Previously, Wrangler treated any imports of node:* modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here's an example of a function that would cause Wrangler to fail to build:
export function randomBytes(length: number) {
if (navigator.userAgent !== "Cloudflare-Workers") {
return new Uint8Array(require("node:crypto").randomBytes(length));
} else {
return crypto.getRandomValues(new Uint8Array(length));
}
}
This function should work in both Workers and Node, since it gates Node-specific functionality behind a user agent check, and falls back to the built-in Workers crypto API. Instead, Wrangler detected the node:crypto import and failed with the following error:
✘ [ERROR] Could not resolve "node:crypto"
src/randomBytes.ts:5:36:
5 │ ... return new Uint8Array(require('node:crypto').randomBytes(length));
╵ ~~~~~~~~~~~~~
The package "node:crypto" wasn't found on the file system but is built into node.
Add "node_compat = true" to your wrangler.toml file to enable Node.js compatibility.
This change turns that Wrangler build failure into a warning, which users can choose to ignore if they know the import of node:* APIs is safe (because it will never trigger at runtime, for instance):
▲ [WARNING] The package "node:crypto" wasn't found on the file system but is built into node.
However, in a lot of cases, it's possible to know at build time whether the import is safe. This change also injects navigator.userAgent into esbuild's bundle settings as a predefined constant, which means that esbuild can tree-shake away imports of node:* APIs that are guaranteed not to be hit at runtime, supressing the warning entirely.
Previously, Wrangler treated any imports of node:* modules as build-time errors (unless one of the two Node.js compatibility modes was enabled). This is sometimes overly aggressive, since those imports are often not hit at runtime (for instance, it was impossible to write a library that worked across Node.JS and Workers, using Node packages only when running in Node). Here's an example of a function that would cause Wrangler to fail to build:
export function randomBytes(length: number) {
if (navigator.userAgent !== "Cloudflare-Workers") {
return new Uint8Array(require("node:crypto").randomBytes(length));
} else {
return crypto.getRandomValues(new Uint8Array(length));
}
}
This function should work in both Workers and Node, since it gates Node-specific functionality behind a user agent check, and falls back to the built-in Workers crypto API. Instead, Wrangler detected the node:crypto import and failed with the following error:
✘ [ERROR] Could not resolve "node:crypto"
src/randomBytes.ts:5:36:
5 │ ... return new Uint8Array(require('node:crypto').randomBytes(length));
╵ ~~~~~~~~~~~~~
The package "node:crypto" wasn't found on the file system but is built into node.
Add "node_compat = true" to your wrangler.toml file to enable Node.js compatibility.
This change turns that Wrangler build failure into a warning, which users can choose to ignore if they know the import of node:* APIs is safe (because it will never trigger at runtime, for instance):
▲ [WARNING] The package "node:crypto" wasn't found on the file system but is built into node.
However, in a lot of cases, it's possible to know at build time whether the import is safe. This change also injects navigator.userAgent into esbuild's bundle settings as a predefined constant, which means that esbuild can tree-shake away imports of node:* APIs that are guaranteed not to be hit at runtime, supressing the warning entirely.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps wrangler from 3.26.0 to 3.28.0.
Release notes
Sourced from wrangler's releases.
... (truncated)
Changelog
Sourced from wrangler's changelog.
... (truncated)
Commits
a71afaf
Version Packages (#4934)d637bd5
Extend error handling of proxy request errors in ProxyWorker (#4867)d96bc7d
fix: allowport
option to be specified withunstable_dev()
(#4953)4a735c4
improve(r2): Update Sippy endpoint request payloads to match new schema (#4928)cf9c029
Improve DX withnode:*
modules (#4499)a14bd1d
add acf
field to thegetBindingsProxy
result (#4926)321c7ed
fix: make the entrypoint optional for thetypes
command (#4931)75bd08a
[D1] print wrangler banner at the start of every D1 command (#4938)52f6c79
Version Packages (#4891)2469e9f
Python support (#4901)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show