If you're using Node.js, you might run into a warning like this:
DeprecationWarning: Using Buffer without `new` will soon stop working.
The reason for this warning is that the Buffer creation API was changed to require the use of
new. However, contrary to what the warning says, you should not use
new Buffer either, for security reasons. Any usage of it must be converted as soon as possible to
Buffer.allocUnsafe, depending on what it's being used for. Not changing it could mean a security vulnerability in your code.
Where is it coming from?
Unfortunately, the warning doesn't indicate where the issue comes from. If you've verified that your own code doesn't use
new anymore, but you're still getting the warning, then you are probably using an (outdated) dependency that still uses the old API.
The following command (for Linux and Cygwin) will list all the affected modules:
grep -rP '(?<!new |[a-zA-Z])Buffer\(' node_modules | grep "\.js" | grep -Eo '^(node_modules/[^/:]+/)*' | sort | uniq -c | sort -h
If you're on OS X, your
sort tool will not have the
-h flag. Therefore, you'll want to run this instead (but the result won't be sorted by frequency):
grep -rP '(?<!new |[a-zA-Z])Buffer\(' node_modules | grep "\.js" | grep -Eo '^(node_modules/[^/:]+/)*' | sort | uniq -c | sort
How do I fix it?
If the issue is in a third-party library:
npm ls <package name here>to determine where in your dependency tree it is installed, and look at the top-most dependency (that isn't your project itself) that it originates from.
- If that top-most dependency is out of date, try updating the dependency first, to see if the warning goes away.
- If the dependency is up-to-date, that means it's an unfixed issue in the dependency. You should create an issue ticket (or, even better, a pull request) on the dependency's repository, asking for it to be fixed.