SyntaxFix

[node.js] DeprecationWarning: Buffer() is deprecated due to security and usability issues when I move my script to another server

Getting error when script move to other server.

(node:15707) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

Current Versions: 

Ubuntu 16.04.4 LTS  
Node - v10.9.0  
NPM - 6.2.0

Previous Version:

Ubuntu 14.04.3 LTS
NPM - 3.10.10
Node - v6.10.3



exports.basicAuthentication = function (req, res, next) {
    console.log("basicAuthentication");
    if (!req.headers.authorization) {
        return res.status(401).send({
            message: "Unauthorised access"
        });
    }
    var auth = req.headers.authorization;
    var baseAuth = auth.replace("Basic", "");
    baseAuth = baseAuth.trim();
    var userPasswordString = new Buffer(baseAuth, 'base64').toString('ascii');
    var credentials = userPasswordString.split(':');

    var username = credentials[0] !== undefined ? credentials[0] : '';
    var password = credentials[1] !== undefined ? credentials[1] : '';
    var userQuery = {mobilenumber: username, otp: password};
    console.log(userQuery);
    User.findOne(userQuery).exec(function (err, userinfo) {
        if (err || !userinfo) {
             return res.status(401).send({
                message: "Unauthorised access"
             });
        } else {
            req.user = userinfo;
            next();
        }
    });

 }

This question is related to node.js npm

The answer is

new Buffer(number)            // Old
Buffer.alloc(number)          // New

new Buffer(string)            // Old
Buffer.from(string)           // New

new Buffer(string, encoding)  // Old
Buffer.from(string, encoding) // New

new Buffer(...arguments)      // Old
Buffer.from(...arguments)     // New

Note that Buffer.alloc() is also faster on the current Node.js versions than new Buffer(size).fill(0), which is what you would otherwise need to ensure zero-filling.

The use of the deprecated new Buffer() constructor (i.E. as used by Yarn) can cause deprecation warnings. Therefore one should NOT use the deprecated/unsafe Buffer constructor.

According to the deprecation warning new Buffer() should be replaced with one of:

  • Buffer.alloc()
  • Buffer.allocUnsafe() or
  • Buffer.from()

Another option in order to avoid this issue would be using the safe-buffer package instead.

You can also try (when using yarn..):

yarn global add yarn

as mentioned here: Link

Another suggestion from the comments (thx to gkiely): self-update

Note: self-update is not available. See policies for enforcing versions within a project

In order to update your version of Yarn, run 

curl --compressed -o- -L https://yarnpkg.com/install.sh | bash

var userPasswordString = new Buffer(baseAuth, 'base64').toString('ascii');

Change this line from your code to this -

var userPasswordString = Buffer.from(baseAuth, 'base64').toString('ascii');

or in my case, I gave the encoding in reverse order

var userPasswordString = Buffer.from(baseAuth, 'utf-8').toString('base64');

Source: Stackoverflow.com

Examples related to node.js

Hide Signs that Meteor.js was Used Querying date field in MongoDB with Mongoose SyntaxError: Cannot use import statement outside a module Server Discovery And Monitoring engine is deprecated How to fix ReferenceError: primordials is not defined in node UnhandledPromiseRejectionWarning: This error originated either by throwing inside of an async function without a catch block dyld: Library not loaded: /usr/local/opt/icu4c/lib/libicui18n.62.dylib error running php after installing node with brew on Mac internal/modules/cjs/loader.js:582 throw err DeprecationWarning: Buffer() is deprecated due to security and usability issues when I move my script to another server Please run `npm cache clean`

Examples related to npm

What does 'x packages are looking for funding' mean when running `npm install`? error: This is probably not a problem with npm. There is likely additional logging output above Module not found: Error: Can't resolve 'core-js/es6' Browserslist: caniuse-lite is outdated. Please run next command `npm update caniuse-lite browserslist` ERROR in The Angular Compiler requires TypeScript >=3.1.1 and <3.2.0 but 3.2.1 was found instead DeprecationWarning: Buffer() is deprecated due to security and usability issues when I move my script to another server Please run `npm cache clean` What exactly is the 'react-scripts start' command? On npm install: Unhandled rejection Error: EACCES: permission denied Difference between npx and npm?

Tags

Pmd Inputstreamreader Qt Invoice Color-blindness Text2image Fcntl Global-scope Minimumosversion Hft Statusnet Sdl Faultexception Rpgle Counter-cache Scope-chain Eclipse-rap Editcontrol Rte Auto-increment Resourceproviderfactory Freeswitch Meta-title Rollup Delta-row-compression Email-analytics Directdraw Diskspace Colorize Neko Python-sphinx Ajax Distributed-system Getelementsbytagname Tree-search Bulk-email Android-c2dm Mpmovieplayercontroller Accessorytype Isapi Timedelta Custom-data-type Stub-data-generation Vmware-workstation Convex-polygon Moss Video-card Dimension Text-comparison Static-factory Java-stored-procedures Meeting-request Netapi32 Css-sprites Line-count Worker-processes Require Sql-order-by Implicit-surface Jtabbedpane Swizzling Mbeans Uibutton Wordml Slice Timecodes Event-hooking Zbuffer Search-tree Lidar-data Templating-engine Subdomain Treetable Web-admin Atof Imultivalueconverter Syck Mainframe Iequalitycomparer Profile Oscommerce Limit-clause Instanceof Rsh Vhdl User-object Qdockwidget Ppp Open-basedir City Rspec-rails Nvl Cocoahttpserver Icc Cardinality Codepoint Fading Jmockit Fsevents Tpngimagelist