ERR_OSSL_EVP_UNSUPPORTED - serverkess package - node.js

I am getting error:0308010C:digital envelope routines::unsupported for a serverless package command.
Have referred to multiple SO questions and other documents. Most of them suggest the following:
Downgrading node version to any LTS lesser than 17:
Downgrading the node version creates a lot of library compatibility issues. For example, one of the many errors I get from the node-fetch library during webpacking is Can't resolve 'node:util' in <project-directory>\node_modules\node-fetch\src
Set Node to use openssl legacy provider: Since the newer versions of node use the encryption algorithms supported by the newer openssl but the libraries in the project still (guessing) only support the algorithms supported by openssl 1.1, which is the main reason behind the ERR_OSSL_EVP_UNSUPPORTED issue, we need to override node's default encryption algorithms to the ones supported by openssl 1.1 by setting NODE_OPTIONS to --openssl-legacy-provider. This solution is working for react projects or even frontend frameworks like ionic where the node options can be easily overridden in the scripts in package.json or the documentation of ionic tells us how to set it so that it can pick it up during build stage. But this does not work for backend framework libraries like serverless. I am not sure how the node options can be overridden for serverless because setting it as an environment variable is not working nor can I find any documentation.

Related

Use legacy OpenSSL provider with Node 16 and 18

Background
I've inherited a legacy build system based on Webpack 4 and run through yarn, which is run both on local development environments and in the cloud. Recently, Microsoft began to roll out a breaking change whereby the build agents allocated to the pipeline that runs this build system are now sometimes provisioned with Node 18 instead of Node 16.
I've come to learn that a breaking change in Node 18 is that it ships with a new OpenSSL provider, which has dropped support for the old md4 cryptographic hashing algorithm that is used internally by Webpack 4.
For backwards compatability, Node 18 has added a new NODE_OPTIONS command line flag, --openssl-legacy-provider, which can be used to force it to use a legacy OpenSSL provider that still supports the md4 algorithm. More recent versions of Node 16 have also back-ported support for this option, but only in the case that a newer version of the OpenSSL provider is being used than the one that ships with Node 16.
The Problem
Currently, we have two versions of the build system. The current one, which runs on Node 16 just fine, and a modified one that runs on Node 18 using the --openssl-legacy-provider flag but fails to run on Node 16 because the option is not allowed.
Ideally, I would like to get the build system into a state where it can run on either Node 16 or Node 18. I believe the key to this is to get both versions of Node to use the same legacy OpenSSL provider.
Potential Solutions
Our current interim solution has been to update our pipelines to force build agents to always use Node 16. Clearly this isn't a good long-term solution, though.
The only reason Node 18 is breaking for us is that Webpack is using the md4 algorithm. It is possible to configure output.hashFunction in Webpack's configuration, to tell it to use another algorithm like sha256, but there are also hard-coded uses of md4 in Webpack 4 that can't be configured so this configuration option hasn't solved the issue for us.
I've tried updating this legacy build system to Webpack 5, which has a built-in xxhash64 hashing algorithm that doesn't rely on OpenSSL and so should be able to work on either version of Node. But unfortunately we rely on several third party plugins that haven't been updated for years, and don't have successors that support Webpack 5. So while of course it would be possible to update it, it's probably going to be a lot more work than any other solution, and as I mentioned this is a legacy build system.
Another potential solution that we could do, but would prefer not to do, would be to restrict our build agents to all run with a version of Node >= 18, and also update all our local development environments to use Node 18. I'd prefer to treat this option as a last resort.
I've also seen references to creating a file called openssl.cnf and setting an OPENSSL_CONF environment variable to the path to that file, as a way to tell any version of node to use the same OpenSSL provider. But I haven't been to find any instructions on how to configure an environment variable in local development environments. I'm familiar with using the dotenv library to access environment variables specified in a .env file through process.env, for example, but as this solution doesn't require me to access these variables through code it doesn't feel applicable here.
I've also looked for ways to query the version of Node when running a yarn script, in order to determine whether or not it's safe to use the --openssl-legacy-provider option, but haven't found any information about how to do this. If it's even possible at all.
tl;dr
What I'm looking to achieve is a way to run a yarn script using the legacy OpenSSL provider without knowing ahead of time if it will be running on Node 16 or Node 18.

