uint8[i - 1] & 0x0f) << 2];
+        result += "=";
+    }
+    return result;
+}
+exports.encode = encode;
+/**
+ * Decodes a given RFC4648 base64 encoded string
+ * @param b64
+ */
+function decode(b64) {
+    const binString = atob(b64);
+    const size = binString.length;
+    const bytes = new Uint8Array(size);
+    for (let i = 0; i < size; i++) {
+        bytes[i] = binString.charCodeAt(i);
+    }
+    return bytes;
+}
+exports.decode = decode;

package/script/deps/deno.land/std@0.161.0/encoding/base64url.js

@@ -0,0 +1,77 @@
+"use strict";
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decode = exports.encode = void 0;
+/**
+ * {@linkcode encode} and {@linkcode decode} for
+ * [base64 URL safe](https://en.wikipedia.org/wiki/Base64#URL_applications) encoding.
+ *
+ * This module is browser compatible.
+ *
+ * @module
+ */
+const base64 = __importStar(require("./base64.js"));
+/*
+ * Some variants allow or require omitting the padding '=' signs:
+ * https://en.wikipedia.org/wiki/Base64#The_URL_applications
+ * @param base64url
+ */
+function addPaddingToBase64url(base64url) {
+    if (base64url.length % 4 === 2)
+        return base64url + "==";
+    if (base64url.length % 4 === 3)
+        return base64url + "=";
+    if (base64url.length % 4 === 1) {
+        throw new TypeError("Illegal base64url string!");
+    }
+    return base64url;
+}
+function convertBase64urlToBase64(b64url) {
+    if (!/^[-_A-Z0-9]*?={0,2}$/i.test(b64url)) {
+        // Contains characters not part of base64url spec.
+        throw new TypeError("Failed to decode base64url: invalid character");
+    }
+    return addPaddingToBase64url(b64url).replace(/\-/g, "+").replace(/_/g, "/");
+}
+function convertBase64ToBase64url(b64) {
+    return b64.replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
+/**
+ * Encodes a given ArrayBuffer or string into a base64url representation
+ * @param data
+ */
+function encode(data) {
+    return convertBase64ToBase64url(base64.encode(data));
+}
+exports.encode = encode;
+/**
+ * Converts given base64url encoded data back to original
+ * @param b64url
+ */
+function decode(b64url) {
+    return base64.decode(convertBase64urlToBase64(b64url));
+}
+exports.decode = decode;

package/script/deps/deno.land/std@0.161.0/encoding/hex.js

@@ -0,0 +1,65 @@
+"use strict";
+// Copyright 2009 The Go Authors. All rights reserved.
+// https://github.com/golang/go/blob/master/LICENSE
+// Copyright 2018-2022 the Deno authors. All rights reserved. MIT license.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decode = exports.encode = void 0;
+/** Port of the Go
+ * [encoding/hex](https://github.com/golang/go/blob/go1.12.5/src/encoding/hex/hex.go)
+ * library.
+ *
+ * This module is browser compatible.
+ *
+ * @module
+ */
+const hexTable = new TextEncoder().encode("0123456789abcdef");
+function errInvalidByte(byte) {
+    return new TypeError(`Invalid byte '${String.fromCharCode(byte)}'`);
+}
+function errLength() {
+    return new RangeError("Odd length hex string");
+}
+/** Converts a hex character into its value. */
+function fromHexChar(byte) {
+    // '0' <= byte && byte <= '9'
+    if (48 <= byte && byte <= 57)
+        return byte - 48;
+    // 'a' <= byte && byte <= 'f'
+    if (97 <= byte && byte <= 102)
+        return byte - 97 + 10;
+    // 'A' <= byte && byte <= 'F'
+    if (65 <= byte && byte <= 70)
+        return byte - 65 + 10;
+    throw errInvalidByte(byte);
+}
+/** Encodes `src` into `src.length * 2` bytes. */
+function encode(src) {
+    const dst = new Uint8Array(src.length * 2);
+    for (let i = 0; i < dst.length; i++) {
+        const v = src[i];
+        dst[i * 2] = hexTable[v >> 4];
+        dst[i * 2 + 1] = hexTable[v & 0x0f];
+    }
+    return dst;
+}
+exports.encode = encode;
+/**
+ * Decodes `src` into `src.length / 2` bytes.
+ * If the input is malformed, an error will be thrown.
+ */
+function decode(src) {
+    const dst = new Uint8Array(src.length / 2);
+    for (let i = 0; i < dst.length; i++) {
+        const a = fromHexChar(src[i * 2]);
+        const b = fromHexChar(src[i * 2 + 1]);
+        dst[i] = (a << 4) | b;
+    }
+    if (src.length % 2 == 1) {
+        // Check for invalid char before reporting bad length,
+        // since the invalid char (if present) is an earlier problem.
+        fromHexChar(src[dst.length * 2]);
+        throw errLength();
+    }
+    return dst;
+}
+exports.decode = decode;