Login/Register
Error message "error:0308010C:digital envelope routines::unsupported"
Asked Answered
Solved node.jsreactjswebpack
A

67

2222

I created the default IntelliJ IDEA React project and got this:

Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:67:19)
    at Object.createHash (node:crypto:130:10)
    at module.exports (/Users/user/Programming Documents/WebServer/untitled/node_modules/webpack/lib/util/createHash.js:135:53)
    at NormalModule._initBuildHash (/Users/user/Programming Documents/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:417:16)
    at handleParseError (/Users/user/Programming Documents/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:471:10)
    at /Users/user/Programming Documents/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:503:5
    at /Users/user/Programming Documents/WebServer/untitled/node_modules/webpack/lib/NormalModule.js:358:12
    at /Users/user/Programming Documents/WebServer/untitled/node_modules/loader-runner/lib/LoaderRunner.js:373:3
    at iterateNormalLoaders (/Users/user/Programming Documents/WebServer/untitled/node_modules/loader-runner/lib/LoaderRunner.js:214:10)
    at iterateNormalLoaders (/Users/user/Programming Documents/WebServer/untitled/node_modules/loader-runner/lib/LoaderRunner.js:221:10)
/Users/user/Programming Documents/WebServer/untitled/node_modules/react-scripts/scripts/start.js:19
  throw err;
  ^

It seems to be a recent issue - webpack ran into this 4 days ago and is still working on it.

Aware answered 23/10, 2021 at 23:39 Comment(12)
Do the workarounds mentioned in that issue link work for you?Fungal
@Mike'Pomax'Kamermans There are no workarounds in the issue by Webpack :/ This is why I asked this question.Aware
Yes there are? github.com/webpack/webpack/issues/14532#issuecomment-947012063 was posted 6 days ago (and there's lots of followup since then from people asking exactly how to use that, with lots of explanations by several folks).Fungal
@Mike'Pomax'Kamermans my bad! i saw that and thought 'but where' and looked for an answer but only found people asking what i wanted to know. My bad!Aware
If you have come here with this error on NodeJS v18.x, the cause is the same. See web.archive.org/web/20220412174915/https://nodejs.org/api/… for details as to the cause, and follow the instructions to enable the OpenSSL legacy provider web.archive.org/web/20220416014625/https://nodejs.org/api/…Grindle
Have you tried to update to the latest version of webpack? I'm not sure about the cause of this bug, but it was already fixed on the latest version.Canonical
just run the compatible version with the current project nvm exec [v] [npm run dev] || [node app.js] check nvm -h examplesParthenogenesis
This worked for me: https://mcmap.net/q/45651/-webpack-build-failing-with-err_ossl_evp_unsupported-duplicateJurgen
I don't want to hijack the comments section, but I think it's crazy that the top 10 answers recommend downgrading your security or sticking to an outdated node version when for most people facing this issue (and the OP) the solution is simply upgrading react-scripts to >5!Bawl
@neopostmodern, sometimes projects can't be easily upgraded, sometimes there are budget or time constraints, etc. Downgrading is, sometimes, the way to go. Not everything is perfect or easy.Razzledazzle
I'm not trying to argue that real-world constrains or setups without react-scripts don't exist, but they can't possibly reflect/justify the current order of answers. I'd expect those to be "In case the obvious solution doesn't work, try these workarounds" kind of answers you get when you scroll down.Bawl
Maybe someone finds this useful, I have been using "webpack": "^5.7.0", and upgraded to "webpack": "^5.88.2", and it worked. I presume the transient dependencies were updated (possibly due to security issues).Weathertight
S
1125

In your package.json: change this line

"start": "react-scripts start"

to

"start": "react-scripts --openssl-legacy-provider start"
Stymie answered 25/10, 2021 at 19:45 Comment(16)
but note that --openssl-legacy-provider means you are now almost certainly running with known insecure SSL, so this might mitigate the symptom, but it probably doesn't fix the underlying problem.Fungal
But of cause, this is acceptable when running localhost. In the newly released VS 2022, starting a react-app from scratch, having VS 2022 creating a self-signed certificate for you, still causes the sample project to crash. This is also an issue when creating a react-project from scratch using NPM commandline "npx create-react-app react-core-test". I testet this in two distinct environments runnin WIndows 10 and Windows 11.Kamenskuralski
See Ashok's answer. It's the correct solution to keep SSL working without vulnerabilities and it worked for me.Twyla
I don't understand the implication that, somehow, using node 16 with openssl 1.x would be more secure than using node 17 with openssl 3 in legacy mode. OpenSSL made something stricter in v3. You're either defeating that restriction one way, or the other. Both approaches are probably equally insecure.Barina
nodejs.org/en/blog/release/v17.0.0Cairns
This has been solved in react-scripts 5: https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quotBawl
thanks, adding this parameter worked in my latest node version. I am impressed how node / react related commands keep breaking months after we create a solution and try to maintain it.Margalit
Thanks, I had to modify similarly in my nextjs app "dev": "cross-env NODE_OPTIONS=\"--openssl-legacy-provider\" node server.js",Rest
Thanks! This worked like charm. But this means the project is somewhat insecure.Diandiana
In case anyone found this while working on a React Native project and attempting to build through XCode (likely on an M1 Mac), you can add this node arg in node_modules/react-native/scripts/react-native-xcode.sh. Mine was found at line 103, but of course that may vary based on versions, &c. I just updated the line to read: [ -z "$NODE_ARGS" ] && export NODE_ARGS="--openssl-legacy-provider" and I was instantly back in business. Note that this may well be overwritten after each npm install or yarn run, and would likely be ignored by your version control as it lives in node_modules.Nucleonics
what I need to change in case ReactNative?Turpin
This doesn't work for Webpack.Mudskipper
Worked for me, so hacky or not, this is the goto solution for anyone wanting to try out some react project with this problem.Craftwork
I needed to do a npm audit fix --force first to get this working.Unalloyed
thanks a lot, i use all methods above but none of them works, only working when changing script commandLimicoline
I was also facing same issue, but i resolve this by performing two steps: 1. npm audit fix --force 2. upgrading my node version from version 18 to 21. I think mostly this error comes in version 18 of node.Kyleekylen
V
2695

You can try one of these:

1. Downgrade to Node.js v16.

  • You can reinstall the current LTS version from Node.js’ website.

  • You can also use nvm. For Windows, use nvm-windows.

2. Enable legacy OpenSSL provider.

On Unix-like (Linux, macOS, Git bash, etc.):

export NODE_OPTIONS=--openssl-legacy-provider

On Windows command prompt:

set NODE_OPTIONS=--openssl-legacy-provider

On PowerShell:

$env:NODE_OPTIONS = "--openssl-legacy-provider"

