search

storybookjs / builder-vite

A builder plugin to run and build Storybooks with Vite
MIT License
886 stars 109 forks source link

[Bug] Does not start when using Node 18 #550

Closed GustavoMelloGit closed 1 year ago

GustavoMelloGit commented 1 year ago

What version of vite are you using?

4.0.0

System info and storybook versions

System: OS: Windows 10 10.0.22621 CPU: (12) x64 AMD Ryzen 5 4600G with Radeon Graphics Binaries: Node: 18.13.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.19 - ~\AppData\Roaming\npm\yarn.CMD npm: 8.19.3 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Spartan (44.22621.1105.0), Chromium (109.0.1518.61) npmPackages: @storybook/addon-actions: ^6.5.16 => 6.5.16 @storybook/addon-essentials: ^6.4.22 => 6.4.22 @storybook/addon-interactions: ^6.5.16 => 6.5.16 @storybook/addon-links: ^6.5.16 => 6.5.16 @storybook/builder-vite: ^0.1.37 => 0.1.37 @storybook/react: ^6.1.21 => 6.1.21 @storybook/testing-library: ^0.0.13 => 0.0.13

Describe the Bug

Cannot run npm run storybook even in a brand new project.

How to reproduce:

  1. yarn create vite --template react-ts
  2. cd ./project
  3. npx sb init --builder @storybook/builder-vite
  4. npm run storybook

Error:

this[kHandle] = new _Hash(algorithm, xofLen);
                  ^

Error: error:0308010C:digital envelope routines::unsupported
    at new Hash (node:internal/crypto/hash:71:19)
    at Object.createHash (node:crypto:133:10)
    at module.exports (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\util\createHash.js:135:53)
    at NormalModule._initBuildHash (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:417:16)
    at handleParseError (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:471:10)
    at C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:503:5
    at C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:358:12
    at C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\loader-runner\lib\LoaderRunner.js:373:3
    at iterateNormalLoaders (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\loader-runner\lib\LoaderRunner.js:214:10)
    at Array.<anonymous> (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\loader-runner\lib\LoaderRunner.js:205:4) {
  opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
  library: 'digital envelope routines',
  reason: 'unsupported',
  code: 'ERR_OSSL_EVP_UNSUPPORTED'
}

Node.js v18.13.0

Also, a ton of vulnerabilities when running npm audit:

ansi-html  <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
  @pmmmwh/react-refresh-webpack-plugin  <=0.5.0-rc.6
  Depends on vulnerable versions of ansi-html
  node_modules/@storybook/react/node_modules/@pmmmwh/react-refresh-webpack-plugin
    @storybook/react  6.1.0-alpha.0 - 6.5.16
    Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
    Depends on vulnerable versions of @storybook/core
    Depends on vulnerable versions of @storybook/core
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of webpack
    node_modules/@storybook/addon-essentials/node_modules/@storybook/react
    node_modules/@storybook/react
      @storybook/addon-docs  <=6.5.0-rc.1
      Depends on vulnerable versions of @mdx-js/loader
      Depends on vulnerable versions of @mdx-js/mdx
      Depends on vulnerable versions of @storybook/core
      Depends on vulnerable versions of @storybook/csf-tools
      Depends on vulnerable versions of @storybook/react
      node_modules/@storybook/addon-essentials/node_modules/@storybook/addon-docs
        @storybook/addon-essentials  6.1.0-alpha.0 - 6.5.0-rc.1
        Depends on vulnerable versions of @storybook/addon-docs
        node_modules/@storybook/addon-essentials

browserslist  4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/react-dev-utils/node_modules/browserslist
  react-dev-utils  0.5.2 - 12.0.0-next.60
  Depends on vulnerable versions of browserslist
  Depends on vulnerable versions of immer
  Depends on vulnerable versions of loader-utils
  Depends on vulnerable versions of recursive-readdir
  Depends on vulnerable versions of shell-quote
  node_modules/react-dev-utils
    @storybook/core  >=5.3.0-alpha.0
    Depends on vulnerable versions of @storybook/core-server
    Depends on vulnerable versions of cpy
    Depends on vulnerable versions of glob-base
    Depends on vulnerable versions of react-dev-utils
    Depends on vulnerable versions of webpack
    node_modules/@storybook/addon-essentials/node_modules/@storybook/addon-docs/node_modules/@storybook/core
    node_modules/@storybook/addon-essentials/node_modules/@storybook/react/node_modules/@storybook/core
    node_modules/@storybook/react/node_modules/@storybook/core

