Cloudflare is currently down - Clerk browser relies on this

[achadee]

Preliminary Checks

• I have reviewed the documentation: https://clerk.com/docs

• I have searched for existing issues: https://github.com/clerk/javascript/issues

• I have not already reached out to Clerk support via email or Discord (if you have, no need to open an issue here)

• This issue is not a question, general help request, or anything other than a bug report directly related to Clerk. Please ask questions in our Discord community: https://clerk.com/discord.

Reproduction

N/A

Publishable key

N/A

Description

The network request on my production application:
https://clerk.skedyul.it/npm/@clerk/clerk-js@canary/dist/clerk.browser.js

500 Internal Server Error

https://www.npmjs.com/ (currently):

It makes no sense that my site should crash because we are pulling packages in the middleware (nextjs) - the package should have a fallback dist if the fetch fails.

Environment

import { clerkMiddleware, createRouteMatcher } from "@clerk/nextjs/server";
// Stop Middleware running on static files
export const config = {
  matcher: ["/((?!.+\\.[\\w]+$|_next).*)", "/", "/(api|trpc)(.*)"],
};

const isPublicRoute = createRouteMatcher([
  "",
  "/",
  ...
]);

export default clerkMiddleware(async (auth, request) => {
  if (!isPublicRoute(request)) {
    await auth.protect();
  }
});

// old cloerk version had version error with Next.js 15 => upgrade clerk v6
// AuthMiddleWare() is deprecated in clerk v6.0.0, use clerkMiddleware() instead
// https://clerk.com/docs/upgrade-guides/core-2/nextjs#migrating-to-clerk-middleware

[jacekradko]

Hi @achadee – thanks for flagging this, and sorry your app was affected.

Quick clarification: this wasn't your app pulling packages from npm in middleware. clerkMiddleware doesn't reach out to npm at runtime. The failing request you shared is the browser trying to load our pre-built JS SDK (clerk.browser.js) from our CDN (backed by Cloudflare). A Cloudflare outage caused that request to return 500s, which blocked client-side auth initialization. Here is some more detail on the outage: https://www.cloudflarestatus.com/incidents/lfrm31y6sw9q

[achadee]

Oh then I would recommend a fallback of just logging out the user and killing the existing session. Because right now when that fetch fails it is causing the page to spin for 5 mins then shows a clerk handshake fail

If i understand this correctly its not a middleware issue so I should be able to catch this somewhere in nextjs?

[achadee]

here:

javascript/packages/shared/src/url.ts

Lines 55 to 58 in 1bb6a46

	export const getScriptUrl = (frontendApi: string, { clerkJSVersion }: { clerkJSVersion?: string }) => {
	const noSchemeFrontendApi = frontendApi.replace(/http(s)?:\/\//, '');
	const major = getClerkJsMajorVersionOrTag(frontendApi, clerkJSVersion);
	return `https://${noSchemeFrontendApi}/npm/@clerk/clerk-js@${clerkJSVersion || major}/dist/clerk.browser.js`;