After I read this, I took a look at the elliptic issue tracker. It’s a little sad and scary, at the same time. Sad because, this kind of neglect is almost certainly the result of the kind of burn-out that comes with maintaining popular open source software. Scary because some of the issues have been public for over a year, and still aren’t fixed.
Then I saw it has over 3000 dependent packages on npm!
I’m currently drafting/testing a virtual package that you can add to your package.json to replace elliptic with a shim library that uses noble-curves instead. GitHub - paulmillr/noble-curves: Audited & minimal JS implementation of elliptic curve cryptography.
Expect an update soon.