glob-parent  <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/cpy/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
  chokidar  1.0.0-rc1 - 2.1.8
  Depends on vulnerable versions of glob-parent
  node_modules/watchpack-chokidar2/node_modules/chokidar
    watchpack-chokidar2  *
    Depends on vulnerable versions of chokidar
    node_modules/watchpack-chokidar2
      watchpack  1.7.2 - 1.7.5
      Depends on vulnerable versions of watchpack-chokidar2
      node_modules/watchpack
        webpack  4.44.0 - 4.46.0
        Depends on vulnerable versions of watchpack
        node_modules/webpack
  fast-glob  <=2.2.7
  Depends on vulnerable versions of glob-parent
  node_modules/cpy/node_modules/fast-glob
    globby  8.0.0 - 9.2.0
    Depends on vulnerable versions of fast-glob
    node_modules/cpy/node_modules/globby
      cpy  7.0.0 - 8.1.2
      Depends on vulnerable versions of globby
      node_modules/cpy
        @storybook/core-server  <=7.0.0-alpha.6
        Depends on vulnerable versions of @storybook/csf-tools
        Depends on vulnerable versions of cpy
        node_modules/@storybook/addon-essentials/node_modules/@storybook/addon-docs/node_modules/@storybook/core/node_modules/@storybook/core-server
        node_modules/@storybook/addon-essentials/node_modules/@storybook/react/node_modules/@storybook/core/node_modules/@storybook/core-server
  glob-base  *
  Depends on vulnerable versions of glob-parent
  node_modules/glob-base

immer  <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
fix available via `npm audit fix`
node_modules/immer

loader-utils  2.0.0 - 2.0.3
Severity: critical
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
fix available via `npm audit fix`
node_modules/@mdx-js/loader/node_modules/loader-utils
node_modules/react-dev-utils/node_modules/loader-utils
  @mdx-js/loader  0.15.5 - 1.6.22
  Depends on vulnerable versions of @mdx-js/mdx
  Depends on vulnerable versions of loader-utils
  node_modules/@mdx-js/loader

minimatch  <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/recursive-readdir/node_modules/minimatch
  recursive-readdir  1.2.0 - 2.2.2
  Depends on vulnerable versions of minimatch
  node_modules/recursive-readdir

shell-quote  <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote

trim  <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix`
node_modules/trim
  remark-parse  <=8.0.3
  Depends on vulnerable versions of trim
  node_modules/remark-parse
    @mdx-js/mdx  <=1.6.22
    Depends on vulnerable versions of remark-mdx
    Depends on vulnerable versions of remark-parse
    node_modules/@mdx-js/mdx
      @storybook/builder-vite  <=0.1.37
      Depends on vulnerable versions of @mdx-js/mdx
      node_modules/@storybook/builder-vite
      @storybook/csf-tools  <=6.5.16
      Depends on vulnerable versions of @mdx-js/mdx
      Depends on vulnerable versions of @storybook/mdx1-csf
      node_modules/@storybook/addon-essentials/node_modules/@storybook/csf-tools
      node_modules/@storybook/csf-tools
      @storybook/mdx1-csf  *
      Depends on vulnerable versions of @mdx-js/mdx
      node_modules/@storybook/mdx1-csf
    remark-mdx  <=1.6.22
    Depends on vulnerable versions of remark-parse
    node_modules/remark-mdx

31 vulnerabilities (1 moderate, 26 high, 4 critical)

Link to Minimal Reproducible Example

No response

Participation

IanVS commented 1 year ago

If you're using Node 18, your options are to update to Storybook 7.0, downgrade to node 16, or run with the --openssl-legacy-provider node flag.