Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The punycode module is deprecated in Node.js 21 (type = module) #527

Closed
1 task done
adriaandotcom opened this issue Nov 22, 2023 · 13 comments
Closed
1 task done

The punycode module is deprecated in Node.js 21 (type = module) #527

adriaandotcom opened this issue Nov 22, 2023 · 13 comments
Labels
bug Something isn't working

Comments

@adriaandotcom
Copy link

adriaandotcom commented Nov 22, 2023
edited
Loading

Confirm this is a Node library issue and not an underlying OpenAI API issue

  • This is an issue with the Node library

Describe the bug

When importing the openai package in Node.js 21 it throws an error:

(node:38591) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
    at node:punycode:3:9
    at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:392:7)
    at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:328:10)
    at loadBuiltinModule (node:internal/modules/helpers:101:7)
    at Module._load (node:internal/modules/cjs/loader:1001:17)
    at Module.require (node:internal/modules/cjs/loader:1235:19)
    at require (node:internal/modules/helpers:176:18)
    at Object.<anonymous> (/Users/adriaan/app/node_modules/whatwg-url/lib/url-state-machine.js:2:18)
    at Module._compile (node:internal/modules/cjs/loader:1376:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1435:10)

To Reproduce

package.json:

{
  "main": "index.js",
  "type": "module",
  "engines": {
    "node": "21.2.0"
  },
  "scripts": {
    "dev": "node --trace-deprecation -r dotenv/config index.js dotenv_config_path=.env.dev"
  },
  "dependencies": {
    "openai": "^4.19.1"
  },
  "devDependencies": {
    "dotenv": "^16.3.1"
  }
}

index.js:

import OpenAI from "openai";

console.log("hi");

.env.dev:

OPENAI_API_KEY=
ASSISTANT_ID=
PORT=3011
BASE_URL=http://localhost:3011

Code snippets

No response

OS

macOS

Node version

v21.2.0

Library version

openai 4.19.1
@adriaandotcom adriaandotcom added the bug Something isn't working label Nov 22, 2023
@rattrayalex
Copy link
Collaborator

Sorry about that; thanks for reporting.

This looks to be coming from whatwg-url@5.x, which is a dependency of node-fetch@2.x. This has been fixed in newer versions of whatwg-url, but node-fetch v2.x would need to update its deps, and I don't think that's likely (node-fetch has been at v3 for some time, but this library can't use it because it supports CommonJS).

The good news is we're planning to move from node-fetch to undici, so this would be fixed by #402.

That'll probably be a breaking change, so it won't come out til we're able to do a major version bump.

In the short term, you can work around this by overriding the dependency in your package.json, eg:

"overrides": {
  "whatwg-url": "13.0.0"
}

@adriaandotcom
Copy link
Author

Thanks for the help! I moved back to Node.js 20 for now.

What also could be a solution is to use native Node.js fetch from version 21. It's not experimental anymore and included in the default distributions.

@timsuchanek timsuchanek mentioned this issue Nov 24, 2023
Closed
njhale added a commit to gptscript-ai/gpt4-v-vision that referenced this issue Mar 4, 2024
@njhale
fix: override whatwg-url version to prevent punycode warning
c8fa72d 
The openai package transitively depends on an outdated version of
whatwg-url, which causes nodejs to print a deprecation warning for
punycode when running the vision tool. This will be fixed when openai
resolves openai/openai-node#392. Until then,
override the version of whatwg-url in order to prevent the deprecation
warning.

See openai/openai-node#527 (comment)
for details on this stopgap.

Signed-off-by: Nick Hale <4175918+njhale@users.noreply.github.com>
@njhale njhale mentioned this issue Mar 4, 2024
Merged
@philkunz
Copy link

This is still an issue. Caused a bit of an explanation at a client who saw the logs that openai itself is using deprecated imports in the dependency chain.

@rattrayalex
Copy link
Collaborator

Sorry about that. This issue will be fixed by #402 and won't be tackled before, so I'll close this as a duplicate.

@rattrayalex rattrayalex closed this as not planned Won't fix, can't repro, duplicate, stale Mar 31, 2024
@dgellow
Copy link
Contributor

dgellow commented Apr 1, 2024
edited
Loading

An option would be to rely on a patch utility such as https://github.com/ds300/patch-package to patch whatwg-url. If you replace the require("punycode") by require("punycode/") and add punycode as a dependency that should ensure you import the npm dependency instead of the core library and get rid of the warning.

But I don't believe that can be done for libraries such as the openai sdk itself, that would need to be done as part of the project importing the sdk.

@philkunz
Copy link

philkunz commented Apr 1, 2024

@dgellow Please don't! Modules are not supposed to be patched like this. It will create all sorts of problems, especially with pnpm, where modules are linked instead of installed per project. The right choice is not to import a fetch polyfill, when there is fetch natively, and choose a good polyfill like @adobe/fetch instead of node-fetch only if needed when running in an outdated environment. Node-fetch by now is the new request module. Just bloated and has problems with memory leaks.

Last not but least: It is kinda funny, that a company like openai, with something as smart as GPT 4 can't produce a proper isomorphic TypeScript client, but instead relies on node.js specific APIs.