Reference

Virgenvirgie answered 24/10, 2021 at 18:44 Comment(60)
where do i put this?Aware
@Evergreen you have to define the variable when you are building --> in your npm run command (you can use export, SET or cross-env depending on your OS)Alla
For me this command fails /usr/local/Cellar/node/17.0.1/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONSTayyebeb
what about docker run --rm -v $(pwd):/usr/src -w="/usr/src" node:latest export NODE_OPTIONS=--openssl-legacy-provider && yarn build /usr/local/bin/docker-entrypoint.sh: 11: exec: export: not found @ajoy-karmakarBoschbok
Worked for me, windows 10 using gitbash terminal (with the unix commands option enabled during installation)Beaconsfield
This solution is not recomended, try to uninstall Node.js version 17+ and reinstall the Node.js version 16+.Helenehelenka
did set NODE_OPTIONS=--openssl-legacy-provider It's giving the same errorSherlynsherm
@AbdulBasitRishi This worked well, thank you for posting. It seems like a very telling solution... is this an issue buried within the newest Node version or is it just incidental that reverting to the older version solves it?Tristichous
Hi, please edit this and add windows command --> set NODE_OPTIONS=--openssl-legacy-provider. Thank you!Columniation
For many using Linux doing a simple export NODE_OPTIONS=--openssl-legacy-provider is not a very efficient solution. Once your terminal session ends that change goes away. If you wanted to make this permanent you'd have to add it to something like ~/.bash_profile or ~/.bashrc. Regardless, as mentioned by others I think setting an environment variable to work around the problem feels a bit hacky. Better to revert to LTS version of node in my opinion.Centuplicate
I've this problem with node 16.13.2Yanyanaton
Downgrading to 16.13.0 is not enough, and it still won't let you use --openssl-legacy-provider. To use this parameter, you must be on v17 and up, and the parameter must be placed inside your package.json, it won't allow you to just place it in the NODE_OPTIONS env var for security reasons. And then it still doesn't work. This will only become a bigger problem as more people move onto the v16 LTS as a lot of projects still depend on Webpack 4Cattalo
I'm using nvm, so I just switched versions to: 16 and it worked perfectly. It wasn't required for me to define the SSL env variables.Suboxide
How did you switch versions?Ironlike
Please go through the answer again. I have updated the answer.Virgenvirgie
If you use multiple versions of node, it's best to use nvm and uninstall node all together. Then use node version manager to install the latest version using nvm install lts && nvm use ltsSadick
On PowerShell, $env:NODE_OPTIONS = "--openssl-legacy-provider". Upgrading to 18.4.0 didn't help.Corie
On Mac Monterrey, this env. variable mentioned in the answer solved it: export NODE_OPTIONS=--openssl-legacy-providerAttenuant
The answer by @rob-juurlink was the only one which was feasible for me https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quot. It does not require downgrading nodejs nor does it require updating all the underlying webpack stuff etc nor does it require the --openssl-legacy-provider flag. It targets the root problem (dropped support for MD4 in OpenSSL 3) and fixes it in a reasonably elegant manner.Taligrade
WARNING: WARNING: WARNING: WARNING: WARNING: WARNING: WARNING: WARNING: If you use the yarn tool, it will default to /usr/bin/node and won't properly follow your PATH. I wasted an HOUR downgrading my Node to all kinds of old versions via the n tool. I still kept getting the error. Finally I uninstalled the distro's nodejs package and NOW Yarn realizes I want to be using the n version in /usr/local/bin/node instead. The error is fixed. There is probably a way to tell Yarn which Node version to use but I had just assumed it would figure that out from PATH, meh.Reames
I get /usr/bin/node: --openssl-legacy-provider is not allowed in NODE_OPTIONS on Fedora 35.Ferricyanide
Adding export NODE_OPTIONS=--openssl-legacy-provider to Home/.zshrc (MAC / Linux Manjaro or any other distro with Zsh) will avoid putting it every timePantaloons
combining the two options worked for meCarriole
echo 'export NODE_OPTIONS=--openssl-legacy-provider' >> ~/.zshrc works for me. Don't forget to reopen terminalLevona
This solution is not recomended, try to uninstall Node.js version 17+ and reinstall the Node.js version..Telamon
this actually, helped me for my project that's been lasting for months. However, I feel it's not the best way as I can't install any dependency for my newly created project.Vocabulary
Consider the warnings in this - https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quot - answer before doing this.Albertinealbertite
if you are doing above steps, above error will solve. but new error will comes Line 6: 'React' must be in scope when using JSX react/react-in-jsx-scopeGadgeteer
you can change npm run start in package.json: "start": "react-scripts --openssl-legacy-provider start", that works as well and doesn't require you to change node versionsHoliness
This is not a solution, it's the opposite of a solution! This will take away all the benefits of upgrading to a new version with all its security updates. Please don't do this! The real solution is no where to be found so far!Berth
No need to downgrade. I'm using node.js 18 with project built with probably node 14. Injecting the parameters into your start script only fixed the issue for me.Jamilajamill
I added the following line to my .zshrc file and then restarted my session: export NODE_OPTIONS=--openssl-legacy-providerBrooksbrookshire
If the project has other dependencies that relies on the React version you are currently in, then no need to downgrade. just add the '''--openssl-legacy-provider start''' to the react-scripts start.Diandiana
This worked for me. I didn't try it sooner because I though since 18 is LTS, it shouldn't require downgrading. Why is this STILL an issue?Caddie
found that only version 16.13.0 working in this caseKaohsiung
Downgrading worked for me (nvm install 16 && nvm use 16)!Markham
For me set NODE_OPTIONS=--openssl-legacy-provider was all I had to do. No downgrading needed.Daphnedaphnis
It's fairly recent, but Storybook 7.x release candidate has been released. It's built on newer versions and doesn't suffer this issue. You could attempt an upgrade to it: storybook.js.org/docs/7.0/react/get-started/installNisan
I was on node 19 but then downgrading to 16.18.1 helped me fix the issue.Lesbos
I had this issue when using webpack-dev-server, and using nvm to downgrade Node from v19 to v16.20.0 solved it. Thanks buddy!Evonevonne
In my Mac, export NODE_OPTIONS=--openssl-legacy-provider fix the problem.Tetragrammaton
I have Windows. I typed the special command for Windows in the command line, but I still got an error. I ran the command for Linux in git bash and the problem was solved!Checky
I encountered this issue in my Windows 10 with node v18.16.0. The set NODE_OPTIONS=--openssl-legacy-provider fixes the issue for me.Dorella
nvm use 14.21.2 solved my issueOireachtas
So, how can I undo "set NODE_OPTIONS=--openssl-legacy-provider"?Spina
On Windows when working on a Preact project I needed to modify the "scripts" section in the package.json from "dev": "preact watch", to "dev": "set NODE_OPTIONS=--openssl-legacy-provider && preact watch". It could be similar for React projects.Dropsonde
Downgrading alone worked for me on Mac. Thank youAconite
i used it without -- and my app works with node 16.20.1; cross-env NODE_OPTIONS=openssl-legacy-provider ...Leading
I'm using Mac and export NODE_OPTIONS=--openssl-legacy-provider worked for me.Duppy
I had this error when running a legasy angular app in windows. I use a dos batch file to launch the app, so just added this before the ng server command: set NODE_OPTIONS=--openssl-legacy-providerTransversal
export NODE_OPTIONS=--openssl-legacy-provider doesn't work with node below 18Teratoid
This worked for me with node v18.18. Thanks!Seminary
I've added it into the .npmrc file which I got from this comment: github.com/nodejs/node/issues/40455#issuecomment-1527619752Womanish
node version was the issue for me. Changed it using nvm use ##Gorlicki
it works for me after 24 hours of searching the solution. Thanks @AjoyKarmakarRockaway
it works for me with nodejs version v20.11.0Signory
This solution worked for us. We were running npm run build within the node:lts container image as part of our GitLab CICD pipeline. We just added the NODE_OPTIONS variable as a project variable and re-ran the failed job.Nicolnicola
export NODE_OPTIONS=--openssl-legacy-provider this works for me, thank you!Bellboy
Had this issue with an older version of storybook. Starting storybook with NODE_OPTIONS=--openssl-legacy-provider start-storybook worked. Thanks.Somewise
setting set NODE_OPTIONS=--openssl-legacy-provider on windows worked for meCrotch
S
1398

Danger

This question has more than 30 answers, most suggesting to either downgrade Node.js to pre v17 or to use the legacy SSL provider. Both of those solutions are hacks that leave your builds open to security threats.

Reason For The Error

In Node.js v17, the Node.js developers closed a security hole in the SSL provider. This fix was a breaking change that corresponded with similar breaking changes in the SSL packages in NPM. When you attempt to use SSL in Node.js v17 or later without also upgrading those SSL packages in your package.json, then you will see this error.

The Correct (safe) Solution (for npm users)

Use an up-to-date version of Node.js, and also use packages that are up-to-date with security fixes.

You can first try an update to see if that solves the problem:

npm update

If that is not enough, for many people, the following command will fix the issue:

npm audit fix --force

However, be aware that, for complex builds, the above command will pull in breaking security fixes that can potentially break your build.

Note for Yarn users

Yarn users can use yarn-audit-fix which can be run without installing as a dependency via

npm_config_yes=true npx yarn-audit-fix

or windows powershell:

$env:npm_config_yes = 1; npx yarn-audit-fix

A less heavy-handed (also correct) solution for Webpack

In your Webpack config, set either of the following: (See the ouput.hashFunction docs)

A. (Webpack v5) Set output.hashFunction = 'xxhash64'.
B. (Webpack v4) This will depend on what hash algorithms nodejs supports on your system. Some common options you can try are output.hashFunction = 'sha512' or output.hashFunction = 'sha256'.

See more info in Greg's answer.

