Wappler Community

Deprecation warning - punycode module

Wappler General Bugs

guptast August 20, 2024, 9:44am 1

Hi,

One of my projects is running MSSQL as the backend. In this project, I have started getting the deprecation warning for the node module punycode, which is one of the dependencies in node module tedious.

This node project is running on AC1.

How can I replace this module with userland alternative as suggested in the warning message?

Hyperbytes August 20, 2024, 9:47am 2

I had same warning with the onsignal node sdk.

Apple August 20, 2024, 9:50am 3

Moved to bug reports, because the resolution should be done by Patrick and fixed with a Wappler update. What NodeJS version are you running and what OS?

pranay August 20, 2024, 9:51am 4

Facing the same issue

famousmag August 20, 2024, 9:59am 5

From what I read by google searching, is that punycode is deprecated in version 21...

Just forwarding my finding for having an idea....

They suggest :

don't worry about that warning for the time being (?)
reactjs - Warning "DeprecationWarning: The `punycode` module is deprecated. Please use a userland alternative instead." - Stack Overflow
downgrade to 20.5.1
mongoose - DeprecationWarning: The `punycode` module is deprecated - Stack Overflow
I don't know if that action conflicts with other assets in wappler...

Any uggestions from the team would be appriciated

guptast August 20, 2024, 10:02am 6

I'm running NodeJS v22 Alpine on MacOS.

Hyperbytes August 20, 2024, 10:10am 7

Not really relevant as the error comes from import of an external npm.

guptast February 25, 2026, 2:00am 8

Bump!

It looks like Wappler is still bundling tedious@11.0.8, which triggers this warning on newer Node versions. Newer releases of tedious have removed the deprecated import, so updating Wappler’s bundled version to the latest release should resolve it.

Could the team please look at the older packages being used in the core app and update them where possible, including moving to the latest tedious version?

Thanks!

George February 25, 2026, 1:55pm 9

We are still on older version of Tedious because the newer versions has a huge Azure dependencies downloading more than 60MB of files in node_modules and a lot of native modules that aren't needed.

I have filed an issue about this, like 5 years ago but it seems it can't be easily solved.

github.com/tediousjs/tedious

Would a PR to make azure stuff peerDependenciesMeta and maybe decrease some of the dependencies be acceptable?

