Module not found: Can't resolve 'crypto'

[mwawrusch]

Environment

System:
OS: macOS 13.2.1
CPU: (10) arm64 Apple M1 Pro
Memory: 1.66 GB / 32.00 GB
Shell: 5.8.1 - /bin/zsh
Binaries:
Node: 18.14.2 - ~/.nvm/versions/node/v18.14.2/bin/node
Yarn: 1.22.19 - ~/.nvm/versions/node/v18.14.2/bin/yarn
npm: 9.5.0 - ~/.nvm/versions/node/v18.14.2/bin/npm
Browsers:
Chrome: 113.0.5672.92
Safari: 16.3

Reproduction URL

na

Describe the issue

Using the latest next-auth and next I can't create a production build. I get the following error message:

Module not found: Can't resolve 'crypto'

here:
./node_modules/next-auth/core/init.js:10:14
./node_modules/next-auth/core/lib/csrf-token.js:8:14
./node_modules/next-auth/core/lib/email/signin.js:8:14
./node_modules/next-auth/core/lib/utils.js:10:14
./node_modules/oauth/lib/oauth.js:1:12

package json:

  "dependencies": {
    "@algolia/autocomplete-js": "^1.8.3",
    "@algolia/autocomplete-theme-classic": "^1.8.3",
    "@coinbase/wallet-sdk": "3.6.3",
    "@everipedia/wagmi-magic-connector": "0.9.1",
    "@floating-ui/react": "0.22.3",
    "@fortawesome/fontawesome-svg-core": "6.4.0",
    "@fortawesome/free-brands-svg-icons": "6.4.0",
    "@fortawesome/pro-light-svg-icons": "6.4.0",
    "@fortawesome/pro-regular-svg-icons": "6.4.0",
    "@fortawesome/pro-solid-svg-icons": "6.4.0",
    "@fortawesome/pro-thin-svg-icons": "6.4.0",
    "@fortawesome/react-fontawesome": "0.2.0",
    "@headlessui/react": "1.7.13",
    "@magic-ext/connect": "6.2.0",
    "@magic-ext/oauth": "^7.1.0",
    "@magic-sdk/provider": "^13.1.0",
    "@mux/mux-video-react": "0.7.8",
    "@ramp-network/ramp-instant-sdk": "4.0.1",
    "@reservoir0x/reservoir-sdk": "0.7.3",
    "@sentry/nextjs": "7.46.0",
    "@types/node": "18.15.11",
    "@types/react": "18.0.33",
    "@types/react-dom": "18.0.11",
    "@vercel/edge-config": "0.1.5",
    "@walletconnect/sign-client": "2.3.2",
    "@walletconnect/web3-provider": "1.8.0",
    "algoliasearch": "^4.17.0",
    "blockies-react-svg": "0.0.13",
    "client-only": "^0.0.1",
    "daisyui": "2.50.0",
    "encoding": "0.1.13",
    "eth-url-parser": "1.0.2",
    "ethers": "5.7.2",
    "graphql-request": "5.1.0",
    "instantsearch.css": "^8.0.0",
    "iron-session": "6.3.1",
    "luxon": "3.3.0",
    "magic-sdk": "13.1.0",
    "next": "13.4.1",
    "react": "18.2.0",
    "react-dom": "18.2.0",
    "react-hook-form": "7.43.9",
    "react-hot-toast": "2.4.0",
    "react-hotkeys-hook": "4.3.8",
    "react-instantsearch-hooks-web": "6.43.0",
    "react-markdown": "8.0.7",
    "react-overlays": "5.2.1",
    "react-page-visibility": "7.0.0",
    "react-qr-code": "2.0.11",
    "rooks": "7.8.4",
    "server-only": "^0.0.1",
    "sharp": "0.32.1",
    "siwe": "2.0.5",
    "swr": "2.0.3",
    "tiny-invariant": "1.3.1",
    "typescript": "4.9.5",
    "typesense": "1.5.3",
    "typesense-instantsearch-adapter": "2.6.0",
    "usehooks-ts": "2.9.1",
    "wagmi": "0.10.15",
    "web3-token": "1.0.4",
    "web3modal": "1.9.12",
    "immer": "10.0.1",
    "next-auth": "4.22.1"
  },
  "devDependencies": {
    "@graphql-codegen/cli": "3.3.1",
    "@graphql-codegen/introspection": "3.0.1",
    "@graphql-codegen/typescript": "3.0.4",
    "@graphql-codegen/typescript-graphql-request": "4.5.9",
    "@graphql-codegen/typescript-operations": "3.0.4",
    "@graphql-codegen/typescript-react-apollo": "3.3.7",
    "@headlessui/tailwindcss": "0.1.2",
    "@tailwindcss/aspect-ratio": "0.4.2",
    "@tailwindcss/container-queries": "0.1.1",
    "@types/eth-url-parser": "^1.0.0",
    "autoprefixer": "^10.4.14",
    "eslint": "8.36.0",
    "eslint-config-next": "13.2.4",
    "lokijs": "1.5.12",
    "pino-pretty": "9.1.1",
    "postcss": "^8.4.21",
    "tailwindcss": "3.3.2"
  }

next.config.js:

**/** @type {import('next').NextConfig} */
const nextConfig = {
  experimental: {
    appDir: true,
    serverActions: true,
  },
  productionBrowserSourceMaps: false,
  basePath: '', 
  images: {
    remotePatterns: [
      {
        protocol: 'https',
        hostname: 'tokens.rojiapi.com',
        port: '',
        pathname: '/**',
      },
    ],
  },
}

module.exports = nextConfig

How to reproduce

See above

Expected behavior

It should compile.

