New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error installing on FIPS compliant nodejs after pnpm 9.x upgrade #8070
Labels
Comments
These are the available FIPS compliant hashing algorithms
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Verify latest release
pnpm version
9.1.0
Which area(s) of pnpm are affected? (leave empty if unsure)
CLI
Link to the code that reproduces this issue or a replay of the bug
No response
Reproduction steps
Run
pnpm i
running on a version of nodejs with a FIPS compliant opensslDescribe the Bug
For some reason after upgrading to 9.1.0 a piece of code is being executed in the pnpm stack that creates an md5 hash using the node crypto library. For users running with FIPS compliant nodejs builds, MD5 is not an allowed hashing algorithm. FIPS allows SHA-2 or SHA-3 algorithms as they are significantly more secure than MD5. If this part of the code is simply wanting to create a hash for comparison sake, it could be done in CRC64 (faster, doesn't need openssl) or SHA-256/512 if performance is not as important.
Stack trace:
Line of code causing issue:
pnpm/packages/crypto.base32-hash/src/index.ts
Line 6 in fd6cd27
Expected Behavior
PNPM can be used on FIPS compliant nodejs/openssl builds.
Which Node.js version are you using?
21.7.3
Which operating systems have you used?
If your OS is a Linux based, which one it is? (Include the version if relevant)
custom
The text was updated successfully, but these errors were encountered: