mock-aws-s3, aws-sdk, nock dependencies vs devDependencies issue

[johnmanko]

Usage of mock-aws-s3, aws-sdk, and nock are used in the call stack originating from lib/node-pre-gyp.js (which is the package main), but they are only listed in "devDependencies".

    "aws-sdk": "^2.1012.0",
    "mock-aws-s3": "^4.0.2",
    "nock": "^13.1.4",

This causes a problem with webpack:

ERROR in ../project/node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js 43:20-42
Module not found: Error: Can't resolve 'mock-aws-s3' in '/Path/to/project/node_modules/@mapbox/node-pre-gyp/lib/util'
 @ ../project/node_modules/@mapbox/node-pre-gyp/lib/node-pre-gyp.js 15:21-62
 @ ../project/node_modules/bcrypt/bcrypt.js 3:17-48
 @ ./src/lib/server/initialize.ts 3:0-69 9:12-39 21:23-56
 @ ./src/index.ts 12:0-53 51:4-19

ERROR in ../project/node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js 76:14-32
Module not found: Error: Can't resolve 'aws-sdk' in '/Path/to/project/node_modules/@mapbox/node-pre-gyp/lib/util'
 @ ../project/node_modules/@mapbox/node-pre-gyp/lib/node-pre-gyp.js 15:21-62
 @ ../project/node_modules/bcrypt/bcrypt.js 3:17-48
 @ ./src/lib/server/initialize.ts 3:0-69 9:12-39 21:23-56
 @ ./src/index.ts 12:0-53 51:4-19

ERROR in ../project/node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js 112:15-30
Module not found: Error: Can't resolve 'nock' in '/Path/to/project/node_modules/@mapbox/node-pre-gyp/lib/util'
 @ ../project/node_modules/@mapbox/node-pre-gyp/lib/node-pre-gyp.js 15:21-62
 @ ../project/node_modules/bcrypt/bcrypt.js 3:17-48
 @ ./src/lib/server/initialize.ts 3:0-69 9:12-39 21:23-56
 @ ./src/index.ts 12:0-53 51:4-19

Either those modules should be moved to "dependencies", or the main call chain should never hit them.

[bhallstein]

I've encountered the same issue while trying to compile a back-end app with webpack for limited distribution. @johnmanko's analysis definitely looks correct to me.

[gaberudy]

I encountered this issue when depending on bcrypt, which depends on @mapbox/node-pre-gyp and using rollup as a bundler. These seem to be unnecessary hard dependencies for this package.

[johnmanko]

@gaberudy

I ended up having to remove bcrypt and replaced it with the native node crypto:

        const {
            scryptSync,
            randomBytes
        } = await import('crypto');

        if (salted) {
            const hash = scryptSync(password, salted, 64).toString('hex');
            return new HashAndSalt(hash, salted);
        } else {
            const salt = randomBytes(32).toString("hex");
            const hash = await scryptSync(password, salt, 64).toString('hex');
            return new HashAndSalt(hash, salt);
        }

[JustroX]

I encountered this issue using nest js. I solved it by removing webpack from compilerOptions

   // I remove this block
  "compilerOptions": {
    "webpack": true
  }

[bthibault]

+1

[Karhide]

+1, encountered depending on node-sqlite3

[eau-de-la-seine]

I have encountered the same problem and opened an issue at bcrypt yesterday so they improve their README, but my bad I didn't know that was a recent node-pre-gyp issue. Anyway, dev dependencies should not be used in production files

[tintinthong]

Is there a workaround for this issue? I face this problem

[Glandos]

Bad workaround, add this to your webpack.config.js:

const config = {
// Some other config
	  externals: [
    {
      'nock': 'commonjs2 nock',
      'mock-aws-s3': 'commonjs2 mock-aws-s3'
    }
  ],
}

This will tell webpack to let the require call as-is. It can obviously fail at runtime, and the required statement are still here.

