Why does NDKSigner.sign() only return NostrEvent.sig instead of full NostrEvent?

[manimejia]

MOST implementations of NDKSigner.sign() will call finalizeEvent() from nostr-tools, which writes THREE properties to a NostrEvent within the SAME function.

• establishes that event.pubkey is derived from the signer private key.
• hashes the entire event (with pubkey) as event.id
• signs the entire event (with pubkey and id) as event.sig.

Seems to me that writing these three properties in a SINGLE function is important for maintaining integrity of the NostrEvent. Returning ONLY the event.sig from this function is NOT ONLY unnecessary CPU burden but ALSO requires that some OTHER function add the id and pubkey verification to the published event. This COULD be a possible vector for bugs and publishing of fake event id or pubkey.

In addition ... the verb sign() implies a thing to be done "to the event". A function that JUST returns the signature, should more appropriately be called getSig() or something.

• Why not just return the entire NostrEvent?
• What is best practice for providing the functionality of finalizeEvent() in a SINGLE function call from NDK, given that sig REQUIRES an NDKSigner and id does not?

P.S.
It's prolly too late to change the method signature for NDKSigner.sign() at this point ... but I'm just wondering WHY this decision was made and WHAT is the best way to move forward with above issues?

[erskingardner]

@pablof7z is the only one who can answer this. I think you're right though in that it would have made more sense to have returned the whole event from the sign event. If I were to conjecture, I think it's because usually you're working on an NDKEvent that you've already got in memory and so you're not expecting to get another copy of the same even back on these methods. e.g.

const event = new NDKEvent(ndk, {...});
event.sign();
event.publish();

instead of

const event = new NDKEvent(ndk, {...});
const signedEvent = event.sign();
signedEvent.publish();