How to compile node.js to binary release (with native modules)

Currently, I’m experimenting with building Node.js projects (different bundlers and other kinds of stuff). And I got a simple idea about bundling Node.js to a single binary for Linux, macOS, or Windows.
There are two packages nexe and pkg both of them don’t really support native .node modules that are used by packages like bcrypt or realm. Were you performing a similar compilation? I would be extremely happy to see some real-world examples (I could not find them on GitHub).
But... for what? It's more like an idea for fun what we're able to archive with Node.js. Even if it will be working (I get it working on cjs packages without native modules) example project with hello wold may have a size above 30MB.
One cool observation is that #vercel/ncc is able to compile my project into a single directory, but it also doesn’t work without node_modules (probably, I had no environment to test it)
Update V1: Building realm is impossible in such kinds of projects, the simplest solution is to not use realm in node apps because it will crash the binary build (it's because realm is using tons of other packages such as electron or react-native which doesn't work at all when it comes to desktop platforms.
My code is available at the following repository: https://github.com/keinsell/typecraft
After days of struggling with researching how pkg works and searching for potential alternatives, I've found caxa which were working for me in a good way, and on the road, I also got pkg working fine with (actually only tested on bcrypt) native modules. My core insights on using pkg for building Node.js binaries are:
Use matrix-builds on CI to build package ex. win package from windows host, mac from macos host etc.
Be sure to include native modules to assets (there you can use require() function in JavaScript (example below) or use pkg.assets object in package.json - I don't really get it but it's contained in my issue on vercel/pkg - vercel/pkg#1473
+ require('bcrypt/lib/binding/napi-v3/bcrypt_lib.node')
export async function main() { /* ... */ }
Some modules are still build-crashing, and the good example is realm but I'll still search for a way of building it and including it into node.js binary application. All of my progress on researching Node.js builds will be available on https://github.com/keinsell/typecraft and this StackOverflow answer will be updated over time and my new discoveries.
Read this resource with examples and you will be able to compile it to a binary release. Of course, nexe is necessary but with pty.js you can successfully compile it with all the native libraries. Have a look at the source: https://www.jedi.be/blog/2013/05/14/compiling-packaging-a-nodejs-project-as-a-single-binary/

crypto.getCurves is undefined

I am trying to use an oauth helper library called 'openid-client'. I am getting an error that reads in part '(TypeError): getCurves is not a function'. I poke around and find that getCurves is part of an inbuilt module of node.js 'crypto'.
If I console.log(typeOf(crypto.getCurves)) I get undefined. If I console.log(crypto) I see that crypto has many available methods but getCurves is not among them.
I am running node on my macbook and my project is a barebones npx create-react-app app with openid-client installed.
The node documentation outlines a way for determining if crypto support is unavailable, but that does not seem to indicate that crypto is unavailable for me.
I'm not sure why my version of node crypto does not have getCurves. Is there a way to install the correct version? Is there some sort of encryption restriction I am hitting due to OS? Any help appreciated.
node-openid-client is using APIs which are provided by Node and are missing in browser.
Node is being used by CRA as a development tool. App itself is running in browser and can't access Node's API-s, so it doesn't matter which Node version CRA is using.
When built, app is a set of JS files which can be served by a webserver (such as Nginx) directly without using Node at all.
So, this library can't be used with CRA apps.
https://github.com/panva/node-openid-client/issues/218
As you said, crypto is a built-in module, which means that its functionality depends on the version of node.js you have installed (you can check it via node -v from the shell or via console.log(process.version) at runtime).
Node.js API docs say that getCurves() was added in v2.3.0, so make sure your node is more recent than that.