[tintinthong]

Bad workaround, add this to your webpack.config.js:

const config = {
// Some other config
	  externals: [
    {
      'nock': 'commonjs2 nock',
      'mock-aws-s3': 'commonjs2 mock-aws-s3'
    }
  ],
}

This will tell webpack to let the require call as-is. It can obviously fail at runtime, and the required statement are still here.

Downside of this is that you need to handle all the runtime errors (like nested runtime dependencies) can take a long long time

[tobilg]

I stumbled upon this as well when trying to bundle the DuckDB Node.js package. This additionally attempts to require npm as well :-/ I manually added nock and mock-aws-s3 as dev dependencies, and set npm as external. Then, it still complains that the package's dependencies html and cs files as well.

Using esbuild is seemingly also not an option, as this produces incorrect builds as well, due to node-pre-gyp...

[NowyQuei]

some error here...

[therealokoro]

Hmmm. So i got same error while using bcrypt in a nuxt app. And i just kept on thinking what nuxt had to do with aws. It was frustrating. I just kept on searching online and stumbled at this

[martinszeltins]

I got this error using Vite and sqlite in an Electron.js app

[vtulin]

+1 with sqlite3

[federicofazzeri]

+1 with Vite and sqlite (Sveltekit app)

[bemon]

+1 electron + sqlite

[esonwong]

I solved it by adding externals: ['nock', 'mock-aws-s3', 'aws-sdk'], in webpack config

same as here

[tobilg]

I solved it by adding externals: ['nock', 'mock-aws-s3', 'aws-sdk'], in webpack config

same as here

I guess that won‘t help you if the code is actually run, because then the dependencies are missing IMO

[gamebox]

Having the same issue depending on bcrypt inside of an Astro project.

[johninator]

+1 with sqlite3

+1 with sqlite3

[Letsmoe]

+1 depending on sqlite3 inside an Astro project...

[Erchoc]

+1 sqlite3

[sethgw]

+1 sqlite3. send help

[Pan332]

I use bcryptjs instead of bcrypt and it worked
or
If you want to replace bcrypt with another library, you can consider using bcryptjs, argon2, or scrypt

[adrianszablowski]

I use bcryptjs instead of bcrypt and it worked or If you want to replace bcrypt with another library, you can consider using bcryptjs, argon2, or scrypt

Exacly! I installed bycryptjs instead of bycrypt and the problem disappeared

[wenjoy]

This bug looks suffer a lot of people and seems still no PR to resolve it. I think it should be easy to solve it by changing dependencies declaration. Should I try to raise the PR?

[jheavejimenez]

devDependencies issue, encountered this problem with the bcrypt package, when trying to bun run build.
I find a workaround by changing bcrypt package to bcryptjs

[cclauss]

What happens when you bun install the three packages that the error messages tell you to bun install?

[notramo]

@cclauss

• Lot of unnecessary dependencies, and the vulnerabilities that come with them.
• Bun already ships SQLite 3, Bcrypt and Argon2 bindings in the runtime standard library, without any need to install packages.
• If someone still uses Node, the @node-rs/argon2 and @node-rs/bcrypt packages are a viable option.

I don't get why this is still a problem.

[jheavejimenez]

What happens when you bun install the three packages that the error messages tell you to bun install?

still having an issue since, i don't include that package in my package.json file

[notramo]

@jheavejimenez what package are you using that requires node-pre-gyp?

[tomcphr]

I'm having this same issue when trying to bundle https://github.com/IBM/node-odbc via a Next app (webpack/turbopack)

As it looks like it's intended for these to be in the call-stack from the comments around the requires, Is it not possible to just move these into the dependencies from dev, or is there unintended consequences I'm not seeing doing this?

[emauriciomoreno-teamknowlogy]

Experienced the same problem when attempting to build with Remix, happens with both argon2 and bcrypt packages.

For me, the fix was to install bcryptjs rather than bcrypt.