[balazsorban44]

Without a reproduction, it's hard to say anything. You likely just need to bump Next.js/Node.js though. We recently made sure that crypto is available in all environments where necessary:

vercel/next.js#48941

[mwawrusch]

Thanks. I will check it out. If not working I'll create a repo to test.

[mwawrusch]

Found the reason. I was using edge runtime on some routes

export const runtime = 'edge';

[darcy-vitacca]

Is there anyway to get this to work with edge runtime? getServerSession on an edge function is giving the above crypto error. I have the latest of all release of next-auth next etc.

[willin]

met the same error

[willin]

vercel/next.js#50444

[willin]

{
"dependencies": {
    "classnames": "^2.3.2",
    "dayjs": "^1.11.7",
    "dlv": "^1.1.3",
    "next": "^13.3.1",
    "next-auth": "^4.22.1",
    "punycode": "^2.3.0",
    "react": "18.2.0",
    "react-dom": "18.2.0",
    "remote-cloudflare-kv": "^0.0.1",
    "server-only": "^0.0.1",
    "swr": "^2.1.5",
    "templite": "^1.2.0",
    "theme-change": "^2.5.0"
  }
}

works on 13.3.1,

when 13.3.2 page always loading...

then 13.4 Module not found: Can't resolve 'crypto'

[edwardshturman]

Confirming still an issue on latest for both Next.js and NextAuth. Thanks Balázs for the clarification here; do we have an estimate for when edge function compatibility will ship? Thanks! 🙏

[moorage]

Ran into this issue today, running with:

    "next": "13.4.15",
    "next-auth": "^4.23.0",

UPDATE: I figured out that I had combined some code in a shared-code library that was "nodejs" runtime and "edge-only" runtime. I had to split it into two different libraries, e.g.

edge-only-lib.ts
nodejs-lib.ts

That kept the compiler from trying to combine (unused) library functions that required nodejs (e..g nextauth) into the edge endpoints.

[edwardshturman]

Noting that NextAuth supports the Edge Runtime in the experimental v5 and this is fixed for me; works great so far. Thanks Balázs and team :)

[TimKieu]

I found this on "next-auth": "^4.24.5",

10:56:20.860	▲ ./node_modules/next-auth/core/init.js:10:14
10:56:20.860	▲ Module not found: Can't resolve 'crypto'

var _crypto = require("crypto");

Can you remove or use crypto-js which supports edge runtime? Or use built-in crypto lib.

[andreimacavei]

I wasn't first sure why I had this problem because the error is quite misleading, as I was also using "crypto" package to generate a random string. I am using

"next": "14.2.0-canary.0",
"next-auth": "^4.24.7",

For me it's this breaks the entire edge runtime. I cannot use vercel's edge not even on a API route that has no NextAuth authentication running.

[mwawrusch]

I wasn't first sure why I had this problem because the error is quite misleading, as I was also using "crypto" package to generate a random string. I am using

"next": "14.2.0-canary.0",
"next-auth": "^4.24.7",

For me it's this breaks the entire edge runtime. I cannot use vercel's edge not even on a API route that has no NextAuth authentication running.

Not sure if it helps with this problem but I'd suggest to use version 5, even if it's still in beta

[shuffledex]

same issue here...
move to version 5 is not an easy solution, we have to adapt the code and I am not able to do right now just for test if it is work. in conclusion, using edge (next.js 14) and next-auth 4.x are incompatible right now

[mwawrusch]

le righ

FYI, for one app I just moved to iron-session to avoid all those headaches.

[mwawrusch]

same issue here... move to version 5 is not an easy solution, we have to adapt the code and I am not able to do right now just for test if it is work. in conclusion, using edge (next.js 14) and next-auth 4.x are incompatible right now

The move itself should take about 2 hours, give or take. Most time will be spent finding the correct version and docs ;)
But yeah, totally get you. I have spent way too much time on 'unproductive' tasks regarding auth lately.

[ChristopherHButler]

I just got everything working on v4 and then I got hit with a Serverless Function has timed out in production, uggggggh.

[minodisk]

I was getting this error with 4.24.7, but when I built with 5.0.0-beta.17, this error disappeared.

[kristoff-cjm]

I'm still getting this error using:
next-auth@5.0.0-beta.17
next@14.2.3

It seems like this issue was closed a while ago, did I miss some way to get around the error somewhere?
Are other people still getting this error?
My use case is doing next-auth in the middleware of my next app. If I import the auth function into middleware at all it won't compile.

[Mnigos]

I'm also getting this error

    "next": "14.2.3",
    "next-auth": "^4.24.7",