Siu answered 18/7, 2022 at 19:7 Comment(34)
npm audit fix --force is the only thing that worked for me, but I also had to upgrade all package dependencies in my project first: nodejs.dev/en/learn/…Ferricyanide
I was unable to run an npm audit fix because I am using a proxy that doesn't support it. An alternative was to do an npm audit --regsitry=https://resgistry.npmjs.org and manually inspect the packages to find the offender (in my case elliptic). Look for Use of a Broken or Risky Cryptographic Algorithm. Then manually update that package to a non-offending version.Claviform
@LukeHutchison probably upgrading the packages is what fixed it, not the audit...Stutzman
@vanowm, the audit fix --force upgrades packages in a more heavy-handed way than a regular upgrade. The --force flag upgrades even breaking changes, which is what many (perhaps most?) of us who have this problem need to fix the problem (unless using the less heavy-handed option mentioned in Greg's answer).Siu
@David, in my case using npm update what fixed it, the npm audit fix --force prior that did nothing...just saying.Stutzman
Thank you for the actually sane answer, David. I'm shocked at the number of answers that suggest downgrading node.Rizo
Guys please use npm audit fix --force this works and other options are not safe if you are working on big projectWainscoting
This solution did absolutely nothing to help me - either the "correct safe solution" or the "less heavy handed solution" - it just wasted my time and I got exactly the same error message after trying these fixes.Ariosto
npm audit fix --force COMPLETELY BREAKS MY PROJECT! DAMNTurpin
Yes, it is important to reiterate, this fix can break your build. Be aware before trying this heavy-handed fix. The needed security updates are breaking changes.Siu
@JuliusGoddard, I agree. I am just learning React, following a course released 3 months ago (so relatively up-to-date). I have no idea what any of this is about. But I had 72 audit errors before running npm audit fix --force, and I have 72 errors after. Nothing is fixed. When I tried adding output.hashFunction = 'xxhash64' to my webpack.config.js file (which was not easy to find, BTW), I received this error message: (node:12080) [DEP0111] DeprecationWarning: Access to process.binding('http_parser') is deprecated. ... output is not definedMacaluso
@Todd Hoatson I know... the solution is like "don't listen to anyone else, our answer is the best" and it doesn't do anything and screws up people's projects.Ariosto
Hi @David, thanks for your insight. The Webpack configuration you offer seems to only work for v5. I'm using Webpack 4 (Nuxt 2) and output doesn't seems to be a rules property. Any advice to do the same configuration with v4 please?Nescience
Hi @Claire, I have edited with some helps for webpack v4. What works for webpack v4 will depend some on what hash functions your system supports, so some people may need to experiment to find an appropriate option. Hope that helps!Siu
@LukeHutchison the link is dead, did you mean thisAttenuant
If you're using YARN, you'll need to use npm to use this fix, here is some documentation that helps: https://mcmap.net/q/45652/-is-there-a-yarn-alternative-for-npm-auditBattalion
For me, using npm i --package-lock-only (because I was using yarn) and then using npm audit fix --force got me from 28 vulnerabilities to 0, so I'd assume that this answer can work. (and can fail, as the author pointed out)Battalion
BUT then I had to randomly upgrade all my packages and then my build finally worked. So, I guess that besides the npm auto fix, some packages were needing an upgrade, too, but I couldn't know which ones.Battalion
I'm experiencing the same issue for a Laravel project with webpack.mix.js. Unfortunately none of the options work, and I find it odd that almost everyone suggests downgrading Node. I attempted npm audit fix, then executed npm audit fix --force which can be a bit more destructive based on project dependencies. Unfortunately the ladder command then broke the project build. Thank you for the suggestions however.Fourthly
None of these worked.Theodore
This fix was a breaking change - it made my day!Taddeo
npm audit fix --force breaks everything I have, every time I use it. Nothing will build. I can start from scratch with create-react-app and that command will break it as well. Need a npm fix audit fix --force first. haMudskipper
yarn users can use yarn-audit-fix package, it worked for me in terms of fixing audit errors but didn't fix the issue with SSL unfortunately,Maciemaciel
People, welcome to the land of JS development. Yes, there are complicated dependencies. If you're not willing to work with them and are happy to live with security holes, please get out of this field.Rhetorician
If I build an Angular app using "ng build", this "--openssl-legacy-provider" option fixes the build problem (it appeared after Node.js has been upgraded to v18). The generated app is served statically as transpiled js files. Does using this option pose any security thread in this case?Alfrediaalfredo
Security at the expense of usability, comes at the expense of security :)Amorous
I don't know what webpack use hashFunction to do, but I doubt there's any real word security issue, as in hashFunction's documentation itself, it says "You can provide a non-crypto hash function for performance reasons." So I can hardly agree with "Both of those solutions are hacks that leave your builds open to security threats."Douglas
Thank you for a sane answer. The number of javascript developers that perpetuate this nonsense is utter insanity.Bodyguard
openssl list -digest-algorithms can check what algorithms can digested for webpack v4Tasia
For me, simply doing pnpm update fixed the error, without forcePanto
npm audit fix, without force option, worked for me. Thank you for the hint ;)Lavona
@David's fix is completely wrong and doesn't work. There is NO fix for Webpack 4 other than to downgrade Node or to upgrade to Webpack 5. Astonishing this answer is so upvoted when it doesn't work!Ixia
Thank you, it was helpful to see the consequences of this. However in my case I use a package which creates an 'md4' hash (thus trigger that error), and I need Node 18+ for another package so I could see no other way than using the legacy openssl flag.Manichaeism
This should be the accepted answer. Too many of the other "solutions" are essentially saying, "Leave the door unlocked." -- when the correct solution is, "Fix the lock."Aweather
S
1125

In your package.json: change this line

"start": "react-scripts start"

to

"start": "react-scripts --openssl-legacy-provider start"
Stymie answered 25/10, 2021 at 19:45 Comment(16)
but note that --openssl-legacy-provider means you are now almost certainly running with known insecure SSL, so this might mitigate the symptom, but it probably doesn't fix the underlying problem.Fungal
But of cause, this is acceptable when running localhost. In the newly released VS 2022, starting a react-app from scratch, having VS 2022 creating a self-signed certificate for you, still causes the sample project to crash. This is also an issue when creating a react-project from scratch using NPM commandline "npx create-react-app react-core-test". I testet this in two distinct environments runnin WIndows 10 and Windows 11.Kamenskuralski
See Ashok's answer. It's the correct solution to keep SSL working without vulnerabilities and it worked for me.Twyla
I don't understand the implication that, somehow, using node 16 with openssl 1.x would be more secure than using node 17 with openssl 3 in legacy mode. OpenSSL made something stricter in v3. You're either defeating that restriction one way, or the other. Both approaches are probably equally insecure.Barina
nodejs.org/en/blog/release/v17.0.0Cairns
This has been solved in react-scripts 5: https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quotBawl
thanks, adding this parameter worked in my latest node version. I am impressed how node / react related commands keep breaking months after we create a solution and try to maintain it.Margalit
Thanks, I had to modify similarly in my nextjs app "dev": "cross-env NODE_OPTIONS=\"--openssl-legacy-provider\" node server.js",Rest
Thanks! This worked like charm. But this means the project is somewhat insecure.Diandiana
In case anyone found this while working on a React Native project and attempting to build through XCode (likely on an M1 Mac), you can add this node arg in node_modules/react-native/scripts/react-native-xcode.sh. Mine was found at line 103, but of course that may vary based on versions, &c. I just updated the line to read: [ -z "$NODE_ARGS" ] && export NODE_ARGS="--openssl-legacy-provider" and I was instantly back in business. Note that this may well be overwritten after each npm install or yarn run, and would likely be ignored by your version control as it lives in node_modules.Nucleonics
what I need to change in case ReactNative?Turpin
This doesn't work for Webpack.Mudskipper
Worked for me, so hacky or not, this is the goto solution for anyone wanting to try out some react project with this problem.Craftwork
I needed to do a npm audit fix --force first to get this working.Unalloyed
thanks a lot, i use all methods above but none of them works, only working when changing script commandLimicoline
I was also facing same issue, but i resolve this by performing two steps: 1. npm audit fix --force 2. upgrading my node version from version 18 to 21. I think mostly this error comes in version 18 of node.Kyleekylen
P
259

If we use the current LTS version of Node.js then this error will not come. Downgrade your Node.js version to the current LTS version (16.13.0).

There can be multiple ways to install the required version. One of them is using nvm (Node.js version manager).

