Dev Solve

English

中文
日本語

English

中文
日本語

Appearance

Related Posts

Fixing 'SyntaxError: ambiguous indirect export: default' Error

Resolving "Cannot use import statement outside a module" with Axios in Jest Tests

Resolving ERR_PACKAGE_PATH_NOT_EXPORTED in Node.js

Resolving 'process.env' TypeError During windows-build-tools Installation

Next.js App Router Error: Invariant Expected App Router to Be Mounted

Resolving "error:0308010C:digital envelope routines::unsupported" in Node.js 18

Problem Statement

When migrating Node.js applications (especially Nuxt.js projects) to Node.js version 18 or newer, you may encounter the blocking error: Error: error:0308010C:digital envelope routines::unsupported. This typically occurs after updating Node.js and related dependencies like ESLint, preventing your development server from starting.

The error stems from cryptographic changes in Node.js 18+ due to its adoption of OpenSSL 3.0. Many older dependencies that rely on encryption algorithms removed from OpenSSL 3.0's default provider suddenly fail, causing your server to crash during startup.

Solution 1: Enable Legacy OpenSSL Provider (Most Practical)

The most effective workaround is enabling OpenSSL's legacy provider via environment variables:

  1. Set environment variable in package.json scripts (cross-platform):
    Modify your package.json to include the legacy flag:
json
"scripts": {
  "dev": "NODE_OPTIONS=--openssl-legacy-provider nuxt dev",
  "build": "NODE_OPTIONS=--openssl-legacy-provider nuxt build",
  "start": "NODE_OPTIONS=--openssl-legacy-provider nuxt start"
}
  1. Temporary terminal solution (Linux/macOS):
bash
export NODE_OPTIONS=--openssl-legacy-provider
npm run dev
  1. Windows Command Prompt/PowerShell:
cmd
set NODE_OPTIONS=--openssl-legacy-provider
npm run dev

Security Note

The legacy provider reintroduces deprecated cryptographic algorithms that may have security vulnerabilities. Only use this temporarily while upgrading affected dependencies.

Solution 2: Downgrade to Node.js 16 (Compatibility Fallback)

Node.js 16 uses OpenSSL 1.1.1 which doesn't enforce the same cryptographic restrictions:

  1. Install Node Version Manager (nvm):

    bash
    curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash

  2. Install and use Node.js 16:

    bash
    nvm install 16
nvm use 16

  3. Verify Node version:

    bash
    node -v # Should show v16.x.x

Solution 3: Dependency Upgrade (Long-Term Fix)

Investigate which dependency causes the conflict using the error stack trace:

  1. Check for outdated dependencies:

    bash
    npm outdated

  2. Update problematic packages starting with:

    bash
    npm update <package-name>

  3. Recreate lockfile:

    bash
    rm -rf package-lock.json node_modules
npm install

Why This Error Occurs

Technical Background

Node.js 18+ switched to OpenSSL 3.0, which introduced stricter algorithm policies. Legacy encryption methods like MD4, RC4, and certain EC curves are disabled by default. When a dependency tries to use one of these restricted algorithms, this cryptographic error occurs:

Additional Considerations

  1. CI/CD Pipelines: Set NODE_OPTIONS=--openssl-legacy-provider in your GitHub Actions/YAML configuration
  2. Framework-Specific Issues:
    js
    build: {
  // Nuxt-specific workarounds may be required here
}
  3. Verify OpenSSL Support:
    bash
    node -p "crypto.getCiphers().join(', ')"

Pro Tip

Search your node_modules folder for calls to crypto.createHash('md4') to identify offending dependencies. Modern alternatives like SHA256 are preferred.

Final Recommendations

  1. Use --openssl-legacy-provider for immediate unblocking (with security caveats)
  2. Downgrade to Node.js 16 only if dependent packages need extensive rewrites
  3. Prioritize dependency upgrades to eliminate legacy cryptographic methods

Most projects find Solution 1 sufficient to resume development immediately while planning dependency upgrades. Always remove the legacy provider flag once all dependencies are compatible with OpenSSL 3.0.