How to determine when features were introduced into React

I am currently creating a package which I will publish on NPM. My package uses React but I don't want to add it as a dependency in my package to avoid consumers of my package from ending up with multiple versions of React in their projects (which will always be React projects as my package is React specific), thus bloating their projects unnecessarily.
Therefore I am going to add React to my package as a peer dependency.
My package uses React.Component, React.isValidElement and React.createElement. Therefore I need to find the oldest version of React which supports these features and make this version the minimum version in my peer dependency.
I am struggling in determining how to determine which version of React to use. If anybody is able to offer advice on how to work this out then I'd greatly appreciate it.
According to the changelog, the minimum version you can depend on is 0.13.0. I would recommend setting your dependency version to >=0.13.0. It would be best to use a CI tool like Travis to test your build on many versions of React (starting at the minimum) to ensure that you don't accidentally break things by relying on newer features.
Introductions
Component in 0.13.0 (Support for using ES6 classes to build React components)
isValidElement in 0.12.0 (React.isValidComponent --> React.isValidElement)
createElement in 0.11.12 (Added React.createElement API in preparation for React v0.12)

Error: write after end on Meteor app

I have today for the first time our new meteor app on modulus uploaded. When I tried to test them, the app crash with the error :
events.js:141
throw er; // Unhandled 'error' event
^
Error: write after end
at writeAfterEnd (_stream_writable.js:167:12)
at Socket.Writable.write (_stream_writable.js:212:5)
at Socket.write (net.js:626:40)
at [object Object].Connection.write (/mnt/app/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/connection/connection.js:502:58)
at /mnt/app/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/connection/pool.js:204:16
at executeScram (/mnt/app/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/auth/scram.js:176:5)
at /mnt/app/bundle/programs/server/npm/node_modules/meteor/npm-mongo/node_modules/mongodb-core/lib/auth/scram.js:281:7
at nextTickCallbackWith0Args (node.js:420:9)
at process._tickCallback (node.js:349:13)
The app tried three times to restart. The app ran normally for the fourth time. I could test everything and it worked. After about 10 minutes, the app crashed again with the same error message. From then on always randomly. What can I do?
UPDATE
My packages:
aaronroberson:ng-mask 3.0.16 AngularJS input masks packaged for meteor
accounts-base 1.2.14 A user account system
accounts-password 1.3.1 Password support for accounts
alanning:roles 1.2.15 Authorization package for Meteor
aldeed:simple-schema 1.5.3 A simple schema validation object with reactivity. Used by collection2 a...
alisalaah:jquery-contextmenu 1.6.6 JQuery ContextMenu by Rodney Rehm
altapp:recaptcha 2.0.1 Form bot protection for Meteor.
angular-meteor-auth 1.0.3* Angular-Meteor authentication module
angular-with-blaze 1.3.11 Everything you need to use both AngularJS and Blaze templates in your M...
angular:angular-animate 1.5.3_1 AngularJS (official) release. For full solution: http://angular-meteor...
angular:angular-material 1.0.6 Google Material design written for AngularJs (official repo)
angularui:angular-ui-router 0.2.15 angular-ui-router (official): Flexible routing with nested views in Ang...
bevanhunt:leaflet 2.0.1* leaflet - mobile-friendly maps.
check 1.2.4 Check whether a value matches a pattern
dandv:jquery-rateit 1.0.22_2 RateIt - a modern, mobile-friendly, jQuery (star) rating plugin
ecmascript 0.5.9 Compiler plugin that supports ES2015+ in all .js files
edgee:slingshot 0.7.1 Directly post files to cloud storage services, such as AWS-S3.
ejson 1.0.13 Extended and Extensible JSON library
email 1.1.18 Send email messages
