“npm run” fails with ERR_OSSL_EVP_UNSUPPORTED

Node.js version 17 has switched to using OpenSSL 3.0. They advise:

While OpenSSL 3.0 APIs should be mostly compatible with those provided by OpenSSL 1.1.1, we do anticipate some ecosystem impact due to tightened restrictions on the allowed algorithms and key sizes.

If you hit an ERR_OSSL_EVP_UNSUPPORTED error in your application with Node.js 17, it’s likely that your application or a module you’re using is attempting to use an algorithm or key size which is no longer allowed by default with OpenSSL 3.0. A command-line option, --openssl-legacy-provider, has been added to revert to the legacy provider as a temporary workaround for these tightened restrictions.

This has been resolved in Webpack versions 5 and 6, but there are no plans to backport this fix to version 4.

To pass the --openssl-legacy-provider flag to Node, you can prefix your command with the environment variable assignment:

NODE_OPTIONS=--openssl-legacy-provider npm run watch

Leave a Comment