Unable to resolve "@aws-crypto/sha256-js" from generateCodeVerifier.ts (random)

[Juliakas]

Before opening, please confirm:

• I have searched for duplicate or closed issues and discussions.
• I have read the guide for submitting bug reports.
• I have done my best to include a minimal, self-contained set of instructions for consistently reproducing the issue.

JavaScript Framework

React Native

Amplify APIs

Authentication

Amplify Version

v6

Amplify Categories

auth

Backend

Amplify CLI

Environment information

# Put output below this line

  System:
    OS: Windows 11 10.0.22635
    CPU: (20) x64 12th Gen Intel(R) Core(TM) i7-12800H
    Memory: 15.78 GB / 31.67 GB
  Binaries:
    Node: 18.14.0 - C:\Program Files\nodejs\node.EXE
    Yarn: 1.22.21 - C:\Program Files\nodejs\yarn.CMD
    npm: 8.3.2 - C:\Program Files\nodejs\npm.CMD
    pnpm: 8.11.0 - C:\Program Files\nodejs\pnpm.CMD
  Browsers:
    Edge: Chromium (121.0.2277.128)
    Internet Explorer: 11.0.22621.1
  npmPackages:
    @aws-amplify/react-native: ^1.0.16 => 1.0.16 
    @babel/core: ^7.20.0 => 7.23.2 
    @gluestack-style/react: ^1.0.48 => 1.0.48 
    @gluestack-ui/config: ^1.1.2 => 1.1.2 
    @gluestack-ui/themed: ^1.1.8 => 1.1.8 
    @react-native-async-storage/async-storage: ^1.22.0 => 1.22.0 
    @react-native-community/netinfo: ^11.3.0 => 11.3.0 
    @react-navigation/native: ^6.1.7 => 6.1.9 
    @react-navigation/native-stack: ^6.9.13 => 6.9.17 
    @types/lodash: ^4.14.199 => 4.14.200 
    @types/react: ~18.2.45 => 18.2.55 
    HelloWorld:  0.0.1 
    aws-amplify: ^6.0.16 => 6.0.16 
    aws-amplify/adapter-core:  undefined ()
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/kinesis:  undefined ()
    aws-amplify/analytics/kinesis-firehose:  undefined ()
    aws-amplify/analytics/personalize:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/api:  undefined ()
    aws-amplify/api/server:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/enable-oauth-listener:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/datastore:  undefined ()
    aws-amplify/in-app-messaging:  undefined ()
    aws-amplify/in-app-messaging/pinpoint:  undefined ()
    aws-amplify/push-notifications:  undefined ()
    aws-amplify/push-notifications/pinpoint:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-amplify/utils:  undefined ()
    axios: ^1.5.1 => 1.6.0 
    babel-plugin-module-resolver: ^5.0.0 => 5.0.0 
    eslint: ^8.50.0 => 8.53.0 
    eslint-config-prettier: ^9.0.0 => 9.0.0 (8.10.0)
    eslint-config-universe: ^12.0.0 => 12.0.0 
    eslint-plugin-react-hooks: ^4.6.0 => 4.6.0 
    expo: ~50.0.6 => 50.0.6 
    expo-dev-client: ~3.3.8 => 3.3.8 
    expo-status-bar: ~1.11.1 => 1.11.1 
    formik: ^2.4.5 => 2.4.5 
    lodash: ^4.17.21 => 4.17.21 
    lucide-react-native: ^0.331.0 => 0.331.0 
    prettier: ^3.0.3 => 3.0.3 
    react: 18.2.0 => 18.2.0 
    react-native: 0.73.4 => 0.73.4 
    react-native-confirmation-code-field: ^7.3.2 => 7.3.2 
    react-native-get-random-values: ^1.10.0 => 1.10.0 
    react-native-safe-area-context: 4.8.2 => 4.8.2 
    react-native-screens: ~3.29.0 => 3.29.0 
    react-native-svg: 14.1.0 => 14.1.0 
    reactotron-react-native: ^5.1.0 => 5.1.0 
    typescript: ^5.3.0 => 5.3.3 (4.9.5)
    yup: ^1.3.2 => 1.3.2 
  npmGlobalPackages:
    @aws-amplify/cli: 12.10.1
    @microsoft/rush: 5.111.0
    better-vsts-npm-auth: 7.0.1
    corepack: 0.15.3
    eas-cli: 7.2.0
    npm: 8.3.2
    pnpm: 8.11.0
    rimraf: 5.0.5
    vsts-npm-auth: 0.42.1
    yarn: 1.22.21

Describe the bug

When loading in mobile app using expo development build I am receiving and error message on startup: Unable to resolve "@aws-crypto/sha256-js" from "node_modules\@aws-amplify\auth\src\providers\cognito\utils\oauth\generateCodeVerifier.ts".

