search

bluesky-social / atproto

Social networking technology created by Bluesky
Other
6.07k stars 426 forks source link

@atproto/xrpc-server: Critical dependency: the request of a dependency is an expression #1406

Open emctague opened 1 year ago

emctague commented 1 year ago

Describe the bug

When trying to use verifyJwt() on the server-side, I get the warnings:

- warn ./node_modules/@atproto/xrpc-server/dist/index.js
Critical dependency: the request of a dependency is an expression

Import trace for requested module:
./node_modules/@atproto/xrpc-server/dist/index.js
./path_to_my_code.ts

./node_modules/@atproto/xrpc-server/dist/index.js
Critical dependency: the request of a dependency is an expression

Import trace for requested module:
./node_modules/@atproto/xrpc-server/dist/index.js
./path_to_my_code.ts

To Reproduce

Steps to reproduce the behavior:

  1. Create a NodeJS project of some sort (in this case, a Next.js application.)
  2. In your server-side code, invoke await xrpc.verifyJwt(jwt, did, async () => BSKY_PUBLIC_KEY) where const BSKY_PUBLIC_KEY = "zQYEBzXeuTM9UR3rfvNag6L3RNAs5pQZyYPsomTsgQhsxLdEgCrPTLgFna8yqCnxPpNT7DBk6Ym3dgPKNu86vt9GR".
  3. Attempt to run code.
  4. Notice that it's complaining about being unable to find utf-8-validate and bufferutil. Install them.
  5. Attempt to run code again.

Expected behavior

All dependencies for the package should be installed when the package is installed, and the package should not produce strange at runtime instead of properly verifying the JWT.

Details

Additional context

This same project also uses @atproto/api, which works fine and never raised any dependency errors in this manner.

emctague commented 1 year ago

It seems explicitly requiring src/auth.ts serves as a workaround...

import { verifyJwt } from "@atproto/xrpc-server/src/auth";

But being unable to use the package from a Next project in a normal way is still.. unfortunate.

dholms commented 1 year ago

hmm these seem to come from the ws package: https://www.npmjs.com/package/ws (see the "Opt-in for performance" section)

I'm a bit surprised that it's failing though, I've used this package in other node projects with no problem. Maybe it's a NextJS constraint? Seems like you should run into this if node buffers are available