erasaur:meteor-lodash 4.0.0 Wrapper for Lo-Dash v4.0.0
erasaur:server-session 0.0.5 Meteor Server-side Sessions, similar to the typical Client Session
es5-shim 4.6.15 Shims and polyfills to improve ECMAScript 5 support
fortawesome:fontawesome 4.6.3* Font Awesome (official): 500+ scalable vector icons, customizable via CS...
gfk:mediator 1.0.0 Adds a mediator to your application
gromo:jquery.scrollbar 0.0.1 Cross-browser CSS customizable scrollbar with advanced features.
harrison:papa-parse 1.1.1 A powerful, in-browser CSV parser for big boys and girls
http 1.2.10 Make HTTP calls to remote servers
jonblum:jquery-cropper 2.3.0 Fengyuan Chen's terrific jQuery plugin for cropping/zooming/rotating ima...
lucavandro:angular-moment-with-locales 0.10.3 Angular-Meteor directive and filters for Moment.JS with locales
matb33:collection-hooks 0.8.4 Extends Mongo.Collection with before/after hooks for insert/update/remov...
matthieuh:angular-local-storage 0.2.2 Angular module that gives you access to the browsers local storage with ...
maxkferg:temp 1.0.0 Create tracked temporary files on the server
mdg:validated-method 1.1.0 A simple wrapper for Meteor.methods
meteor-base 1.0.4 Packages that every Meteor app needs
meteorhacks:kadira 2.30.0* Performance Monitoring for Meteor
meteorhacks:meteor-down 1.1.2 Load Testing Framework for Meteor
meteorhacks:npm 1.5.0 Use npm modules with your Meteor App
meteorhacks:sikka 1.0.1 Sikka - A Firewall for Meteor Apps
mobile-experience 1.0.4 Packages for a great mobile user experience
mongo 1.1.14 Adaptor for using MongoDB and Minimongo over DDP
mrt:external-file-loader 0.1.4 The External File Loader package helps easily load external js, css and ...
nimble:restivus 0.8.11 Create authenticated REST APIs in Meteor 0.9+ via HTTP/HTTPS. Setup CRU...
npm-container 1.2.0+ Contains all your npm dependencies
pacozaa:angular-material-data-table 0.9.9 Material Design Data Table for Angular Material
pdiniz:canvas-to-blob 0.0.2 Simple wrapper around the blueimp's JavaScript-Canvas-to-Blob package
peerlibrary:aws-sdk 2.4.9_1 SDK for AWS services including Amazon S3, Amazon EC2, DynamoDB, and Am...
perak:joins 1.0.8 Generic collection joins for Meteor
percolate:synced-cron 1.3.2 Allows you to define and run scheduled jobs across multiple servers.
planettraining:angular-translate 2.10.0 Angular Translate
planettraining:angular-translate-loader-static-files 2.10.0 Angular Translate
practicalmeteor:chai 2.1.0_1 The Chai Assertion Library, v2.1.0
practicalmeteor:mocha 2.4.5_6 Write package tests with mocha and run them in the browser or from the...
random 1.0.10 Random number generator and utilities
reactive-var 1.0.11 Reactive variable
rzymek:moment-locale-de 2.14.1 Moment.js de locale. Companion package for rzymek:moment
sathriawan:angular-timer 1.3.5_3 Angular-Timer : A simple AngularJS directive demonstrating re-usabilit...
shell-server 0.2.1 Server-side component of the `meteor shell` command.
standard-minifier-css 1.3.2 Standard css minifier used with Meteor apps by default.
standard-minifier-js 1.2.1 Standard javascript minifiers used with Meteor apps by default.
tracker 1.1.1 Dependency tracker to allow reactive callbacks
undeadlol1:angular-filter-count-to 1.0.0 Angular directive to animate counting to a number (by sparkalow)
urigo:angular-blaze-template 0.3.0 Include Blaze templates in your angular-meteor application.
urigo:angular-ui-router 0.7.0 urigo:angular-ui-router, adds the ability to use Blaze templates with ui...
veekungx:sc-date-time 1.1.6 A Date-Time picker based on Googles Material Design Spec http://simeonc....
vinaynb:angular-loading-bar
After 10 days I finally found the solution. After I deleted certain packages and reinstalled them, I checked the environment variables. Here was the environment variable:
MONGO_URL: mongodb://<username>:<password>#shard1:15689,shard2:15689/myDB
This I changed to
MONGO_URL: mongodb://<username>:<password>#shard1:15689/myDB.
That solved the problem.

Resources