When checking package.json in @aws-amplify/auth there is no direct (or at the very least peer) dependency of @aws-crypto/sha256-js. It is only referenced indirectly via my-app -> aws-amplify -> @aws-amplify/core -> @aws-crypto/sha256-js.

I am using npm 8.3.2 and my package-lock in this scenario did not resolve @aws-crypto/sha256-js as a direct dependency under node_modules/* - instead it is scattered under various aws-amplify packages, but not under @aws-amplify/auth.

I did manage to work around this by including @aws-crypto/sha256-js directly inside my own package.json, but that doesn't feel right, as now I will have to make sure it is always up to date to whatever version aws packages are supposed to be using. Am I just missing something here or does aws package in question need to specify a direct dependency if it is using it in its own code?

Expected behavior

Package is resolved properly and I can open app without errors.

Reproduction steps

1. Open expo project.
2. npm install @aws-amplify/react-native @react-native-community/netinfo @react-native-async-storage/async-storage react-native-get-random-values (versions included in enviroment information section, other packages may be important as well for influencing package-lock.json).
3. Start expo development build (or expo go should be enough to just reproduce error).
4. Open app - if package-lock.json resolved in a way that has no direct @aws-crypto/sha256-js dependency, error will appear. Otherwise error is not reproduced.
   • I've included my own package.json and package-lock.json that can be accessed on stackblitz (see section below) so error can be reproduced consistently.

Code Snippet

For my full package-lock.json - see this: https://stackblitz.com/edit/stackblitz-starters-57xee1?file=package-lock.json . Also includes package.json

Log output

// Put your logs below this line
Android Bundling failed 6610ms (C:\Users\***\***\src\index.js)
Unable to resolve "@aws-crypto/sha256-js" from "node_modules\@aws-amplify\auth\src\providers\cognito\utils\oauth\generateCodeVerifier.ts"

aws-exports.js

No response

Manual configuration

No response

Additional configuration

No response

Mobile Device

OnePlus 6

Mobile Operating System

Android 11

Mobile Browser

Edge

Mobile Browser Version

121

Additional information and screenshots

This all started happening after I migrated from V5 to V6, but I also updated a bunch of other packages so that might have influenced my package-lock.json.

[cwomack]

Hey, @Juliakas 👋. Just based on the comment about you recently upgrading from v5 to v6, could you see if deleting your node_modules folder as well as your package-lock.json file, then reinstalling dependencies with npm i command helps resolve the issue?

if that doesn't let me know and we will dig into this deeper! Thanks.

[Juliakas]

Hi @cwomack. That does seem to help, under my node_modules I have @aws-crypto/sha256-js installed with 5.2.0 version. So for my use case this seems to help, appreaciate it!

But on a side note, just curious was this intended to not include this dependency for a package that is using it and assume consumer app will resolve it correctly when installing? In my dependency tree there are a lot of @aws-crypto/sha256-js@3.0.0 installations and I guess that version could be chosen to be installed in a first level of node_modules?

[cwomack]

@Juliakas, great to hear you're unblocked!

As for the follow up question about the dependency not being included, the @aws-crypto/sha256-js is mostly a transitive dependency from our remaining usage of the AWS SDK. There's also other dependencies for things like custom clients, but all dependencies that we require should be declared and have no need to install things manually. NPM and Yarn should use the correct versions internally even though there are multiple versions in node_modules.

Hope this helps and I'll close this issue as resolved!

[tobz1000]

@cwomack I'm getting a very similar error, also from @aws-amplify/auth but from a different module. @Juliakas has @aws-amplify/auth at version 6.0.16 in his package-lock; mine is at 6.3.13. The error occurs during vite build as follows:

error during build:
[vite]: Rollup failed to resolve import "@aws-crypto/sha256-js" from "/home/runner/work/tagnifi/tagnifi/node_modules/@aws-amplify/auth/dist/esm/providers/cognito/apis/signOut.mjs".

The package @aws-crypto/sha256-js is still being used by @aws-amplify/auth several updates since this was first raised, and it is still not in the latter's package.json. As @Juliakas mentions, this seems like an error, and will cause build failures seemingly at random, depending on the project's exact package-lock.

The core problem raised by this issue seems not to be solved. I would suggest explicitly adding @aws-crypto/sha256-js as a dependency for @aws-amplify/auth.

[stealth90]

Who has still this error, i resolved this by installing @aws-crypto/sha256-js . Could you update the doc ?

[cwomack]

@tobz1000 and @stealth90, appreciate the follow up comments here. Reopening this issue and referencing the associated PR #13950 that's been made to address it.

This is indeed still an issue, as the package is consumed here... but is not declared as a dependency here. However, it IS declared in the core package as a dependency, which this core package is declared as a peer to the auth package (see here).