Phytopathology answered 27/10, 2021 at 2:50 Comment(14)
but... why is the new version incompatible with old code? node is one of the biggest programming tools in the world, they wouldn't just create a new version of nodejs that wasn't backwards compatible (i guess they would because they did but you get my point)Aware
Forceful downgradeIsador
Thanks, It's great. It worked well after uninstalling nodejs version 17.1.0 and reinstall nodejs version 16.13.0.Galcha
Always use LTS for real applications, it fixed the issue.Zero
solved after downgrade NodeJs from version 17 to version 16 LTS.Lacedaemon
Is the new LTS after 16 supposed to revert back to old SSL? I am assuming the problem will be the same, just deferred until later, and using LTS 16 is a temporary solution.Jurkoic
Worked for me, instead of typing the version use nvm instal lts and nvm use lts.Brownstone
This was messing me up too. I had multiple versions installed including v17.2.0. It's best to uninstall versions that are not LTS: nvm uninstall v17.2.0Naturalistic
nodejs.org/en/about/releases and render.com/docs/node-version seem like they'll be helpful for me.Pact
"I have a Node problem that is.." - "Don't care! Downgrade it". I suggest to create a version number like v1000 and every release the major version decrease. So the best release will be smaller version. Until we reach v0.0Jacquelyn
From today Node 18.12.0 is LTS, so I think a downgrade is not a valid strategy anymore :-(Karns
So if Node v18 is now LTS, what's the solution now?Eugeniusz
I'm also getting this error when creating a nuxt app and I've just downgraded to version 16.13 nodejs.org/en/blog/release/v16.13.0 Note: I am only using this for testing purposesInternee
Someone said: Always use LTS for real applications, it fixed the issue. I upgraded to the latest LTS Node.js 18.13.0 (See nodejs.org/en/download/releases), and it did not fix this issue. I then tried npm audit fix --force which fixed the issue. When I ran diffs to see what was updated it was react-scripts: "^5.0.1" (previously it was 3.4.0). One of the answers said the fix was to use react-scripts version 5.Suggestibility
B
158

This is the simplest answer and works.

If you're using react-scripts you can now simply upgrade to version 5.0.0 (or above) which seems to have addressed this issue (it includes a newer version of webpack).

Example: npm i react-scripts@latest

Bawl answered 3/3, 2022 at 9:4 Comment(10)
This fixed the issue for my CI build without going backward on versioning or security (ie increasing tech debt with a loose end in the build). Probably should be the best answer in late 2022.Armageddon
I agree this should definitely be the accepted answer! I spent a bunch of time trying to make a webpack.config.js with the output hashFunction etc, and then undoing that and trying to do a config-overrides.js file and react-app-rewired since my environment is in docker: ALL A WASTE OF TIME. Seriously. Simply do like @neo said above and update react-scripts. Ex. npm i react-scripts@latestGovernorship
Not working for me when I run storybookTankoos
Hi @Caeta, does your package.json run react-scripts on start? It would look like this. This is default when you use create-react-app "scripts": { "start": "react-scripts start", "build": "react-scripts build", "test": "react-scripts test", "eject": "react-scripts eject" },Governorship
This didn't update the webpack version. I still get the same error after updating react-scripts to the latest version.Stannum
@Stannum have you manually pinned webpack? If you have a recent version of react-scripts you should absolutely have webpack >=5. Otherwise you might need to open a new question.Bawl
I found gatsby had this issue and a yarn upgrade gatsby fixed this issue on node 18.Sensation
For those who uses yarn: yarn add react-scripts. You might get a core-js error afterwards, then you should run: yarn add core-jsDriftwood
Thanks! I cannot risk the security of my MVP app.Permalloy
upgrading my react-scripts to v5+ worked for me too. (and deleted node_modules and reinstalled afterwards, for good measure)Horwath
H
95

I had this issue when using Vue.js.

A disadvantage of using -openssl-legacy-provider is that it is not supported by older Node.js versions. Older Node.js versions simply don't run when this flag is provided.
But I still want to be compatible with Node.js v16 and older.

Vue.js uses the MD4 algorithm to generate hashes (well, actually it's Webpack under the hood). MD4 can be easily replaced by MD5 for these kind of purposes. The type of algorithm used is hard coded in most places, so there isn't any way to configure another algorithm.

So I came up with another workaround. A function that intercepts the original createHash() call from the crypto module and replaces it with a modified version. This is at the start of my vue.config.js file:

const crypto = require('crypto');

/**
 * The MD4 algorithm is not available anymore in Node.js 17+ (because of library SSL 3).
 * In that case, silently replace MD4 by the MD5 algorithm.
 */
try {
  crypto.createHash('md4');
} catch (e) {
  console.warn('Crypto "MD4" is not supported anymore by this Node.js version');
  const origCreateHash = crypto.createHash;
  crypto.createHash = (alg, opts) => {
    return origCreateHash(alg === 'md4' ? 'md5' : alg, opts);
  };
}
Huldahuldah answered 12/5, 2022 at 16:29 Comment(9)
This almost worked for me, but then some part of my webpack build will use some multi-process node build step. Then you won't be able to inject this "shim" into the spawned node instances. I ended up just resolving this at the OpenSSL level: https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quotDismal
This is the most elegant solution which also solves the use of md4 and uses md5. (see comment of @JoshBowden linking to https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quot which describes underlying issue.)Palazzo
This was the only thing that solved my problem. Ialso have a Vue project. Thank you!Ought
@RobJuurlink thank you very much, it worked! However I did not understood how overwriting "cripto.createHash" in vue.config.js garantees that this new implementation is that one called latter on (where we have the error). Like, you overwritted this function for THIS cripto instance that you created in in vue.config.js.. How does it work in other classes where crypto is instantiated again? Thanks!Ought
@Ought it works because crypto is a singleton. Every time a program (in the same NodeJS runtime) calls require("crypto") the exact same object is returned.Huldahuldah
This is the best answer : it does not disable security feature and does not need to go back to Node 16. It just properly overwrite the outdated algo. Thanks.Turgent
Firstly, it fixed the issue when I used serve command, but build didn't work. I spent a day finding out I had to delete and regenerate yarn.lock file. Maybe it would save time for somebodyMaciemaciel
@Maciemaciel you need to insert this script at the start of each of your webpack configs, for me it was inserted in 3 places: webpack.config.js, webpack.dev.babel.js and webpack.prod.babel.js. The prod one is used for buildFrumentaceous
What would this look like in the context of a react app, though? I created a file (create-hash.js) and placed the code inside. Then I ran the command "node create-hash.js && react-scripts build". But it still failed with the same error. I'm guessing this didn't apply the fix to the correct instance?? Putting it in index.js didn't work either.Karilynn
I
88

There are a lot of workarounds posted (mostly downgrading Node.js, OpenSSL, or allowing insecure hashing), but the underlying problem is that Webpack's output.hashFunction defaults to md4, which triggers this error in recent versions of OpenSSL.

From Webpack's output.hashFunction docs:

Since Webpack v5.54.0+, hashFunction supports xxhash64 as a faster algorithm, which will be used as default when experiments.futureDefaults is enabled.

The solution is either:

  1. Set output.hashFunction = 'xxhash64'
  2. Set experiments.futureDefaults = true

in your Webpack configuration.

If you're on an older version of Webpack, (prior to v5.54.0) follow the output.hashFunction link above to see what other hashing algorithms are available to you.

Isidor answered 23/8, 2022 at 21:34 Comment(10)
If like myself, you made this change and you were still hitting issues, then check your loaders. file-loader and css-loader use md4 by default. You can force them to use another hashing algo when setting the name option like so: '[name].[sha512:hash:6].[ext]'Paederast
Hi @Isidor , thanks for this real answer to the problem. But I'm using Nuxt 2 which use Webpack 4 and output doesn't seems to be a rules property. So I'm at a lost on how I can fix this to be able to upgrade the Node version (build on Docker). Any idea? Thx!Nescience
I am getting a "Error: Digest method not supported" error when setting output.hashFunction to xxhash64. Perhaps because I am using Webpack v4?Eugeniusz
I'm sorry but this answer just does not work at all...When you change experiments.futureDeafults to true - webpack throws the error: "experiments is an invalid configuration object, and when setting output hashFunction to xxhash64, you get the error which Paul Razvan Berg mentions above - This answer needs to either be explained further or removed entirely - it caused me more problems than it solved.Ariosto
FYI @Claire, Nuxt3 is out and stable (haven't used it yet): nuxt.com/v3Albertinealbertite
Oddly it did not work for me. I am using symfony 6 web pack encoreJacket
Unfortunately webpack is not the only one that can throw such an error...Strophe
@KristianRoebuck babel-loader, too!Rhetorician
@PaulRazvanBerg et al, I had the same issue, the reason was because my webpack version was outdated. If you can't upgrade your webpack version, you can use a different hash algorithm like sha256. I do not know the security implications of choosing such a hashHallway
@JuliusGoddard I had the same issue, but updated my Webpack5 from "5.28.0" to "5.89.0" and it worked like charm.Elite
A
85

Update April 2023:

This answer was first posted in December 2021, it has been over a year so this answer might not as reliable or relevant anymore. See other answers about more causes behind this problem and the most updated solution.