I had problems building an application in NestJs with serverless and webpack. The solution was to use bcryptjs instead of bcrypt

[JulianMiguelAngle]

I encountered this issue using nest js. I solved it by removing webpack from compilerOptions

// I remove this block
"compilerOptions": {
"webpack": true
}

Stop scamming people dude

[JulianMiguelAngle]

Guys use this https://www.npmjs.com/package/bcryptjs

[cclauss]

Can someone please add a GitHub Action to this repo that fails because of this problem? We all need to be able to see this failure.

[karlhorky]

@cclauss I created a simple bcrypt + @mapbox/node-pre-gyp + esbuild reproduction repo with failing CI over here:

• https://github.com/karlhorky/repro-node-pre-gyp-bcrypt-esbuild
• Failing test run (see logs below): https://github.com/karlhorky/repro-node-pre-gyp-bcrypt-esbuild/actions/runs/13540995619/job/37841822384

$ npm run build
  shell: /usr/bin/bash -e {0}
  
> [email protected] build
> esbuild index.ts --bundle --platform=node --format=esm --target=node22 --outfile=out.js
Error: R] Could not resolve "mock-aws-s3"
    node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js:43:28:
      43 │     const AWSMock = require('mock-aws-s3');
         ╵                             ~~~~~~~~~~~~~
  You can mark the path "mock-aws-s3" as external to exclude it from the bundle, which will remove this error and leave the unresolved path in the bundle. You can also surround this "require" call with a try/catch block to handle this failure at run-time instead of bundle-time.
Error: R] No loader is configured for ".html" files: node_modules/@mapbox/node-pre-gyp/lib/util/nw-pre-gyp/index.html
    node_modules/@mapbox/node-pre-gyp/lib/node-pre-gyp.js:86:21:
      86 │       return require('./' + command)(self, argvx, callback);
         ╵                      ~~~~~~~~~~~~~~
Error: R] Could not resolve "aws-sdk"
    node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js:76:22:
      76 │   const AWS = require('aws-sdk');
         ╵                       ~~~~~~~~~
  You can mark the path "aws-sdk" as external to exclude it from the bundle, which will remove this error and leave the unresolved path in the bundle. You can also surround this "require" call with a try/catch block to handle this failure at run-time instead of bundle-time.
Error: R] Could not resolve "nock"
    node_modules/@mapbox/node-pre-gyp/lib/util/s3_setup.js:112:23:
      112 │   const nock = require('nock');
          ╵                        ~~~~~~
  You can mark the path "nock" as external to exclude it from the bundle, which will remove this error and leave the unresolved path in the bundle. You can also surround this "require" call with a try/catch block to handle this failure at run-time instead of bundle-time.
4 errors
Error: Process completed with exit code 1.

package.json

{
  "name": "repro-node-pre-gyp-bcrypt-esbuild",
  "version": "1.0.0",
  "type": "module",
  "main": "index.js",
  "scripts": {
    "build": "esbuild index.ts --bundle --platform=node --format=esm --target=node22 --outfile=out.js"
  },
  "dependencies": {
    "bcrypt": "5.1.1"
  },
  "devDependencies": {
    "@types/bcrypt": "5.0.2",
    "esbuild": "0.25.0"
  }
}

index.ts

import bcrypt from 'bcrypt';

console.log(await bcrypt.hash('x', 10));

[cclauss]

Awesome!!

Can you please also create a second job that tries bcryptjs instead of bcrypt so we can see the side-by-side results?
#661 (comment)

[karlhorky]

@cclauss done:

• karlhorky/repro-node-pre-gyp-bcrypt-esbuild@f8183bb
• workflow run: https://github.com/karlhorky/repro-node-pre-gyp-bcrypt-esbuild/actions/runs/13547718517/job/37863370895

npm run build-bcryptjs

> [email protected] build-bcryptjs
> esbuild index-bcryptjs.ts --bundle --platform=node --format=esm --target=node22 --outfile=out.js


  out.js  30.9kb

⚡ Done in 4ms

index-bcryptjs.ts

import bcrypt from 'bcryptjs';

console.log(await bcrypt.hash('x', 10));

package.json script

"build-bcryptjs": "esbuild index-bcryptjs.ts --bundle --platform=node --format=esm --target=node22 --outfile=out.js"