opened 03:54PM - 04 Jun 21 UTC

Hi there. I was wondering if PR that would make some of the larger dependenci…es be inside peerDependenciesMeta instead of part of the dependency list would be accepted or rejected due to breaking changes? Cause right now the dependency list for tedious is really really... big and most of it comes from integration with azure services: ``` D:\NFP\temp> npm list D:\NFP\temp `-- tedious@11.0.9 +-- @azure/identity@1.3.0 | +-- @azure/core-http@1.2.5 | | +-- @azure/abort-controller@1.0.4 | | | `-- tslib@2.2.0 deduped | | +-- @azure/core-asynciterator-polyfill@1.0.0 | | +-- @azure/core-auth@1.3.0 | | | +-- @azure/abort-controller@1.0.4 deduped | | | `-- tslib@2.2.0 deduped | | +-- @azure/core-tracing@1.0.0-preview.11 deduped | | +-- @azure/logger@1.0.2 deduped | | +-- @types/node-fetch@2.5.10 | | | +-- @types/node@15.12.0 deduped | | | `-- form-data@3.0.1 deduped | | +-- @types/tunnel@0.0.1 | | | `-- @types/node@15.12.0 deduped | | +-- form-data@3.0.1 | | | +-- asynckit@0.4.0 | | | +-- combined-stream@1.0.8 | | | | `-- delayed-stream@1.0.0 | | | `-- mime-types@2.1.31 | | | `-- mime-db@1.48.0 | | +-- node-fetch@2.6.1 | | +-- process@0.11.10 | | +-- tough-cookie@4.0.0 | | | +-- psl@1.8.0 | | | +-- punycode@2.1.1 deduped | | | `-- universalify@0.1.2 | | +-- tslib@2.2.0 deduped | | +-- tunnel@0.0.6 | | +-- uuid@8.3.2 deduped | | `-- xml2js@0.4.23 | | +-- sax@1.2.4 | | `-- xmlbuilder@11.0.1 | +-- @azure/core-tracing@1.0.0-preview.11 | | +-- @opencensus/web-types@0.0.7 | | +-- @opentelemetry/api@1.0.0-rc.0 | | `-- tslib@2.2.0 deduped | +-- @azure/logger@1.0.2 | | `-- tslib@2.2.0 deduped | +-- @azure/msal-node@1.0.0-beta.6 | | +-- @azure/msal-common@4.3.0 | | | `-- debug@4.3.1 | | | `-- ms@2.1.2 deduped | | +-- axios@0.21.1 deduped | | +-- jsonwebtoken@8.5.1 | | | +-- jws@3.2.2 extraneous | | | +-- lodash.includes@4.3.0 | | | +-- lodash.isboolean@3.0.3 | | | +-- lodash.isinteger@4.0.4 | | | +-- lodash.isnumber@3.0.3 | | | +-- lodash.isplainobject@4.0.6 | | | +-- lodash.isstring@4.0.1 | | | +-- lodash.once@4.1.1 | | | +-- ms@2.1.2 | | | `-- semver@5.7.1 | | `-- uuid@8.3.2 deduped | +-- @types/stoppable@1.1.1 | | `-- @types/node@15.12.0 | +-- axios@0.21.1 | | `-- follow-redirects@1.14.1 | +-- events@3.3.0 | +-- jws@4.0.0 | | +-- jwa@2.0.0 extraneous | | `-- safe-buffer@5.2.1 | +-- keytar@7.7.0 | | +-- node-addon-api@3.2.1 | | `-- prebuild-install@6.1.3 | | +-- detect-libc@1.0.3 | | +-- expand-template@2.0.3 | | +-- github-from-package@0.0.0 | | +-- minimist@1.2.5 | | +-- mkdirp-classic@0.5.3 | | +-- napi-build-utils@1.0.2 | | +-- node-abi@2.30.0 | | | `-- semver@5.7.1 deduped | | +-- npmlog@4.1.2 | | | +-- are-we-there-yet@1.1.5 | | | | +-- delegates@1.0.0 | | | | `-- readable-stream@2.3.7 extraneous | | | +-- console-control-strings@1.1.0 | | | +-- gauge@2.7.4 | | | | +-- aproba@1.2.0 | | | | +-- console-control-strings@1.1.0 deduped | | | | +-- has-unicode@2.0.1 | | | | +-- object-assign@4.1.1 | | | | +-- signal-exit@3.0.3 | | | | +-- string-width@1.0.2 | | | | | +-- code-point-at@1.1.0 | | | | | +-- is-fullwidth-code-point@1.0.0 | | | | | | `-- number-is-nan@1.0.1 | | | | | `-- strip-ansi@3.0.1 deduped | | | | +-- strip-ansi@3.0.1 | | | | | `-- ansi-regex@2.1.1 | | | | `-- wide-align@1.1.3 | | | | `-- string-width@1.0.2 deduped | | | `-- set-blocking@2.0.0 | | +-- pump@3.0.0 | | | +-- end-of-stream@1.4.4 | | | | `-- once@1.4.0 deduped | | | `-- once@1.4.0 | | | `-- wrappy@1.0.2 | | +-- rc@1.2.8 | | | +-- deep-extend@0.6.0 | | | +-- ini@1.3.8 | | | +-- minimist@1.2.5 deduped | | | `-- strip-json-comments@2.0.1 | | +-- simple-get@3.1.0 | | | +-- decompress-response@4.2.1 | | | | `-- mimic-response@2.1.0 | | | +-- once@1.4.0 deduped | | | `-- simple-concat@1.0.1 | | +-- tar-fs@2.1.1 | | | +-- chownr@1.1.4 | | | +-- mkdirp-classic@0.5.3 deduped | | | +-- pump@3.0.0 deduped | | | `-- tar-stream@2.2.0 | | | +-- bl@4.1.0 deduped | | | +-- end-of-stream@1.4.4 deduped | | | +-- fs-constants@1.0.0 | | | +-- inherits@2.0.4 deduped | | | `-- readable-stream@3.6.0 deduped | | `-- tunnel-agent@0.6.0 | | `-- safe-buffer@5.2.1 deduped | +-- msal@1.4.11 | | `-- tslib@1.14.1 extraneous | +-- open@7.4.2 | | +-- is-docker@2.2.1 | | `-- is-wsl@2.2.0 | | `-- is-docker@2.2.1 deduped | +-- qs@6.10.1 | | `-- side-channel@1.0.4 | | +-- call-bind@1.0.2 | | | +-- function-bind@1.1.1 | | | `-- get-intrinsic@1.1.1 deduped | | +-- get-intrinsic@1.1.1 | | | +-- function-bind@1.1.1 deduped | | | +-- has@1.0.3 | | | | `-- function-bind@1.1.1 deduped | | | `-- has-symbols@1.0.2 | | `-- object-inspect@1.10.3 | +-- stoppable@1.1.0 | +-- tslib@2.2.0 | `-- uuid@8.3.2 +-- @azure/keyvault-keys@4.1.0 | +-- @azure/core-http@1.2.5 deduped | +-- @azure/core-lro@1.0.5 | | +-- @azure/abort-controller@1.0.4 deduped | | +-- @azure/core-http@1.2.5 deduped | | +-- @azure/core-tracing@1.0.0-preview.11 deduped | | +-- events@3.3.0 deduped | | `-- tslib@2.2.0 deduped | +-- @azure/core-paging@1.1.3 | | `-- @azure/core-asynciterator-polyfill@1.0.0 deduped | +-- @azure/core-tracing@1.0.0-preview.9 extraneous | +-- @azure/logger@1.0.2 deduped | +-- @opentelemetry/api@0.10.2 extraneous | `-- tslib@2.2.0 deduped +-- @azure/ms-rest-nodeauth@3.0.10 | +-- @azure/ms-rest-azure-env@2.0.0 | +-- @azure/ms-rest-js@2.5.0 | | +-- @azure/core-auth@1.3.0 deduped | | +-- abort-controller@3.0.0 | | | `-- event-target-shim@5.0.1 | | +-- form-data@2.5.1 extraneous | | +-- node-fetch@2.6.1 deduped | | +-- tough-cookie@3.0.1 extraneous | | +-- tslib@1.14.1 extraneous | | +-- tunnel@0.0.6 deduped | | +-- uuid@3.4.0 extraneous | | `-- xml2js@0.4.23 deduped | `-- adal-node@0.2.2 deduped +-- adal-node@0.2.2 | +-- @types/node@8.10.66 extraneous | +-- async@2.6.3 | | `-- lodash@4.17.21 | +-- axios@0.21.1 deduped | +-- date-utils@1.2.21 | +-- jws@3.2.2 extraneous | +-- underscore@1.13.1 | +-- uuid@3.4.0 extraneous | +-- xmldom@0.6.0 | `-- xpath.js@1.1.0 ``` I was wondering if a PR that refactored some of the internal mechanics made those peerDependenciesMeta optional like knex does with its drivers would be acceptable to this community? Cause not everyone is gonna be using azure and right now: ![Image showing 5.491 Files files installed only because of tedious](https://i.imgur.com/lbxvkbY.png) That's over five thousand files of code installed and 32MB just to talk with a database. And personally I find that a tad bit too much for a single dependency in production environment. If such a thing is acceptable, I would get started on making that PR to... reduce the size and increase the nimbleness of tedious if that's okay. If not then feel free to close this issue :)

