DeprecationWarning: Buffer() is deprecated due to security and usability issues when I move my script to another server

node.jsNpm

node.js Problem Overview

Getting error when script move to other server.

>(node:15707) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

Current Versions:

Ubuntu 16.04.4 LTS  
Node - v10.9.0  
NPM - 6.2.0

Previous Version:

Ubuntu 14.04.3 LTS
NPM - 3.10.10
Node - v6.10.3



exports.basicAuthentication = function (req, res, next) {
    console.log("basicAuthentication");
    if (!req.headers.authorization) {
        return res.status(401).send({
            message: "Unauthorised access"
        });
    }
    var auth = req.headers.authorization;
    var baseAuth = auth.replace("Basic", "");
    baseAuth = baseAuth.trim();
    var userPasswordString = new Buffer(baseAuth, 'base64').toString('ascii');
    var credentials = userPasswordString.split(':');

    var username = credentials[0] !== undefined ? credentials[0] : '';
    var password = credentials[1] !== undefined ? credentials[1] : '';
    var userQuery = {mobilenumber: username, otp: password};
    console.log(userQuery);
    User.findOne(userQuery).exec(function (err, userinfo) {
        if (err || !userinfo) {
             return res.status(401).send({
                message: "Unauthorised access"
             });
        } else {
            req.user = userinfo;
            next();
        }
    });

 }

node.js Solutions

Solution 1 - node.js

new Buffer(number)            // Old
Buffer.alloc(number)          // New

new Buffer(string)            // Old
Buffer.from(string)           // New

new Buffer(string, encoding)  // Old
Buffer.from(string, encoding) // New

new Buffer(...arguments)      // Old
Buffer.from(...arguments)     // New

Note that Buffer.alloc() is also faster on the current Node.js versions than new Buffer(size).fill(0), which is what you would otherwise need to ensure zero-filling.

Solution 2 - node.js

The use of the deprecated new Buffer() constructor (i.E. as used by Yarn) can cause deprecation warnings. Therefore one should NOT use the deprecated/unsafe Buffer constructor.

According to the deprecation warning new Buffer() should be replaced with one of:

  • Buffer.alloc()
  • Buffer.allocUnsafe() or
  • Buffer.from()

Another option in order to avoid this issue would be using the safe-buffer package instead.

You can also try (when using yarn..):

yarn global add yarn

as mentioned here: Link

Another suggestion from the comments (thx to gkiely): self-update

>Note: self-update is not available. See policies for enforcing versions within a project

In order to update your version of Yarn, run

curl --compressed -o- -L https://yarnpkg.com/install.sh | bash

Solution 3 - node.js

var userPasswordString = new Buffer(baseAuth, 'base64').toString('ascii');

Change this line from your code to this -

var userPasswordString = Buffer.from(baseAuth, 'base64').toString('ascii');

or in my case, I gave the encoding in reverse order

var userPasswordString = Buffer.from(baseAuth, 'utf-8').toString('base64');
Categories
Recommended node.js Solutions
Recommended Npm Solutions

Previous Solution:

What is linux equivalent of "host.docker.internal"

DockerDocker for-WindowsDocker for-MacDocker Desktop

Next Solution:

componentDidMount equivalent on a React function/Hooks component?

JavascriptReactjsReact Hooks

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionDevendra ChauhanView Question on Stackoverflow
Solution 1 - node.jsNebojsa SapicView Answer on Stackoverflow
Solution 2 - node.jsiLuvLogixView Answer on Stackoverflow
Solution 3 - node.jsVibhor DubeView Answer on Stackoverflow