The `punycode` module is deprecated in Node.js 21 (type = module)

[adriaandotcom]

Confirm this is a Node library issue and not an underlying OpenAI API issue

• This is an issue with the Node library

Describe the bug

When importing the openai package in Node.js 21 it throws an error:

(node:38591) [DEP0040] DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead.
    at node:punycode:3:9
    at BuiltinModule.compileForInternalLoader (node:internal/bootstrap/realm:392:7)
    at BuiltinModule.compileForPublicLoader (node:internal/bootstrap/realm:328:10)
    at loadBuiltinModule (node:internal/modules/helpers:101:7)
    at Module._load (node:internal/modules/cjs/loader:1001:17)
    at Module.require (node:internal/modules/cjs/loader:1235:19)
    at require (node:internal/modules/helpers:176:18)
    at Object.<anonymous> (/Users/adriaan/app/node_modules/whatwg-url/lib/url-state-machine.js:2:18)
    at Module._compile (node:internal/modules/cjs/loader:1376:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1435:10)

To Reproduce

package.json:

{
  "main": "index.js",
  "type": "module",
  "engines": {
    "node": "21.2.0"
  },
  "scripts": {
    "dev": "node --trace-deprecation -r dotenv/config index.js dotenv_config_path=.env.dev"
  },
  "dependencies": {
    "openai": "^4.19.1"
  },
  "devDependencies": {
    "dotenv": "^16.3.1"
  }
}

index.js:

import OpenAI from "openai";

console.log("hi");

.env.dev:

OPENAI_API_KEY=
ASSISTANT_ID=
PORT=3011
BASE_URL=http://localhost:3011

Code snippets

No response

OS

macOS

Node version

v21.2.0

Library version

openai 4.19.1

[rattrayalex]

Sorry about that; thanks for reporting.

This looks to be coming from whatwg-url@5.x, which is a dependency of node-fetch@2.x. This has been fixed in newer versions of whatwg-url, but node-fetch v2.x would need to update its deps, and I don't think that's likely (node-fetch has been at v3 for some time, but this library can't use it because it supports CommonJS).

The good news is we're planning to move from node-fetch to undici, so this would be fixed by #402.

That'll probably be a breaking change, so it won't come out til we're able to do a major version bump.

In the short term, you can work around this by overriding the dependency in your package.json, eg:

"overrides": {
  "whatwg-url": "13.0.0"
}

[adriaandotcom]

Thanks for the help! I moved back to Node.js 20 for now.

What also could be a solution is to use native Node.js fetch from version 21. It's not experimental anymore and included in the default distributions.

[philkunz]

This is still an issue. Caused a bit of an explanation at a client who saw the logs that openai itself is using deprecated imports in the dependency chain.

[rattrayalex]

Sorry about that. This issue will be fixed by #402 and won't be tackled before, so I'll close this as a duplicate.

[dgellow]

An option would be to rely on a patch utility such as https://github.com/ds300/patch-package to patch whatwg-url. If you replace the require("punycode") by require("punycode/") and add punycode as a dependency that should ensure you import the npm dependency instead of the core library and get rid of the warning.

But I don't believe that can be done for libraries such as the openai sdk itself, that would need to be done as part of the project importing the sdk.

[philkunz]

@dgellow Please don't! Modules are not supposed to be patched like this. It will create all sorts of problems, especially with pnpm, where modules are linked instead of installed per project. The right choice is not to import a fetch polyfill, when there is fetch natively, and choose a good polyfill like @adobe/fetch instead of node-fetch only if needed when running in an outdated environment. Node-fetch by now is the new request module. Just bloated and has problems with memory leaks.

Last not but least: It is kinda funny, that a company like openai, with something as smart as GPT 4 can't produce a proper isomorphic TypeScript client, but instead relies on node.js specific APIs.

[dgellow]

Actually pnpm supports that patching feature natively via pnpm patch: https://pnpm.io/cli/patch.

[rattrayalex]

As noted above, we are working on moving to native fetch/undici, which was still experimental in some supported Node runtimes when this library was released (hence using node-fetch).

We also document a non-patch-based workaround just above as well.