Cannot run npm run storybook even in a brand new project.
How to reproduce:
yarn create vite --template react-ts
cd ./project
npx sb init --builder @storybook/builder-vite
npm run storybook
Error:
this[kHandle] = new _Hash(algorithm, xofLen);
^
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:71:19)
at Object.createHash (node:crypto:133:10)
at module.exports (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\util\createHash.js:135:53)
at NormalModule._initBuildHash (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:417:16)
at handleParseError (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:471:10)
at C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:503:5
at C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\webpack\lib\NormalModule.js:358:12
at C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\loader-runner\lib\LoaderRunner.js:373:3
at iterateNormalLoaders (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\loader-runner\lib\LoaderRunner.js:214:10)
at Array.<anonymous> (C:\Users\gugam\OneDrive\Documentos\Github\melo\node_modules\loader-runner\lib\LoaderRunner.js:205:4) {
opensslErrorStack: [ 'error:03000086:digital envelope routines::initialization error' ],
library: 'digital envelope routines',
reason: 'unsupported',
code: 'ERR_OSSL_EVP_UNSUPPORTED'
}
Node.js v18.13.0
Also, a ton of vulnerabilities when running npm audit:
ansi-html <0.0.8
Severity: high
Uncontrolled Resource Consumption in ansi-html - https://github.com/advisories/GHSA-whgm-jr23-g3j9
fix available via `npm audit fix`
node_modules/ansi-html
@pmmmwh/react-refresh-webpack-plugin <=0.5.0-rc.6
Depends on vulnerable versions of ansi-html
node_modules/@storybook/react/node_modules/@pmmmwh/react-refresh-webpack-plugin
@storybook/react 6.1.0-alpha.0 - 6.5.16
Depends on vulnerable versions of @pmmmwh/react-refresh-webpack-plugin
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
node_modules/@storybook/addon-essentials/node_modules/@storybook/react
node_modules/@storybook/react
@storybook/addon-docs <=6.5.0-rc.1
Depends on vulnerable versions of @mdx-js/loader
Depends on vulnerable versions of @mdx-js/mdx
Depends on vulnerable versions of @storybook/core
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of @storybook/react
node_modules/@storybook/addon-essentials/node_modules/@storybook/addon-docs
@storybook/addon-essentials 6.1.0-alpha.0 - 6.5.0-rc.1
Depends on vulnerable versions of @storybook/addon-docs
node_modules/@storybook/addon-essentials
browserslist 4.0.0 - 4.16.4
Severity: moderate
Regular Expression Denial of Service in browserslist - https://github.com/advisories/GHSA-w8qv-6jwh-64r5
fix available via `npm audit fix`
node_modules/react-dev-utils/node_modules/browserslist
react-dev-utils 0.5.2 - 12.0.0-next.60
Depends on vulnerable versions of browserslist
Depends on vulnerable versions of immer
Depends on vulnerable versions of loader-utils
Depends on vulnerable versions of recursive-readdir
Depends on vulnerable versions of shell-quote
node_modules/react-dev-utils
@storybook/core >=5.3.0-alpha.0
Depends on vulnerable versions of @storybook/core-server
Depends on vulnerable versions of cpy
Depends on vulnerable versions of glob-base
Depends on vulnerable versions of react-dev-utils
Depends on vulnerable versions of webpack
node_modules/@storybook/addon-essentials/node_modules/@storybook/addon-docs/node_modules/@storybook/core
node_modules/@storybook/addon-essentials/node_modules/@storybook/react/node_modules/@storybook/core
node_modules/@storybook/react/node_modules/@storybook/core
glob-parent <5.1.2
Severity: high
glob-parent before 5.1.2 vulnerable to Regular Expression Denial of Service in enclosure regex - https://github.com/advisories/GHSA-ww39-953v-wcq6
fix available via `npm audit fix`
node_modules/cpy/node_modules/glob-parent
node_modules/glob-base/node_modules/glob-parent
node_modules/watchpack-chokidar2/node_modules/glob-parent
chokidar 1.0.0-rc1 - 2.1.8
Depends on vulnerable versions of glob-parent
node_modules/watchpack-chokidar2/node_modules/chokidar
watchpack-chokidar2 *
Depends on vulnerable versions of chokidar
node_modules/watchpack-chokidar2
watchpack 1.7.2 - 1.7.5
Depends on vulnerable versions of watchpack-chokidar2
node_modules/watchpack
webpack 4.44.0 - 4.46.0
Depends on vulnerable versions of watchpack
node_modules/webpack
fast-glob <=2.2.7
Depends on vulnerable versions of glob-parent
node_modules/cpy/node_modules/fast-glob
globby 8.0.0 - 9.2.0
Depends on vulnerable versions of fast-glob
node_modules/cpy/node_modules/globby
cpy 7.0.0 - 8.1.2
Depends on vulnerable versions of globby
node_modules/cpy
@storybook/core-server <=7.0.0-alpha.6
Depends on vulnerable versions of @storybook/csf-tools
Depends on vulnerable versions of cpy
node_modules/@storybook/addon-essentials/node_modules/@storybook/addon-docs/node_modules/@storybook/core/node_modules/@storybook/core-server
node_modules/@storybook/addon-essentials/node_modules/@storybook/react/node_modules/@storybook/core/node_modules/@storybook/core-server
glob-base *
Depends on vulnerable versions of glob-parent
node_modules/glob-base
immer <=9.0.5
Severity: critical
Prototype Pollution in immer - https://github.com/advisories/GHSA-c36v-fmgq-m8hx
Prototype Pollution in immer - https://github.com/advisories/GHSA-33f9-j839-rf8h
fix available via `npm audit fix`
node_modules/immer
loader-utils 2.0.0 - 2.0.3
Severity: critical
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) - https://github.com/advisories/GHSA-hhq3-ff78-jv3g
Prototype pollution in webpack loader-utils - https://github.com/advisories/GHSA-76p3-8jx3-jpfq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable - https://github.com/advisories/GHSA-3rfm-jhwj-7488
fix available via `npm audit fix`
node_modules/@mdx-js/loader/node_modules/loader-utils
node_modules/react-dev-utils/node_modules/loader-utils
@mdx-js/loader 0.15.5 - 1.6.22
Depends on vulnerable versions of @mdx-js/mdx
Depends on vulnerable versions of loader-utils
node_modules/@mdx-js/loader
minimatch <3.0.5
Severity: high
minimatch ReDoS vulnerability - https://github.com/advisories/GHSA-f8q6-p94x-37v3
fix available via `npm audit fix`
node_modules/recursive-readdir/node_modules/minimatch
recursive-readdir 1.2.0 - 2.2.2
Depends on vulnerable versions of minimatch
node_modules/recursive-readdir
shell-quote <=1.7.2
Severity: critical
Improper Neutralization of Special Elements used in a Command in Shell-quote - https://github.com/advisories/GHSA-g4rg-993r-mgx7
fix available via `npm audit fix`
node_modules/shell-quote
trim <0.0.3
Severity: high
Regular Expression Denial of Service in trim - https://github.com/advisories/GHSA-w5p7-h5w8-2hfq
fix available via `npm audit fix`
node_modules/trim
remark-parse <=8.0.3
Depends on vulnerable versions of trim
node_modules/remark-parse
@mdx-js/mdx <=1.6.22
Depends on vulnerable versions of remark-mdx
Depends on vulnerable versions of remark-parse
node_modules/@mdx-js/mdx
@storybook/builder-vite <=0.1.37
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/builder-vite
@storybook/csf-tools <=6.5.16
Depends on vulnerable versions of @mdx-js/mdx
Depends on vulnerable versions of @storybook/mdx1-csf
node_modules/@storybook/addon-essentials/node_modules/@storybook/csf-tools
node_modules/@storybook/csf-tools
@storybook/mdx1-csf *
Depends on vulnerable versions of @mdx-js/mdx
node_modules/@storybook/mdx1-csf
remark-mdx <=1.6.22
Depends on vulnerable versions of remark-parse
node_modules/remark-mdx
31 vulnerabilities (1 moderate, 26 high, 4 critical)
Link to Minimal Reproducible Example
No response
Participation
[ ] I am willing to submit a pull request for this issue.
What version of
vite
are you using?4.0.0
System info and storybook versions
System: OS: Windows 10 10.0.22621 CPU: (12) x64 AMD Ryzen 5 4600G with Radeon Graphics Binaries: Node: 18.13.0 - C:\Program Files\nodejs\node.EXE Yarn: 1.22.19 - ~\AppData\Roaming\npm\yarn.CMD npm: 8.19.3 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Spartan (44.22621.1105.0), Chromium (109.0.1518.61) npmPackages: @storybook/addon-actions: ^6.5.16 => 6.5.16 @storybook/addon-essentials: ^6.4.22 => 6.4.22 @storybook/addon-interactions: ^6.5.16 => 6.5.16 @storybook/addon-links: ^6.5.16 => 6.5.16 @storybook/builder-vite: ^0.1.37 => 0.1.37 @storybook/react: ^6.1.21 => 6.1.21 @storybook/testing-library: ^0.0.13 => 0.0.13
Describe the Bug
Cannot run
npm run storybook
even in a brand new project.How to reproduce:
yarn create vite --template react-ts
cd ./project
npx sb init --builder @storybook/builder-vite
npm run storybook
Error:
Also, a ton of vulnerabilities when running
npm audit
:Link to Minimal Reproducible Example
No response
Participation