Is NodeJS crypto dependent on the user's system?

I'm looking for a complete JS crypto library: all SHAs, AEAD (chacha/poly, aes-gcm), all AESs, NIST and SECP P256 and ED25519 support, ECDSA, ECDH/E, etc.

It looks like the nodeJS crypto module has full support of everything I need, but it says it is a wrapper around OpenSSL.

Does this mean some functions may not work if a user does not have OpenSSL installed (or an outdated version)? I assume it does, but that is very unlike Node, so I want to be sure.

If so, are there are any "complete" libraries out there? libsodium, sjcl, and crypto-js are insufficient (I could piece together a sol'n from multiple libs if necessary).

Solution 1:

Nodejs is statically linked to its own built-in version of OpenSSL. It does not rely on an external OpenSSL installation.

There are multiple articles that reference how nodejs has to be updated in order to get the newer OpenSSL versions (because it links OpenSSL right into nodejs).

Here are a couple of those articles:

https://developer.ibm.com/blogs/openssl-111-has-landed-in-nodejs-master-and-why-its-important-for-nodejs-lts-releases/

https://nodejs.org/ru/blog/vulnerability/april-2020-openssl-updates/

https://issueexplorer.com/issue/nodejs/node/40106