The ERR_OSSL_EVP_UNSUPPORTED
error happens in Node.js when a JavaScript module still uses a flawed OpenSSL version that is incompatible with the version Node.js uses.
To fix it, downgrade to Node.js v16.13.0, or use the npm audit fix --force
command to upgrade your packages to versions that use the updated OpenSSL version.
Why does the ERR_OSSL_EVP_UNSUPPORTED
error occur in Node.js?
In Node.js v17, the Node.js team patched an OpenSSL security vulnerability. This fix introduced a breaking change; if you try to use OpenSSL in Node.js v17 or later versions without simultaneously updating those modules that use previous OpenSSL versions, you’ll get this error.
And you’ll get it the next time Node.js updates to use a newer OpenSSL version with breaking changes and you haven’t updated the OpenSSL-dependent libraries.
Fix: upgrade NPM packages
To fix the ERR_OSSL_EVP_UNSUPPORTED
error, update the Node.js packages causing the error to the latest version.
Run npm audit fix
to fix vulnerabilities
You can run the npm audit fix
command to identify those packages using the outdated OpenSSL version and fix them automatically.
npm audit fix
npm audit fix
reviews the project’s dependency tree to identify packages that have known vulnerabilities, and attempts to upgrade and/or fix the vulnerable dependencies to a safe version.
npm audit fix --force
If you want to install semver
major updates to vulnerable packages, you can use the --force
option.
npm audit fix --force
Be cautious with this option as it could potentially break your project.
yarn-audit-fix
If you’re a Yarn user, you can use the yarn-audit-fix
package to do what npm audit fix
does.
Upgrade Webpack to v5
If you’re using Webpack directly to bundle your files, you can upgrade it to version v5 – specifically, v5.61.0 – to fix the ERR_OSSL_EVP_UNSUPPORTED
error.
npm i webpack@latest
# Yarn
yarn add webpack@latest
If instead, you’re using a tool like Create React App and the Vue CLI that use Webpack internally, you’ll upgrade the tool to a version that doesn’t have this error.
Fix for Create React App: Upgrade react-scripts
to v5
If you’re using Create React App then you can fix the ERR_OSSL_EVP_UNSUPPORTED
error by upgrading react-scripts
to version 5, which comes with the newer Webpack version 5.
Install version 5 or later with this command:
npm i react-scripts@latest
# Yarn
yarn add react-scripts@latest
Fix for Vue CLI: Upgrade to v5
Similarly for the Vue CLI, you can fix the ERR_OSSL_EVP_UNSUPPORTED
error by upgrading the Vue CLI to version 5 which also comes with the newer Webpack version 5.
Install Vue CLI version 5 or later with this command:
npm update -g @vue/cli
# OR
yarn global upgrade --latest @vue/cli
More info on how to upgrade the Vue CLI here.
Fix: Use --openssl-legacy-provider
option
To fix the ERR_OSSL_EVP_UNSUPPORTED
error in Node.js, you can also use the --openssl-legacy-provider
option when running the script.
This solution is more of a hack though, as it leaves your app open to security threats.
The --openssl-legacy-provider
option is only available in Node version 17 or later.
Run with script
So for the start
script, you’ll use this command:
export NODE_OPTIONS=--openssl-legacy-provider && npm run start
# Windows
set NODE_OPTIONS=--openssl-legacy-provider && npm run start
Modify script
You can also set this directly in the script to avoid needless repetition.
On Linux/Mac:
{
...
"scripts": {
"start": "export NODE_OPTIONS=--openssl-legacy-provider && webpack serve",
"build": "webpack --mode production"
}
...
}
On Windows:
{
...
"scripts": {
"start": "set NODE_OPTIONS=--openssl-legacy-provider && node .",
"build": "set NODE_OPTIONS=--openssl-legacy-provider && node build.js"
}
...
}
Make sure the script is cross-platform
But now the scripts aren’t cross-platform.
They’ll obviously be problematic when collaborating and team members use other operating systems. What do we do? We install the cross-env
NPM module and run the script with it.
npm i cross-env
# Yarn
yarn add cross-env
{
...
"scripts": {
"start": "cross-env NODE_OPTIONS=--openssl-legacy-provider webpack .",
"build": "cross-env NODE_OPTIONS=--openssl-legacy-provider node build.js"
},
"devDependencies": {
"cross-env": "^7.0.3"
}
...
}
Now the script runs successfully on every platform.
Fix for Vue CLI
So to fix the ERR_OSSL_EVP_UNSUPPORTED
error when using Vue with the Vue CLI, install the cross-env
module and set the --openssl-legacy-provider
option:
{
...
"scripts": {
"serve": "cross-env NODE_OPTIONS=--openssl-legacy-provider vue-cli-service serve",
...
},
"devDependencies": {
"cross-env": "^7.0.3"
...
}
...
}
Fix for Create React App
And to fix the ERR_OSSL_EVP_UNSUPPORTED
error when using React with Create React App, install the cross-env
module and set the --openssl-legacy-provider
option.
{
...
"scripts": {
"serve": "cross-env NODE_OPTIONS=--openssl-legacy-provider ",
...
},
"devDependencies": {
"cross-env": "^7.0.3"
...
}
...
}
Fix: Downgrade to Node.js v16.13.0
To fix the ERR_OSSL_EVP_UNSUPPORTED
error in Node.js, downgrade your Node.js version to 16.13.0
.
This solution is more of a hack though, as it leaves your app open to security threats.
Install from official website
Use this official link to download Node.js v16.13.0.
Install with Chocolatey
If you’re using Chocolatey, Node.js is available as the nodejs
package, meaning you can easily install it in a terminal using the following command.
# Use current LTS version
choco install nodejs --version=18.5.0
Install with nvm
If you’re using nvm
or nvm-windows
, use these commands to quickly install and switch to Node.js v16.13.0.
nvm install 16.13.0
nvm use 16.13.0
Key takeaways
- The
ERR_OSSL_EVP_UNSUPPORTED
error in Node.js occurs when a JavaScript module uses an outdated OpenSSL version that is incompatible with the current Node version. This typically happens when Node.js v17 or later versions are used without updating the modules that use previous OpenSSL versions. - To fix this error, you can:
- Downgrade to Node.js v16.13.0.
- Use the
npm audit fix --force
oryarn-audit-fix
command to upgrade your packages to versions that use the updated OpenSSL version.
- If you’re using Webpack, you can upgrade it to version v5.61.0 to fix the error. For Create React App and Vue CLI, you can upgrade them to v5.
- Another way to fix the error is to use the
--openssl-legacy-provider
option when running the script. However, this solution leaves your app open to security threats and is only available in Node version 17 or later. - Downgrading to Node.js v16.13.0 is another way to fix the error. However, this solution also leaves your app open to security threats. You can install this version from the official website, or use
Chocolatey
,nvm
, ornvm-windows
to install and switch to this version.
Every Crazy Thing JavaScript Does
A captivating guide to the subtle caveats and lesser-known parts of JavaScript.