Describe the bug
When creating a new React application using create-react-app or running an existing one on modern Node.js versions (Node.js 17+, including Node 20 LTS and Node 22 LTS), the build process and development server crash immediately. This is caused by react-scripts relying on Webpack 5 configurations that use the OpenSSL 1.1.1 MD4 algorithm, which is entirely unsupported in OpenSSL 3.0 (the default in modern Node.js runtimes).
Did you try recovering your dependencies?
Yes. I deleted node_modules, package-lock.json, and ran a fresh npm install. The issue persists because it is an incompatibility between the locked dependencies in react-scripts@5.0.1 and the current Node.js runtime environment.
Output of npm --version:
10.2.4
Which terms did you search for in User Guide?
ERR_OSSL_EVP_UNSUPPORTED, OpenSSL 3.0, Node 20, Webpack hash
Environment
Environment Info:
current version of create-react-app: 5.0.1
running from C:\Users\Admin\AppData\Local\npm-cache\_npx\...\node_modules\create-react-app
System:
OS: Windows 11 / macOS (Cross-platform issue)
CPU: (any)
Binaries:
Node: 20.11.1 - /usr/local/bin/node
Yarn: Not Found
npm: 10.2.4 - /usr/local/bin/npm
Browsers:
Chrome: 122.0.0.0
Edge: Not Found
Safari: Not Found
npmPackages:
react: ^18.2.0 => 18.2.0
react-dom: ^18.2.0 => 18.2.0
react-scripts: 5.0.1 => 5.0.1
npmGlobalPackages:
create-react-app: Not Found
Steps to reproduce
- Install Node.js v20.x or higher on your machine.
- Run the bootstrap command:
npx create-react-app my-app
- Navigate into the directory:
cd my-app
- Run the development server:
npm start (or npm run build)
Expected behavior
The development server should compile successfully and open the React application on http://localhost:3000/ without throwing any cryptographic errors.
Actual behavior
The script crashes instantly and throws the following OpenSSL error in the terminal. No browser window is opened.
Starting the development server...
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:71:19)
at Object.createHash (node:crypto:133:10)
at module.exports (...\my-app\node_modules\webpack\lib\util\createHash.js:135:53)
at NormalModule._initBuildHash (...\my-app\node_modules\webpack\lib\NormalModule.js:817:16)
at handleParseError (...\my-app\node_modules\webpack\lib\NormalModule.js:471:10)
...Reproducible demo
This issue does not require a specific repository to reproduce. It can be reproduced with a completely fresh installation of Create React App out-of-the-box on any machine running Node 20+.
Steps:
npx create-react-app demo-app && cd demo-app && npm start
Workaround: Currently, the only way to bypass this is by passing the legacy OpenSSL provider flag to Node before running the script: NODE_OPTIONS=--openssl-legacy-provider npm start.
Describe the bug
When creating a new React application using
create-react-appor running an existing one on modern Node.js versions (Node.js 17+, including Node 20 LTS and Node 22 LTS), the build process and development server crash immediately. This is caused byreact-scriptsrelying on Webpack 5 configurations that use the OpenSSL 1.1.1 MD4 algorithm, which is entirely unsupported in OpenSSL 3.0 (the default in modern Node.js runtimes).Did you try recovering your dependencies?
Yes. I deleted
node_modules,package-lock.json, and ran a freshnpm install. The issue persists because it is an incompatibility between the locked dependencies inreact-scripts@5.0.1and the current Node.js runtime environment.Output of
npm --version:10.2.4Which terms did you search for in User Guide?
ERR_OSSL_EVP_UNSUPPORTED,OpenSSL 3.0,Node 20,Webpack hashEnvironment
Steps to reproduce
npx create-react-app my-appcd my-appnpm start(ornpm run build)Expected behavior
The development server should compile successfully and open the React application on
http://localhost:3000/without throwing any cryptographic errors.Actual behavior
The script crashes instantly and throws the following OpenSSL error in the terminal. No browser window is opened.
Starting the development server... Error: error:0308010C:digital envelope routines::unsupported at new Hash (node:internal/crypto/hash:71:19) at Object.createHash (node:crypto:133:10) at module.exports (...\my-app\node_modules\webpack\lib\util\createHash.js:135:53) at NormalModule._initBuildHash (...\my-app\node_modules\webpack\lib\NormalModule.js:817:16) at handleParseError (...\my-app\node_modules\webpack\lib\NormalModule.js:471:10) ...Reproducible demo
This issue does not require a specific repository to reproduce. It can be reproduced with a completely fresh installation of Create React App out-of-the-box on any machine running Node 20+.
Steps:
npx create-react-app demo-app && cd demo-app && npm startWorkaround: Currently, the only way to bypass this is by passing the legacy OpenSSL provider flag to Node before running the script:
NODE_OPTIONS=--openssl-legacy-provider npm start.