252

Getting error when script move to other server.

(node:15707) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

Current Versions: 

Ubuntu 16.04.4 LTS  
Node - v10.9.0  
NPM - 6.2.0

Previous Version:

Ubuntu 14.04.3 LTS
NPM - 3.10.10
Node - v6.10.3



exports.basicAuthentication = function (req, res, next) {
    console.log("basicAuthentication");
    if (!req.headers.authorization) {
        return res.status(401).send({
            message: "Unauthorised access"
        });
    }
    var auth = req.headers.authorization;
    var baseAuth = auth.replace("Basic", "");
    baseAuth = baseAuth.trim();
    var userPasswordString = new Buffer(baseAuth, 'base64').toString('ascii');
    var credentials = userPasswordString.split(':');

    var username = credentials[0] !== undefined ? credentials[0] : '';
    var password = credentials[1] !== undefined ? credentials[1] : '';
    var userQuery = {mobilenumber: username, otp: password};
    console.log(userQuery);
    User.findOne(userQuery).exec(function (err, userinfo) {
        if (err || !userinfo) {
             return res.status(401).send({
                message: "Unauthorised access"
             });
        } else {
            req.user = userinfo;
            next();
        }
    });

 }
peterh
  • 11,875
  • 18
  • 85
  • 108
Devendra Chauhan
  • 2,567
  • 2
  • 10
  • 12
  • 1
    Did you check this thread? https://github.com/yarnpkg/yarn/issues/5770 – Hemadri Dasari Sep 04 '18 at 11:40
  • 4
    This is not an error, it is a warning that this method of creating a buffer is deprecated: https://nodejs.org/api/buffer.html#buffer_new_buffer_string_encoding – stdob-- Sep 04 '18 at 11:45
  • dude never said he used yarn, he is using npm. I have this right now and it just started and I am also not using yarn or a buffer – AlThePal78 Oct 22 '21 at 00:12

4 Answers4

617
new Buffer(number)            // Old
Buffer.alloc(number)          // New

new Buffer(string)            // Old
Buffer.from(string)           // New

new Buffer(string, encoding)  // Old
Buffer.from(string, encoding) // New

new Buffer(...arguments)      // Old
Buffer.from(...arguments)     // New

Note that Buffer.alloc() is also faster on the current Node.js versions than new Buffer(size).fill(0), which is what you would otherwise need to ensure zero-filling.

Nebojsa Sapic
  • 9,285
  • 1
  • 22
  • 23
  • 16
    what if I don't have any new Buffer() in my code? I just have it in package-lock.json? – Khaled Jamal Jul 17 '19 at 16:37
  • @KhaledJamal what exactly you have in package-lock.json? – Nebojsa Sapic Jul 18 '19 at 13:33
  • 4
    @NebojsaSapic after tracing the issue I figured out that server.js was using it after I added angular universal to my project, I believe its because im not using the latest version of It. – Khaled Jamal Jul 20 '19 at 09:54
  • @KhaledJamal thanks for raising your issue and have it archived for the post if someone share same problem – Nebojsa Sapic Jul 20 '19 at 18:15
  • I am also seeing same issue as @KhaledJamal when I converted my angular project into server side rendering by adding angular universal. – user2869612 Oct 24 '19 at 02:34
  • @user286912 I remember that was solved when I have updated the version, check out the following thread: https://stackoverflow.com/questions/57063659/deprecationwarning-buffer-is-deprecated-due-to-security-and-usability-issues?noredirect=1#comment100706031_57063659 – Khaled Jamal Oct 24 '19 at 08:53
26

The use of the deprecated new Buffer() constructor (i.E. as used by Yarn) can cause deprecation warnings. Therefore one should NOT use the deprecated/unsafe Buffer constructor.

According to the deprecation warning new Buffer() should be replaced with one of:

  • Buffer.alloc()
  • Buffer.allocUnsafe() or
  • Buffer.from()

Another option in order to avoid this issue would be using the safe-buffer package instead.

You can also try (when using yarn..):

yarn global add yarn

as mentioned here: Link

Another suggestion from the comments (thx to gkiely): self-update

Note: self-update is not available. See policies for enforcing versions within a project

In order to update your version of Yarn, run 

curl --compressed -o- -L https://yarnpkg.com/install.sh | bash
iLuvLogix
  • 5,920
  • 3
  • 26
  • 43
16
var userPasswordString = new Buffer(baseAuth, 'base64').toString('ascii');

Change this line from your code to this -

var userPasswordString = Buffer.from(baseAuth, 'base64').toString('ascii');

or in my case, I gave the encoding in reverse order

var userPasswordString = Buffer.from(baseAuth, 'utf-8').toString('base64');
Vibhor Dube
  • 4,173
  • 1
  • 22
  • 32
0

Then let's give a small example for those who get errors.

Buffer.from(string) can also be used instead of Buffer.alloc(size) as needed

Using Buffer.alloc(size)

buf = Buffer.alloc(26); 
for (var i = 0; i < 26; i++) {
buf[i] = i + 97;}

console.log(buf.toString('ascii'));
console.log(buf.toString('ascii'));
console.log(buf.toString('utf8'));
console.log(buf.toString(undefined));

Using Buffer.from(string)

var buffer1 = Buffer.from('Hello Word!!!!');
var buffer2 = Buffer.from('Hello nldflsd343');

The rest of the code doesn't matter, but it does show a few Buffer usages.

var buffer3 = Buffer.concat([buffer1, buffer2]);
console.log("buffer3 content: " + buffer3.toString());

var result = buffer1.compare(buffer2);

if (result < 0) {
    console.log(buffer1 + "comes before " + buffer2);
} else if (result == 0) {
    console.log(buffer1 + "is same as " + buffer2);
} else if (result > 0) {
    console.log(buffer1 + "comes before " + buffer2);
}

Hopefully it benefits your business

Hakan Bayazıt
  • 89
  • 8