Some top answers did not work.

export NODE_OPTIONS=--openssl-legacy-provider

And some top answers were not applicable, modifying package.json file:

"start": "react-scripts --openssl-legacy-provider start"

This is caused by the latest node.js V17 compatible issues with OpenSSL, see this and this issue on GitHub.

The easiest thing is just downgrade from node.js V17 to node.js V16. See this post on how to downgrade node.js.

Albanese answered 7/12, 2021 at 0:56 Comment(5)
Confirming that downgrading version to V.16 fixed the issue. nvm install v16 && nvm alias default v16 && nvm use v16 .Swoop
Downgrading from v17 to v16 fixes the issuePlankton
Yes this solution works perfectly. I've V17 in my workstation and facing this issue. Whereas the same package.json in my GitHub action uses V16 and this error is not happening. Thanks!Dandruff
downgrading isn't a good optionVerisimilitude
well, If I add this option, my React code doesn't compile. I get below error ..........Failed to compile ./node_modules/react-idle-timer/dist/index.esm.js SyntaxError: /Users/abdc/thank-you-cards-new/node_modules/react-idle-timer/dist/index.esm.js: Missing class properties transform.Melodie
F
85

For macOS, Windows and Linux

After updating to Node.js version 18.17.1, I got into this issue running on my local host, and I was able to resolve it by updating my start command in the package.json file.

Please find the appropriate command below.

"start": "export NODE_OPTIONS=--openssl-legacy-provider && react-scripts start"

You can also use npm audit fix --force. This will also fix it, but somehow it didn't work for me.

Fincher answered 11/7, 2023 at 7:30 Comment(3)
Windows users can use set instead of export, e.g: "start": "set NODE_OPTIONS=--openssl-legacy-provider && react-scripts start"Tersina
npm audit fix --force This worked for me. Thanks...!Agnesagnese
I also added that to the build part "build": "export NODE_OPTIONS=--openssl-legacy-provider && react-scripts build",Grandpapa
D
80

I found the commands below on GitHub:

For Windows, use the below command in cmd:

set NODE_OPTIONS=--openssl-legacy-provider

For Unix, use:

export NODE_OPTIONS=--openssl-legacy-provider
Duplessis answered 3/11, 2021 at 12:18 Comment(8)
Thanks, it worked. But can you explain why this is happening and how this command fixes the problem?Antiphon
Worked for me thanks, but this is not a permanent solution.Helenehelenka
@AliKHalili This github link explains it :- github.com/webpack/webpack/issues/14532#issuecomment-947012063Duplessis
@AbdulBasitRishi Yes, sadly it is not. The easier one would be downgrade the node version. Seems like a new version issue in Node. Probably they will fix itDuplessis
This is essentially a duplicate of Ajoy Karmakar's answer (also without any explanation whatsoever).Cuculiform
Also note that this sets Node to always be insecure so never do this, it's an absolutely terrible idea. Only ever use this flag on a per-run (or per-npm-script) basis.Fungal
This was the correct solution for me. I am not interested in reverting to a version of Node with known security issues. Appreciate it!Chewink
I used it and got this error 'electron: --openssl-legacy-provider is not allowed in NODE_OPTIONS' Now, I don't know how to undo this lolStatistical
C
60

It's the Node.js version.

I have this error on Node.js 17, but it's fine when I switch my Node.js version to an older version (16) by using nvm.

Coelho answered 31/10, 2021 at 18:54 Comment(7)
Same here. Reverting to node 16 resolved the issue.Samella
Yup. encountered when trying to run hardhat tests just now. would love to hear a breakdown of what's causing it.Aloin
You were right, rolling the npm version back to 16.13.x worked!Kinsey
If you're using the package manager Chocolatey, you can just choco uninstall nodejs and choco install nodejs-lts to install the LTS version of node.Helfand
Somehow, this error also happens to me on node v16...Decile
Same issue on Node v18, revert to v16 helped.Carve
Same here. Dowgraded to node v16 and it's working fine nowFescue
S
47

For Vue.js related

  1. Enable the legacy OpenSSL provider.

    On Unix-like systems (Linux, macOS, Git Bash, etc.):

    export NODE_OPTIONS=--openssl-legacy-provider

    On the Windows command prompt:

    set NODE_OPTIONS=--openssl-legacy-provider

    On PowerShell:

    $env:NODE_OPTIONS = "--openssl-legacy-provider"

  2. In package.json

    Reconfigure this script for npm run serve as below;

    "scripts": {
    "serve": "vue-cli-service serve --openssl-legacy-provider",
 },
Saylor answered 18/5, 2023 at 14:58 Comment(0)
H
38

Failed to construct transformer: Error: error:0308010C:digital envelope routines::unsupported

The simplest and easiest solution to solve the above error is to downgrade Node.js to v14.18.1. And then just delete folder node_modules and try to rebuild your project and your error must be solved.

Heterocercal answered 24/10, 2021 at 13:16 Comment(6)
this is weirdly worded :| try using the ` character around code markdown helpAware
Version v16.13.0 instead of 17.x worked as well for me. I also didn't need to delete the node_modules folder.Claiborne
I'm running node version 14.17.3 and I'm still having this issue.Bingo
Sep 22: All github actions are run with Node 16: github.blog/changelog/…Photochemistry
Downgrading to Node 14 resolved the issue for me.Gregorygregrory
got error on 18.18.0, then switch to node 16.17.0 solved the issue, and remove node modules and rebuild not requiredPlacida
E
38

Temporary solution below. Actual solution is upgrading to Webpack 5.

Updated december 2022

This worked for me (downgrading to Node.js 16):

nvm install 16 --lts
nvm use 16

Using Node.js Version Manager (for Windows).

Eggnog answered 15/11, 2021 at 11:23 Comment(7)
It worked for me but I had to do nvm install lts without the dashes (Windows 10 - Powershell).Vladamir
It worked for me, but on my machine nvm install --lts already uses the version it installs, so no need to execute nvm useTelluric
This would no longer work as LTS is now 18Halla
need to use like nvm install 16.15.0 or whatever version you want. then nvm use 16.15.0Prickle
Consider the warnings in this - https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quot - answer before doing this.Albertinealbertite
Thanks! Upgrading to Webpack 5 resolved this issue for me.Appalachian
This worked for me after trying other answersGoth
S
38

I had the same error.

My case:

I installed a fresh React TypeScript application, added some SCSS content and some components.

Locally, my build was working, but when I tried to publish, it was failing with an error:

Error: error:0308010C:digital envelope routines::unsupported

I fixed this issue by updating my React script library to 5.0.1:

"react-scripts": "^5.0.1",
Subjunction answered 20/10, 2022 at 10:27 Comment(3)
wawww 2 weeks of work, after unistall npm and update to the current one, actually was like from one problem to another fixing that pop up another again but finally when I update the local frontend, backend's nodejs and npm so does my laptop system nodejs. I change my react-scripts to latest version.it worksHarar
I've just run yarn add react-scripts.Lynd
I have gone through all the answers but this one seemed more relevant as I am using current Node LTS v 18. Instead of downgrading Node version or using legacy SSL provider, using the latest react-script library fixed my problem.Continence
C
33

To bypass the error (in a development environment) you can simply run

export NODE_OPTIONS=--openssl-legacy-provider

before launching your Node.js application.

Cholecystectomy answered 25/2, 2023 at 21:30 Comment(0)
C
27

For Angular apps:

You can also edit the npm start script in package.json. Instead of

"start": "ng serve -o"

to

"start": "set NODE_OPTIONS=--openssl-legacy-provider && ng serve -o"

When you run npm run start in the terminal/command line, it will first set the NODE_OPTIONS to avoid the problem.

Cannell answered 25/4, 2022 at 15:37 Comment(3)
This was the solution for me to run an Angular 9 app with Node v18.14.0.Trowbridge
I had pulled down an Angular 12 sample from github and ran into the error. I have Node v18.17.0. This solution worked perfectly for me.Pylle
This solution worked perfectly for me, running a code base using Angular version 11 with my environment using version 20.11.1Reputed
C
25

Windows

  1. Install nvm-windows.

  2. Install the Node.js version that you want.

    nvm install 16

  3. Change your Node.js version

    nvm use 16

  4. Check the Node.js versions installed

    nvm list

macOS

Just setting NODE_OPTIONS then restart again:

export NODE_OPTIONS=--openssl-legacy-provider
Complication answered 20/1, 2023 at 1:19 Comment(1)
Please review Why not upload images of code/errors when asking a question? (e.g., "Images should only be used to illustrate problems that can't be made clear in any other way, such as to provide screenshots of a user interface.") and do the right thing (it covers answers as well). Thanks in advance.Cuculiform
A
20

This is a common error when packages on a project are not updated and the React version that you use is not the latest.

