Polyfill common Node.js packages for webpack 5

[Timer]

Webpack 5 stopped polyfilling Node.js packages, however, their usage is prolific throughout the npm ecosystem.

We should provide default polyfills for the most common usages:

• Add process and buffer: Add polyfill for process and Buffer in webpack 5 #15499
• path

[armandabric]

I'm giving a try to Webpack 5 in my project and the build in failing because of the crypto polyfill missing:

ModuleNotFoundError: Module not found: Error: Can't resolve 'crypto' in '/app/node_modules/crypto-random-string'
BREAKING CHANGE: webpack < 5 used to include polyfills for node.js core modules by default.
This is no longer the case. Verify if you need this module and configure a polyfill for it.

If you want to include a polyfill, you need to:
	- add an alias 'resolve.alias: { "crypto": "crypto-browserify" }'
	- install 'crypto-browserify'
If you don't want to include a polyfill, you can use an empty module like this:
	resolve.alias: { "crypto": false }

Should it be add in the default polyfill? If not, is there a workaround without having to touch the webpack configuration?

[timneutkens]

So overall we're going to automatically polyfill these cases still to provide backwards compat, however you'll really want to figure out where it comes from and get rid of the dependency given that it hogs in around 300kb of JS.

[ljosberinn]

Would it be possible to add build warnings for polyfilled modules?

Right now, when polyfills are missing, it will just crash and tell you on which specific Node module its bailing. Good time to find out where you're pulling in something potentially unwanted, I learnt that the hard way, but it was very helpful info.

However, I fear in the future, if Next silently polyfills it, we end up in basically the same situation as now: manually having to check individual packages or worse, not ever even thinking about it because it "just works".

Relevant discussion here: #15999

[timneutkens]

Would it be possible to add build warnings for polyfilled modules?

Right now, when polyfills are missing, it will just crash and tell you on which specific Node module its bailing. Good time to find out where you're pulling in something potentially unwanted, I learnt that the hard way, but it was very helpful info.

However, I fear in the future, if Next silently polyfills it, we end up in basically the same situation as now: manually having to check individual packages or worse, not ever even thinking about it because it "just works".

Relevant discussion here: #15999

That's the plan yeah. Initially I'm just going to add the polyfills so that backwards compat is preserved.

[jerome-diver]

Warning message has wrong syntax. If user is not expert (and then new) with Webpack, this will push him to loose time to this kind of details neglected. I know it is difficult for expert to explain themself the easy way by choose appropriate linked existing words and syntax, but it is something good for the project if the doc and warning message are clearer as possible.
thank you to care about that.

[uladkasach]

Any tips on a good way to track down which module may be pulling in the heavy crypto polyfill? I'm facing tracking that down now

[balazsorban44]

This issue has been automatically locked due to no recent activity. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you.