Skip to content

[oci-common] Move node-fetch from devDependencies to dependencies #313

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
max-tremblay opened this issue Aug 16, 2024 · 1 comment · May be fixed by #314
Open

[oci-common] Move node-fetch from devDependencies to dependencies #313

max-tremblay opened this issue Aug 16, 2024 · 1 comment · May be fixed by #314

Comments

@max-tremblay
Copy link

We encountered this issue on our side:

Error: Cannot find module 'node-fetch'
Require stack:
- node_modules/oci-common/lib/auth/url-based-x509-certificate-supplier.js
- node_modules/oci-common/lib/auth/abstract-federation-client-authenticated-details-provider-builder.js
- node_modules/oci-common/lib/auth/instance-principals-authentication-detail-provider.js
- node_modules/oci-common/lib/auth/helpers/delegate-auth-provider.js
- node_modules/oci-common/lib/signer.js
- node_modules/oci-common/index.js

This is required by oci-typescript-sdk/lib/common/lib/auth/url-based-x509-certificate-supplier.ts

/**
 * Copyright (c) 2020, 2021 Oracle and/or its affiliates.  All rights reserved.
 * This software is dual-licensed to you under the Universal Permissive License (UPL) 1.0 as shown at https://oss.oracle.com/licenses/upl or Apache License 2.0 as shown at http://www.apache.org/licenses/LICENSE-2.0. You may choose either license.
 */
import { parsePrivateKey, parseCertificate, Certificate, PrivateKey } from "sshpk";
import { FetchHttpClient } from "../http";
import X509CertificateSupplier from "./models/X509-certificate-supplier";
import CertificateAndPrivateKeyPair from "./certificate-and-privatekey-pair";
import Refreshable from "./models/refreshable";
import { getStringFromResponseBody } from "../helper";
import CircuitBreaker from "../circuit-breaker";
import fetch, { Response } from "node-fetch";
@max-tremblay max-tremblay linked a pull request Aug 16, 2024 that will close this issue
Open
@alperozisik
Copy link

Hi team,

This is indeed a very simple and reproducible issue stemming from this line in the SDK:

oci-typescript-sdk/lib/common/lib/auth/url-based-x509-certificate-supplier.ts

Line 12 in 69cef6d

import fetch, { Response } from "node-fetch";

The root cause is that node-fetch is used at runtime, but it is only declared as a devDependency. This causes a failure in environments where a different version of node-fetch (e.g. v3+) is already installed at the project root.

In my case:

  • I’m working with JavaScript (not TypeScript),
  • My project uses "type": "module" in package.json,
  • This setup causes oci-common to break at runtime with a classic ERR_REQUIRE_ESM error, due to how require("node-fetch") behaves when v3 (ESM-only) is resolved from the parent project.

PR #314 seems to have captured this earlier, but appears to have stalled due to PR/process bottlenecks.

As a temporary workaround, I’m using this postinstall script in my package.json:

"postinstall": "if [ -d node_modules/oci-common ]; then cd node_modules/oci-common && npm i node-fetch@2.6.5; fi"

This locally installs node-fetch@2 under oci-common, making it resolvable by the legacy require() call.

Would really appreciate it if this could be patched upstream — either by moving node-fetch to regular dependencies, or adopting a dynamic import pattern that is compatible with ESM setups.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[oci-common] Move node-fetch from devDependencies to dependencies max-tremblay/oci-typescript-sdk
2 participants
@alperozisik @max-tremblay