To fix this problem, you need to change your package.json file this way:

Change this 👇

"scripts": {
    "start": "react-scripts start",
    "build": "react-scripts build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
}

to this 👇

"scripts": {
    "start": "react-scripts --openssl-legacy-provider start",
    "build": "react-scripts --openssl-legacy-provider build",
    "test": "react-scripts test",
    "eject": "react-scripts eject"
}
Antiquarian answered 27/8, 2022 at 9:16 Comment(1)
this has already been posted, also it's only appropriate for dev envSaltarello
O
20

I had the same problem, and the following worked.

Set the NODE_OPTIONS environment variable to --openssl-legacy-provider. To do this, open your terminal and run the below command:

For macOS, Linux or Windows Git Bash

export NODE_OPTIONS=--openssl-legacy-provider
Oncoming answered 11/9, 2023 at 12:27 Comment(1)
This is workingBibliomancy
D
18

I faced this issue in Docker build, and I have added this line in the Docker file:

RUN export NODE_OPTIONS=--openssl-legacy-provider && yarn build && yarn install --production --ignore-scripts --prefer-offline

For local development, add the switch in file package.json.

Dearth answered 28/10, 2021 at 7:6 Comment(3)
NODE_OPTIONS=--openssl-legacy-provider is command line argument which should be present when you run yarn build. Nothing to do with Docker. When you build docker image of your application above line is what you use to buildDearth
This is a near-duplicate of Ajoy Karmakar's answer. This one is also missing an explanation. Can you please provide an explanation? E.g., why is --openssl-legacy-provider necessary? Why all the yarn stuff? Please respond by editing (changing) your answer, not here in comments (without "Edit:", "Update:", or similar - the answer should appear as if it was written today).Cuculiform
The answer above runs in docker file with yarn as package manager. This will help users who are using similar environments and unable to resolve with other answers provided. Ill edit the answer with more explanation. ThanksDearth
H
18

Running audit fixed the problem for me

npm audit fix --force
Hypnology answered 19/4, 2022 at 14:44 Comment(2)
The uncomfortable path, but the right path. I had to run the audit fix more than once until it completed most fixes. Just minor code brakes. Worth itEtter
Solved my case on the first try! Thanks for keeping my system secure!.Azrael
F
17

As a 2022 reader, none of the answers address the fact that this issue was fixed early on for Webpack 5 users (but not backported to Webpack 4). If you're on Webpack 5, simply upgrade to at least 5.61.0. See this comment here on the thread tracking this issue.

Flaherty answered 3/11, 2022 at 13:8 Comment(5)
npm install webpack@latestBrittaneybrittani
Thank you! This answer helped me solve the issue in a reasonable way. It is like the 22nd answer on the page but it is by far the most reasonable. The error is happening inside of webpack. So it makes sense to update webpack. I updated to the latest version of webpack and now I no longer see this error. The other answers are basically 1. hide the error message 2. upgrade all dependencies or 3. downgrade your dependencies. To be fair, those answers will make the error message go away. But they aren't the best answers.Palter
@Palter It blew my mind how hard it was to find that Webpack straight up fixed the issue and you just have to update to get the fix. I was too stubborn to go with any of these hacks.Flaherty
I updated webpack to 5.8.0 but issue is still the same...Rossierossing
@Rossierossing 5.8.0 is not higher than 5.61.0. 5.80.0 is.Flaherty
E
14

If you are facing this error and you do not want to change your main configuration, an easy fix would be to use the following approach. I am not sure if it is recommended as a good practice, though.

Feel free to correct it.

Initially, let’s say this is the scripts section of my package.json file:

...
"version": "1.0.0",
  "scripts": {
    ...
    "build": "npm run build:test-app:testing",
    "build:test-app:testing": "ng build test-app --deploy-url  https://test-app.com/ --configuration=test-config",
    ...
  },
  "private": true,
...

In order to use this export NODE_OPTIONS=--openssl-legacy-provider you can do the following:

"version": "1.0.0",
  "scripts": {
....
    "build": "NODE_OPTIONS=--openssl-legacy-provider npm run build:test-app:testing”,
    "build:test-app:testing": "NODE_OPTIONS=--openssl-legacy-provider ng build test-app --deploy-url  https://test-app.com/ --configuration=test-config"
...
  },
  "private": true,

Take note of the build scripts. I have added an option: NODE_OPTIONS=--openssl-legacy-provider

This helps solve this error in Node.js version 17.

For those with the flexibility of changing the build system's Node.js version, just switch to a version lower that 17, e.g., version 16.

For Docker, the use case of using this initially, which always pulls the latest version:

...
FROM node:alpine
...

You can switch to something like:

...
FROM node:16-alpine3.12
...
East answered 2/11, 2021 at 11:57 Comment(0)
S
14

check

node -v
v17.4.0

then roll back to node --lts (node v16.13.2 (npm v8.1.2)) for that use nvm.

nvm install 16

then check node -v and confirm it's version 16.

Staff answered 1/2, 2022 at 10:54 Comment(4)
I'm using v16.13.2 and I've this errorYanyanaton
This worked for me, also I did update react scripts first so one of them fixed the issue.Backboard
Remember that your answer will outlive what lts means. Right now it's v16, a year from now it's going to be v18, so if you're telling folks they need v16, give the nvm instructions for that version, not "whatever lts happens to be".Fungal
Consider the warnings in this - https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quot - answer before doing this.Albertinealbertite
J
14

Same Error with node version v18.0.0 and nuxt framework version 2.15 when running dev server and will be fixed by:

"scripts": {
  "dev": "NODE_OPTIONS=--openssl-legacy-provider nuxt"
}
Jo answered 11/5, 2022 at 8:28 Comment(1)
Got error: Cannot find moduleVain
H
12

This solution worked for me.

This error is coming in Node.js version 17+, so try to downgrade the Node.js version.

  1. Uninstall Node.js from the computer.
  2. Download Node.js version 16 and install it again from https://nodejs.org/download/release/v16.13.0/

That's all.

Helenehelenka answered 10/11, 2021 at 9:16 Comment(5)
but why? Why did node v17 have problemsAware
@Evergreen This is most likely a webpack4 issue, also in version 17 Node.js developers have deprecated of trailing slash pattern mappings which is unsupported in the import maps specification. Node.js developers needs to resolve this asap.Helenehelenka
yea, i would expect node js, being such a widely used product, would have a bit more care put into backwards compatibility.Aware
or, if you're using nvm (node version manager) (and if you're not, you should be, so take this moment to do so...), you can just type nvm install 16 and you're good to go.Aloin
note that the phrasing is misleading: the "error" is not an error at all, it's Node 17+ actually using an secure, rather than known insecure, version of OpenSSL. The bypass is to install Node 16 and keep running with insecure SSL behaviour, but the solution is to update your dependencies to ones that are Node 17+ compatible.Fungal
D
12

This answer is an immediate OpenSSL system-level workaround without touching a previously working build configuration.

In the ideal world, you have time to upgrade and migrate insecure build dependencies and make sure you didn't break something else in your application (or wholesale just avoid webpack, or in my case migrate from vue-cli to vite which uses esbuild).

You "should" instead either, (a) tell webpack to use a newer hash function, or (b) mitigate the offending packages with npm audit.

System-level OpenSSL workaround

The quickest workaround is to temporarily re-enable MD4 by enabling the "legacy" crypto providers within the system-wide OpenSSL configuration.

This is incredibly insecure and heavy-handed. Afterwards, you should disable the legacy crypto methods.

(Unfortunately, the following is only tested to work on Linux).

  1. Backup your existing OpenSSL configuration: sudo cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf.BAK

  2. Append (or uncomment) the following configuration to enable the legacy "providers" (as OpenSSL calls them). You probably want to sudo vim /etc/ssl/openssl.cnf or similar.

    [provider_sect]
default = default_sect
legacy = legacy_sect

[default_sect]
activate = 1

[legacy_sect]
activate = 1

  3. Rerun your node script as before.

  4. Disable the legacy providers afterwards.

    sudo mv -f /etc/ssl/openssl.cnf.BAK /etc/ssl/openssl.cnf

This solution is from an answer to a similar problem.

What is the underlying cause?