There seem to be some hacks to try, like:

github.com/tediousjs/tedious

Would a PR to make azure stuff peerDependenciesMeta and maybe decrease some of the dependencies be acceptable?

opened 03:54PM - 04 Jun 21 UTC

Hi there. I was wondering if PR that would make some of the larger dependenci…es be inside peerDependenciesMeta instead of part of the dependency list would be accepted or rejected due to breaking changes? Cause right now the dependency list for tedious is really really... big and most of it comes from integration with azure services: ``` D:\NFP\temp> npm list D:\NFP\temp `-- tedious@11.0.9 +-- @azure/identity@1.3.0 | +-- @azure/core-http@1.2.5 | | +-- @azure/abort-controller@1.0.4 | | | `-- tslib@2.2.0 deduped | | +-- @azure/core-asynciterator-polyfill@1.0.0 | | +-- @azure/core-auth@1.3.0 | | | +-- @azure/abort-controller@1.0.4 deduped | | | `-- tslib@2.2.0 deduped | | +-- @azure/core-tracing@1.0.0-preview.11 deduped | | +-- @azure/logger@1.0.2 deduped | | +-- @types/node-fetch@2.5.10 | | | +-- @types/node@15.12.0 deduped | | | `-- form-data@3.0.1 deduped | | +-- @types/tunnel@0.0.1 | | | `-- @types/node@15.12.0 deduped | | +-- form-data@3.0.1 | | | +-- asynckit@0.4.0 | | | +-- combined-stream@1.0.8 | | | | `-- delayed-stream@1.0.0 | | | `-- mime-types@2.1.31 | | | `-- mime-db@1.48.0 | | +-- node-fetch@2.6.1 | | +-- process@0.11.10 | | +-- tough-cookie@4.0.0 | | | +-- psl@1.8.0 | | | +-- punycode@2.1.1 deduped | | | `-- universalify@0.1.2 | | +-- tslib@2.2.0 deduped | | +-- tunnel@0.0.6 | | +-- uuid@8.3.2 deduped | | `-- xml2js@0.4.23 | | +-- sax@1.2.4 | | `-- xmlbuilder@11.0.1 | +-- @azure/core-tracing@1.0.0-preview.11 | | +-- @opencensus/web-types@0.0.7 | | +-- @opentelemetry/api@1.0.0-rc.0 | | `-- tslib@2.2.0 deduped | +-- @azure/logger@1.0.2 | | `-- tslib@2.2.0 deduped | +-- @azure/msal-node@1.0.0-beta.6 | | +-- @azure/msal-common@4.3.0 | | | `-- debug@4.3.1 | | | `-- ms@2.1.2 deduped | | +-- axios@0.21.1 deduped | | +-- jsonwebtoken@8.5.1 | | | +-- jws@3.2.2 extraneous | | | +-- lodash.includes@4.3.0 | | | +-- lodash.isboolean@3.0.3 | | | +-- lodash.isinteger@4.0.4 | | | +-- lodash.isnumber@3.0.3 | | | +-- lodash.isplainobject@4.0.6 | | | +-- lodash.isstring@4.0.1 | | | +-- lodash.once@4.1.1 | | | +-- ms@2.1.2 | | | `-- semver@5.7.1 | | `-- uuid@8.3.2 deduped | +-- @types/stoppable@1.1.1 | | `-- @types/node@15.12.0 | +-- axios@0.21.1 | | `-- follow-redirects@1.14.1 | +-- events@3.3.0 | +-- jws@4.0.0 | | +-- jwa@2.0.0 extraneous | | `-- safe-buffer@5.2.1 | +-- keytar@7.7.0 | | +-- node-addon-api@3.2.1 | | `-- prebuild-install@6.1.3 | | +-- detect-libc@1.0.3 | | +-- expand-template@2.0.3 | | +-- github-from-package@0.0.0 | | +-- minimist@1.2.5 | | +-- mkdirp-classic@0.5.3 | | +-- napi-build-utils@1.0.2 | | +-- node-abi@2.30.0 | | | `-- semver@5.7.1 deduped | | +-- npmlog@4.1.2 | | | +-- are-we-there-yet@1.1.5 | | | | +-- delegates@1.0.0 | | | | `-- readable-stream@2.3.7 extraneous | | | +-- console-control-strings@1.1.0 | | | +-- gauge@2.7.4 | | | | +-- aproba@1.2.0 | | | | +-- console-control-strings@1.1.0 deduped | | | | +-- has-unicode@2.0.1 | | | | +-- object-assign@4.1.1 | | | | +-- signal-exit@3.0.3 | | | | +-- string-width@1.0.2 | | | | | +-- code-point-at@1.1.0 | | | | | +-- is-fullwidth-code-point@1.0.0 | | | | | | `-- number-is-nan@1.0.1 | | | | | `-- strip-ansi@3.0.1 deduped | | | | +-- strip-ansi@3.0.1 | | | | | `-- ansi-regex@2.1.1 | | | | `-- wide-align@1.1.3 | | | | `-- string-width@1.0.2 deduped | | | `-- set-blocking@2.0.0 | | +-- pump@3.0.0 | | | +-- end-of-stream@1.4.4 | | | | `-- once@1.4.0 deduped | | | `-- once@1.4.0 | | | `-- wrappy@1.0.2 | | +-- rc@1.2.8 | | | +-- deep-extend@0.6.0 | | | +-- ini@1.3.8 | | | +-- minimist@1.2.5 deduped | | | `-- strip-json-comments@2.0.1 | | +-- simple-get@3.1.0 | | | +-- decompress-response@4.2.1 | | | | `-- mimic-response@2.1.0 | | | +-- once@1.4.0 deduped | | | `-- simple-concat@1.0.1 | | +-- tar-fs@2.1.1 | | | +-- chownr@1.1.4 | | | +-- mkdirp-classic@0.5.3 deduped | | | +-- pump@3.0.0 deduped | | | `-- tar-stream@2.2.0 | | | +-- bl@4.1.0 deduped | | | +-- end-of-stream@1.4.4 deduped | | | +-- fs-constants@1.0.0 | | | +-- inherits@2.0.4 deduped | | | `-- readable-stream@3.6.0 deduped | | `-- tunnel-agent@0.6.0 | | `-- safe-buffer@5.2.1 deduped | +-- msal@1.4.11 | | `-- tslib@1.14.1 extraneous | +-- open@7.4.2 | | +-- is-docker@2.2.1 | | `-- is-wsl@2.2.0 | | `-- is-docker@2.2.1 deduped | +-- qs@6.10.1 | | `-- side-channel@1.0.4 | | +-- call-bind@1.0.2 | | | +-- function-bind@1.1.1 | | | `-- get-intrinsic@1.1.1 deduped | | +-- get-intrinsic@1.1.1 | | | +-- function-bind@1.1.1 deduped | | | +-- has@1.0.3 | | | | `-- function-bind@1.1.1 deduped | | | `-- has-symbols@1.0.2 | | `-- object-inspect@1.10.3 | +-- stoppable@1.1.0 | +-- tslib@2.2.0 | `-- uuid@8.3.2 +-- @azure/keyvault-keys@4.1.0 | +-- @azure/core-http@1.2.5 deduped | +-- @azure/core-lro@1.0.5 | | +-- @azure/abort-controller@1.0.4 deduped | | +-- @azure/core-http@1.2.5 deduped | | +-- @azure/core-tracing@1.0.0-preview.11 deduped | | +-- events@3.3.0 deduped | | `-- tslib@2.2.0 deduped | +-- @azure/core-paging@1.1.3 | | `-- @azure/core-asynciterator-polyfill@1.0.0 deduped | +-- @azure/core-tracing@1.0.0-preview.9 extraneous | +-- @azure/logger@1.0.2 deduped | +-- @opentelemetry/api@0.10.2 extraneous | `-- tslib@2.2.0 deduped +-- @azure/ms-rest-nodeauth@3.0.10 | +-- @azure/ms-rest-azure-env@2.0.0 | +-- @azure/ms-rest-js@2.5.0 | | +-- @azure/core-auth@1.3.0 deduped | | +-- abort-controller@3.0.0 | | | `-- event-target-shim@5.0.1 | | +-- form-data@2.5.1 extraneous | | +-- node-fetch@2.6.1 deduped | | +-- tough-cookie@3.0.1 extraneous | | +-- tslib@1.14.1 extraneous | | +-- tunnel@0.0.6 deduped | | +-- uuid@3.4.0 extraneous | | `-- xml2js@0.4.23 deduped | `-- adal-node@0.2.2 deduped +-- adal-node@0.2.2 | +-- @types/node@8.10.66 extraneous | +-- async@2.6.3 | | `-- lodash@4.17.21 | +-- axios@0.21.1 deduped | +-- date-utils@1.2.21 | +-- jws@3.2.2 extraneous | +-- underscore@1.13.1 | +-- uuid@3.4.0 extraneous | +-- xmldom@0.6.0 | `-- xpath.js@1.1.0 ``` I was wondering if a PR that refactored some of the internal mechanics made those peerDependenciesMeta optional like knex does with its drivers would be acceptable to this community? Cause not everyone is gonna be using azure and right now: ![Image showing 5.491 Files files installed only because of tedious](https://i.imgur.com/lbxvkbY.png) That's over five thousand files of code installed and 32MB just to talk with a database. And personally I find that a tad bit too much for a single dependency in production environment. If such a thing is acceptable, I would get started on making that PR to... reduce the size and increase the nimbleness of tedious if that's okay. If not then feel free to close this issue :)

but in the same way you can also overide just the punicode