_global.util.crypto.lib.randomBytes is not a function error

[dbroadhurst]

After upgrading to 1.29.0 I'm getting the following error when calling most functions

_global.util.crypto.lib.randomBytes is not a function

Rolling back to 1.19.0 fixes the issue

I suspect it's an aws-sdk issue but wondering if anyone else is seeing this issue and has a fix

[pizzarob]

Also seeing this issue, but am using 1.15.0. Upgrading to 1.19.0 does not fix it for me. I think you are right and its an issue with the aws-sdk dependency

[ghost]

Just got the same issue, seems that the problem comes from the latest version of the depency aws-sdk (2.178.0). Installing [email protected] solved the problem for me.

[dbroadhurst]

I had to delete package-lock.json and change my package.json to (removed ^)

    "amazon-cognito-identity-js": "1.19.0",
    "aws-sdk": "2.177.0",

[brosander]

Following package.json worked for me:

    "amazon-cognito-identity-js": "1.28.0",
    "aws-sdk": "2.177.0",

Stack trace without a hard dependency on aws-sdk 2.177.0 and cognito 1.28.0:

Uncaught TypeError: __WEBPACK_IMPORTED_MODULE_0_aws_sdk_global__.util.crypto.lib.randomBytes is not a function
    at AuthenticationHelper.generateRandomSmallA (AuthenticationHelper.js:90)
    at new AuthenticationHelper (AuthenticationHelper.js:42)
    at CognitoUser.authenticateUser (CognitoUser.js:216)

[diegolacarta]

I'm using:

    "amazon-cognito-identity-js": "1.19.0",
    "aws-sdk": "2.177.0",

with yarn and typescript with ts-loader and still the same error:

AuthenticationHelper.js:90 Uncaught TypeError: __WEBPACK_IMPORTED_MODULE_0_aws_sdk_global__.util.crypto.lib.randomBytes is not a function

[xibre]

I suspect this is due to aws/aws-sdk-js@0638060 that was first introduced in aws-sdk v2.178.0.

[aloukissas]

Totally broken. Rolling back doesn't solve the issue for me, either. Does anyone have a workaround?

[diegolacarta]

@aloukissas In case you are interested, this is what I've done:

// aws-sdk-global-hack.ts
import * as aws from 'aws-sdk/global'
export * from 'aws-sdk/global'

export const util = aws['util']

// webpack.config.js
    new webpack.NormalModuleReplacementPlugin(/^aws-sdk\/global$/, resource => {
      if (resource.context.startsWith(path.join(__dirname, './node_modules/amazon-cognito-identity-js/'))) {
        resource.request = path.join(__dirname, './scripts/aws-sdk-global-hack.ts')
      }
    })

[aloukissas]

Thanks @diegolacarta - I'm in a non-ejected CRA environment, so maybe this may not work for this case. I've manually pulled in the non-broken version of the aws-sdk within cognito, which fixes the issue.

[jogold]

Adding aws-sdk in your package.json dependencies and fixing the version to 2.177.0 solves the issue: "aws-sdk": "2.177.0". Yet, it is not ideal.

[pizzarob]

@jogold doesn't work when using yarn. This is a showstopper. Can you please update the aws-sdk dep to a version that works with amazon-cognito-identity-js

[jkettmann]

@realseanp As a workaround you can edit the dependencies in your yarn.lock file. Worked for me

[pizzarob]

@jkettmann I also edited the yarn.lock file directly even though at the top of the file it says THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY.. I think cognito team should fix this issue instead of us having to do hack work arounds. All it would take is updating the dependency of aws-sdk to 2.177.0 in package.json. If this continues to be an issue I am going to fork cognito and add that to the package file.

[itrestian]

The main AWS Javascript SDK removed the dependency on crypto-browserify due to a reported vulnerability around the randomBytes method it implements:

aws/aws-sdk-js#1856
aws/aws-sdk-js#1853

We are aware of the issue at this point and are actively working on fixing it. As other developers mentioned, aws-sdk 2.177.0 works.

[ntocampos]

If anyone is still having problems with the mentioned workarounds, I've created a fork of this library to use in a project that I'm working. This fork has the aws-sdk dependency version locked onto v2.177.0. The fix is under the v1.29.2 tag.

Just add
"amazon-cognito-identity-js": "ntocampos/amazon-cognito-identity-js#v1.29.2"
to your package.json dependencies.

Fork repo: https://github.com/ntocampos/amazon-cognito-identity-js

[aloukissas]

@itrestian hopefully you'll be adding regression tests against aws-sdk (and hopefully for other deps, too) to prevent such show-stoppers in the future.

[itrestian]

As a temporary fix, we have locked down the AWS SDK version number to v2.177.0. Pulling in the latest version of this package should work.

[pizzarob]

🚨 @itrestian installed 1.3.0 getting `Module not found: Error: Can't resolve 'amazon-cognito-identity-js'. Looks like the lib folder is missing from the package.

[itrestian]

I added the missing lib folder to the newest release.

[hideokamoto]

I saw same error.
But when updated to 1.31.0, it seems to be fixed.

[alukach]

My story:

Wasn't working, tried to change to many of the above mentioned versions, nothing seemed to work. Finally settled on the following:

"amazon-cognito-identity-js": "^1.28.0",
"aws-sdk": "^2.177.0",

And ran rm -rf node_modules && yarn && yarn upgrade and it worked. I'm sure there's something unnecessary in that command (I'm not super familiar with Node.js or Yarn), however this did the trick for me.

[rianwouters]

See #672 for a correct description and analysis.

[anbublacky]

It worked for me by removing aws-sdk folder from node_modules.
Then installed aws-sdk version 2.177.0 (npm install [email protected])

[itrestian]

This has been solved in the new version 2.0.0 located on NPM and we will continue development of this library as part of AWS Amplfiy https://github.com/aws/aws-amplify/tree/master/packages/amazon-cognito-identity-js