Node uses OpenSSL for its hash functions and encryption on *nix systems. The latest version of OpenSSL disables MD4 by default—which will break any previously working program that uses MD4. With that in mind, any npm package that thought using MD4 for file hashes was a "good idea" are now broken—even though MD4 has been considered broken by RSA Labs since 1996! MD4 was also "officially" relegated as obsolete by RFC 6150 in 2011.

Dismal answered 30/9, 2022 at 4:30 Comment(0)
N
11

You have to use MD5 in this file. MD4 is the default, but it will not work. It will work without an issue, until you delete the node_modules folder folder.

Go to this path: */node_modules/metro-cache/src/

Change the file stableHash.js like below from md4 to md5:

Enter image description here

Nightfall answered 25/5, 2023 at 11:33 Comment(5)
Thank you Hitesh your solution saved meCreek
This must have many votes. this is the answer finally helped me. btw @hitesh will there be fixes in future from RNRetake
You're my hero!! From all answers this solution worked :)Zak
Tis worked for me. Is it not possible to fix this by updating a relevant package though?Leesen
How is this a solution? You are editing a node module which will be replaced on the next install.Wartime
D
7

In PowerShell:

$env:NODE_OPTIONS = "--openssl-legacy-provider"

It worked with Node.js v18.7.0.

Dissentious answered 9/8, 2022 at 6:28 Comment(1)
I wish I had navigated to page 2 before reading through the discussion to find this answer, but hey, a working solution is a solution 👍Quarrelsome
T
6

This worked for me in my app expo (downgrading from Node.js 17 to Node.js 12 or 14).

If you have nvm installed you can change the version of node:

First check versions of Node.js in nvm:

nvm list

Second, install version 12 or 14:

nvm install v12.22.8
Tiga answered 23/12, 2021 at 14:39 Comment(2)
Downgrading is not a secure and long-term viable solution.Gibb
I am using Node 18, also working on an Expo app. Installing the latest version of @expo/webpack-config and allowing any version of Expo to be installed (use the "*" constraint in package.json), fixed the issue.Trainer
U
6

npm update fixed it for me. NPM V18

Urbanite answered 31/5, 2023 at 9:8 Comment(2)
yarn upgrade worked for me as of 8/28/23Hahnke
I think you mean Node v18. npm only goes up to v10 at the momentNickinickie
C
6

Add a file called .npmrc in the root of the project, and add this to the file:

node-options="--openssl-legacy-provider"

You can also always remove it easily.

Cicelycicenia answered 25/12, 2023 at 15:40 Comment(1)
this one the only one that works for elm on github actions CI, environment variable didn't workRodgerrodgers
P
5

You need to update react-scripts to the latest version

npm update react-scripts --save
Penelope answered 18/3, 2022 at 13:40 Comment(2)
This didn't work for me. :/Backboard
This didn't work for me, either.Macaluso
A
5

I got the same issue for a Vue.js project. I uninstalled the new version (greater than 18) of Node.js from the machine and installed a previous version (v16.14.2). It works.

Arvy answered 17/11, 2022 at 7:55 Comment(4)
I did the same and it works!Charqui
Yes it works, but is not a solution.Antecede
Yes. It's just like a workaroundArvy
Consider the warnings in this - https://mcmap.net/q/44955/-error-message-quot-error-0308010c-digital-envelope-routines-unsupported-quot - answer before doing this.Albertinealbertite
T
5

I had the same error when I was migrating a React project to support TypeScript.

  1. delete the node_modules folder
  2. run the npm install command
  3. run the npm audit fix --force command
  4. try to start the server

This worked for me.

Triciatrick answered 27/7, 2023 at 11:58 Comment(1)
This does not really answer the question. If you have a different question, you can ask it by clicking Ask Question. To get notified when this question gets new answers, you can follow this question. Once you have enough reputation, you can also add a bounty to draw more attention to this question. - From ReviewHalfhearted
B
4

Here is a quick fix that was suggested and worked for me. cd into your new App directory that you made; you may need to sudo this install, and then run the following:

Run:

npm install -g npm-check-updates

Then:

ncu -u

Then:

npm install

Then:

npm start

Bacchus answered 5/10, 2022 at 6:28 Comment(1)
This is dangerous because it indiscriminately will force all packages to update. For example, one of my apps was written in Vue2, and running the commands listed pushed it to the latest Vue3 release. It would certainly break my app.Grimes
A
3

I resolved this problem on Windows by uninstalling OpenSSL 1.1.1, installing OpenSSL 3 (if you use Chocolatey: choco install openssl.light) and updating Angular to the latest version (currently 14), that solves the abovementioned problem with Webpack configuration.

Certainly, downgrading Node.js, as most of the answers suggest, is not a proper way to go.

Andesine answered 13/10, 2022 at 20:29 Comment(1)
Why is this not the accepted answer?Dnepropetrovsk
F
2

On Dockerfile you should add:

ENV NODE_OPTIONS=--openssl-legacy-provider
Fablan answered 17/11, 2021 at 10:16 Comment(2)
Near duplicate: Ajoy Karmakar's answer (also without any explanation whatsoever)Cuculiform
I wanted it to be clear how to use with DockerFablan
M
2

I resolved this error by updating my version of babel-loader after updating Webpack. However, it may be due to another loader or plugin. loader-runner appears in the console output of the original question. See the comment here.

Mayhew answered 6/12, 2022 at 10:41 Comment(1)
It is similar to this answer.Cuculiform
T
2

I am getting the same issue with another project. I have cloned it here: react-toolkit-example

Issue:

error:03000086:digital envelope routines::initialization error #1

set NODE_OPTIONS=--openssl-legacy-provider

It works as a temporary fix, but I need a proper solution to this.

Thanatopsis answered 18/5, 2023 at 1:34 Comment(0)
I
2

Only running the below command fixed my issues:

npm audit fix --force
Immix answered 14/9, 2023 at 14:19 Comment(0)
R
2

After updating node js this happens

the best solution for now is just run

npm audit fix --force

if did not work just delete node_modules and package-lock.json then again try

npm install
npm audit fix --force
Ranjiv answered 21/1 at 18:18 Comment(0)
R
1

Go to:: https://nodejs.org/en/

And download the recommended version for most users.

Then uninstall Node.js from your PC and install the recommended version.

From what I understand, this is a problem from the developer team. They will fix it ASAP, but in the meantime use the recommended version and everything is going to be OK.

Roulers answered 21/11, 2021 at 20:59 Comment(0)
P
1

If you are getting this error while using GatsbyJs, all you need to do is downgrade the node version to long-term support. There is no other salvation

Pyre answered 29/3, 2022 at 16:10 Comment(1)
Sadly that's no help now that the 18 LTS is throwing the same error.Glean
T
1

Running react with docker

This might not be an answer to the question for everyone. But for anyone running node 17 and above in docker, downgrading just as everyone has said will be helpful. No need for the open-legacy-sslprovider. A simple switch in your Dockerfile from using

From node

to using

From node:16.*

fixes this issue in docker.

Tuba answered 3/4, 2022 at 10:57 Comment(2)
This worked for me and I'm not using docker. Downgrading to node 16 fixed my problems. ` nvm use 16 rm -rf node_modules rm yarn.lock yarn install yarn build `Sheepshearing
I was using Docker, and this fixed it for me. Thank you!Nonintervention
S
1

As simple as it may sound, if it's feasible, upgrade all your dependencies in your package.json file to the latest (just type in the name in npm and use the suggested version). Also use the latest LTS version of Node.js.

I had problems before, and even with migrating my project to use Yarn, I was able to finally solve this problem. There isn't any need to compromise the security with SSL hacks.

Saltarello answered 5/1, 2023 at 4:34 Comment(0)
T
1

Before you change your npm version or make any configuration changes, simply run npm update to update your packages to the newest minor versions.

This fixed the issue for me.

Thorvaldsen answered 25/1, 2023 at 16:11 Comment(0)
F
1

For those who don’t want to play around with Node.js versions. The project is an Electron application, with Webpack 4.x version.

Some encodings and hash algorithms does not match. I played a few hours to find a matching pair for my Node.js and dependencies I use.

Simply add this Webpack configuration to the output section, hashFunction and hashDigest:

output:{
    hashFunction: 'sha256',
    hashDigest: 'base64'
}
Falco answered 11/7, 2023 at 17:0 Comment(0)
K
1

Running Node.js v20.6.1, Debian 11.7 (Bullseye), Docker 20.10.21, and hitting this problem, I just used npm audit fix --force and it resolved.