@dgellow
Copy link
Contributor

dgellow commented Apr 1, 2024

Actually pnpm supports that patching feature natively via pnpm patch: https://pnpm.io/cli/patch.

@rattrayalex
Copy link
Collaborator

As noted above, we are working on moving to native fetch/undici, which was still experimental in some supported Node runtimes when this library was released (hence using node-fetch).

We also document a non-patch-based workaround just above as well.

@rattrayalex rattrayalex mentioned this issue Apr 3, 2024
Closed
1 task
@Zhengqbbb Zhengqbbb mentioned this issue Jul 15, 2024
Closed
@DanteAndroid
Copy link

Sorry about that; thanks for reporting.

This looks to be coming from whatwg-url@5.x, which is a dependency of node-fetch@2.x. This has been fixed in newer versions of whatwg-url, but node-fetch v2.x would need to update its deps, and I don't think that's likely (node-fetch has been at v3 for some time, but this library can't use it because it supports CommonJS).

The good news is we're planning to move from node-fetch to undici, so this would be fixed by #402.

That'll probably be a breaking change, so it won't come out til we're able to do a major version bump.

In the short term, you can work around this by overriding the dependency in your package.json, eg:

"overrides": {
  "whatwg-url": "13.0.0"
}
image

Hey, this does not work for me, why?
Here is my package.json in root directory.
Thanks!

{
    "overrides": {
        "whatwg-url": "13.0.0"
      }
}

nakyeonko3 added a commit to resistance2/byul that referenced this issue Sep 27, 2024
@nakyeonko3
fix: punycode종속성 제거 (#74)
8c84f44 
- openai/openai-node#527
- whatwg-url@13.0.0으로 override 이후 puncycode 경고가 없어짐
- 현재 사용하지 않는 ts-node 종속성 제거
@lonbinder
Copy link

Sorry about that; thanks for reporting.
This looks to be coming from whatwg-url@5.x, which is a dependency of node-fetch@2.x. This has been fixed in newer versions of whatwg-url, but node-fetch v2.x would need to update its deps, and I don't think that's likely (node-fetch has been at v3 for some time, but this library can't use it because it supports CommonJS).
The good news is we're planning to move from node-fetch to undici, so this would be fixed by #402.
That'll probably be a breaking change, so it won't come out til we're able to do a major version bump.
In the short term, you can work around this by overriding the dependency in your package.json, eg:

"overrides": {
  "whatwg-url": "13.0.0"
}
image Hey, this does not work for me, why? Here is my package.json in root directory. Thanks! 
{
    "overrides": {
        "whatwg-url": "13.0.0"
      }
}

Make sure you run npm update whatwg-url after changing your package.json

@Mathias-S Mathias-S mentioned this issue Oct 25, 2024
Open
1 task
@RobinCsl RobinCsl mentioned this issue Nov 9, 2024
Open
@oGabrielFreitas
Copy link

Sorry about that; thanks for reporting.
This looks to be coming from whatwg-url@5.x, which is a dependency of node-fetch@2.x. This has been fixed in newer versions of whatwg-url, but node-fetch v2.x would need to update its deps, and I don't think that's likely (node-fetch has been at v3 for some time, but this library can't use it because it supports CommonJS).
The good news is we're planning to move from node-fetch to undici, so this would be fixed by #402.
That'll probably be a breaking change, so it won't come out til we're able to do a major version bump.
In the short term, you can work around this by overriding the dependency in your package.json, eg:

"overrides": {
  "whatwg-url": "13.0.0"
}
image Hey, this does not work for me, why? Here is my package.json in root directory. Thanks! ``` { "overrides": { "whatwg-url": "13.0.0" } } ```

Make sure you run npm update whatwg-url after changing your package.json

Worked, thanks.

@DavidFarago
Copy link

DavidFarago commented Nov 13, 2024
edited
Loading

Overriding "whatwg-url" worked for me too (the last two days), but today I get a punycode deprecation warning again:

(node:3365860) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.

@sagarkpatil3
Copy link

Sorry about that; thanks for reporting.
This looks to be coming from whatwg-url@5.x, which is a dependency of node-fetch@2.x. This has been fixed in newer versions of whatwg-url, but node-fetch v2.x would need to update its deps, and I don't think that's likely (node-fetch has been at v3 for some time, but this library can't use it because it supports CommonJS).
The good news is we're planning to move from node-fetch to undici, so this would be fixed by #402.
That'll probably be a breaking change, so it won't come out til we're able to do a major version bump.
In the short term, you can work around this by overriding the dependency in your package.json, eg:

"overrides": {
  "whatwg-url": "13.0.0"
}
image Hey, this does not work for me, why? Here is my package.json in root directory. Thanks! ``` { "overrides": { "whatwg-url": "13.0.0" } } ```

Make sure you run npm update whatwg-url after changing your package.json

you saved my life

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@rattrayalex @lonbinder @DavidFarago @adriaandotcom @dgellow @philkunz @DanteAndroid @sagarkpatil3 @oGabrielFreitas