I am not using nvm. I noticed that npm audit fix --force did upgrade react-scripts to 5.0.1.

Keble answered 21/9, 2023 at 3:19 Comment(0)
E
1

When I start a React project, try to open localhost and run the command npm start. This message is shown:

" error:0308010C:digital envelope routines::unsupported"

I just fixed this problem in this way: Open the terminal in the same project folder and type npm audit fix --force

Take some time to install the missing packages and then go to the same project folder terminal and hit npm start . This works perfectly. (I used Windows.)

Enactment answered 15/12, 2023 at 13:20 Comment(0)
J
0

I had the same issue when I changed Node.js versions with nvm. If you are using Sass in your project, please try:

sudo npm rebuild node-sass

Josiah answered 13/9, 2022 at 12:35 Comment(0)
T
0

I had this issue when deploying a Next.js project to Vercel. I downgraded Node.js in file package.json by adding:

"engines": {
    "node": "v16.15.0"
},
Thunderhead answered 29/3, 2023 at 19:35 Comment(1)
It helps to mark code/config lines using the tick character around the line so that it stands out from the overall comment. "engines": { "node": "v16.1." }Resor
H
0

In my case, I'm using an Azure setup. When I raised a pull request, I got this error. So I just removed some commented code, and again raised a pull request.

This time I didn't see this error. This happens in my case. So whenever I get the error, I do the same thing. It will work for me.

Error: error:0308010C:digital envelope routines::unsupported
2023-04-13T13:17:28.4329245Z
2023-04-13T13:17:28.4330391Z     at new Hash
 (node:internal/crypto/hash:71:19)
2023-04-13T13:17:28.4331701Z > [email protected] build
2023-04-13T13:17:28.4333051Z     at Object.createHash
(node:crypto:133:10)
2023-04-13T13:17:28.4333712Z > GENERATE_SOURCEMAP=false react-scripts
build
2023-04-13T13:17:28.4336913Z     at module.exports
(/home/vsts/work/1/s/node_modules/webpack/lib/util/createHash.js:135:53)
2023-04-13T13:17:28.4337284Z
2023-04-13T13:17:28.4338580Z     at NormalModule._initBuildHash
(/home/vsts/work/1/s/node_modules/webpack/lib/NormalModule.js:417:16)
2023-04-13T13:17:28.4339132Z Creating an optimized production build...
2023-04-13T13:17:28.4340765Z     at handleParseError
(/home/vsts/work/1/s/node_modules/webpack/lib/NormalModule.js:471:10)
2023-04-13T13:17:28.4343721Z     at
/home/vsts/work/1/s/node_modules/webpack/lib/NormalModule.js:503:5
2023-04-13T13:17:28.4345956Z     at
/home/vsts/work/1/s/node_modules/webpack/lib/NormalModule.js:358:12
2023-04-13T13:17:28.4348198Z     at
/home/vsts/work/1/s/node_modules/loader-runner/lib/LoaderRunner.js:373:3
2023-04-13T13:17:28.4350393Z     at iterateNormalLoaders
(/home/vsts/work/1/s/node_modules/loader-
runner/lib/LoaderRunner.js:214:10)
Hyetograph answered 13/4, 2023 at 17:11 Comment(0)
B
0

I was having the same problem, but with my Webpack React application, so I just upgrade my babel-loader module, and all the Babel and Webpack modules. These modules are upgraded and are compatible with Node.js > V17. I recommend to upgrade your packages which are affected by this problem.

Biblio answered 14/9, 2023 at 19:11 Comment(0)
A
0

Please don't downgrade the node version as it would be kinda walking backwardfor a solution. Use this instead -

npm audit fix --force
Amateur answered 18/4 at 7:22 Comment(0)
E
-1

I was facing the same issue with Node.js 17.0.1. I solved it by following these steps:

  • Open Control PanelProgram and FeaturesNode.js and uninstall Node.js by right-clicking a

  • Go to website https://nodejs.org/en/ and download the version and install.

Emilieemiline answered 4/11, 2021 at 19:23 Comment(0)
P
-1

I came across this issue today and resolved it by switching Node.js versions using "nvm".

I've been working on a couple of personal projects using Node.js, Next.js 1, and React 2. What often happens to me is that I don't remember exactly which version of Node.js I use for which project.

And so, usually, I would try to use Node.js 16 for a project that is currently using Node.js 14.

I haven't figured out a better way to remember the version of Node.js for each project, so I usually just save all the commands that I need to run to get the application started in readme.MD.

Prototherian answered 8/12, 2021 at 10:8 Comment(0)
S
-1

In Angular.io projects, the accepted (unsupported) version of Nodes.js is v16.x.x.

In Nodes v17.x version, the same error described in this question occurs.

Solution:

Uninstall nodes and reinstall version v16.x (for Windows).

Sesqui answered 9/2, 2022 at 17:34 Comment(1)
my development environment: - Angular CLI: 12.2.1 - Node: 16.14.0 (Unsupported) - Package Manager: npm 7.5.6 - OS: win32 x64Sesqui
A
-1

I fixed by using the LTS version:

echo "lts" > .nvmrc
nvm install

React Native has a buggy script to find the path of the Node.js executable.

This sets the version to the latest stable version of Node.js through Node Version Manager.

What I found is that even if Node.js is in my path, if I have an ~/.nvm directory it's going to try to find use in nvm and fail. This sets the current node to be linked to the one in ~/.nvm and thus that React Native can find.

Allx answered 17/2, 2022 at 6:56 Comment(0)
M
-1

I had this issue because of Fedora.

I downgraded to Node.js v16, but without any luck.

The problem was that Fedora installs Node.js v18 when installing Yarn.

So you have to uninstall the preinstalled Node.js using:

sudo dnf remove nodejs

Then install Node.js using nvm:

nvm install 16.19.1

Then install Yarn using npm, not DNF:

sudo npm install yarn -g
Modeling answered 1/5, 2023 at 15:28 Comment(0)
P
-1

I ran into this error trying to 'yarn build' and I'm using Node.js v18.17.1.

This was my package.json file...

"scripts": {
    "build": "env-cmd -f ../../dotenv/.env.production webpack --mode production
...
}
...

My webpack.config.js is as follows and I'm trying to run ^ webpack --mode production, but mode in my webpack.config.js is development:

module.exports = {
   mode: "development",
   entry: './app/App.js',
   output: {
      path: path.join(__dirname, '/build/'),
      publicPath: '/',
      filename: 'assets/bundle.js'
   },
Penrod answered 16/10, 2023 at 14:30 Comment(0)
Y
-1

I encountered this in my angular project, downgrading node was the answer but not the complete answer, after downgrading node, npm started failing, so I had to upgrade node again, then uninstall npm and then install the older node version so it installed the npm compatible with the older node version. Then ng started failing so I had to uninstall angular cli and install the compatible cli.

This matrix helped: https://gist.github.com/LayZeeDK/c822cc812f75bb07b7c55d07ba2719b3

Yangyangtze answered 3/2 at 21:43 Comment(0)
R
-2

Try:

npm create react-app --template typescript foo --use-npm
Reproachful answered 1/11, 2021 at 0:0 Comment(1)
An explanation would be in order. E.g., what is the idea/gist? What does it do? How does it work? Why does it work? Please respond by editing (changing) your answer, not here in comments (without "Edit:", "Update:", or similar - the answer should appear as if it was written today).Cuculiform
S
-3

So, everyone is suggesting is either to downgrading the version (which in my opinion is not a solution) or add export NODE_OPTIONS=--openssl-legacy-provider which is also not a solution. I am using Node.js version 20 and all I did was to update the npm.

Just run

npm update

Then run the application again. I faced this issue in an Electron project when images were not being loaded. It worked perfectly for me.

Statistical answered 25/11, 2023 at 16:41 Comment(0)
P
-4

Switching to a different version of Node.js also works. In my case, I switched from v19.2.0 to v15.14.0.

Pryer answered 19/1, 2023 at 18:24 Comment(0)
H
-4

Downgrade your Node.js version to 16.19.1.

Node.js 16.19.1

This fixes my problem.

Hindrance answered 12/4, 2023 at 14:25 Comment(2)
Upvoted. Also works for me. I think this answer is useful; using Node 16 (although v18+ are the currently stable releases) is a viable solution if someone just wants to use Node as a static site generator that works in an isolated CI/CD environment (e.g. nodejs + vuepress).Argumentative
right, if I'm just trying to get NPM to run and build output JS files... then upload those JS files somewhere else... how bad could it be to use an older Node version?Begley

© 2022 - 2024 — McMap. All rights reserved.