WebStorm - 如何在 npm 包中找到问题的根源？ （节点：36378）[DEP0005] 弃用警告

Question

I started getting this error in the last 6 months, probably because of a update to node.js .

(node:36378) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.

I've pinpointed the specific package that is causing this warning: https://github.com/irhc/js-logging

It's no longer maintained so I have to dig down and find the source of this problem. However my IDE ( WebStorm ) is not showing any lines of code. I also searched the source code and couldn't find Buffer() used anywhere. How can I find the source of this problem?

Btw I'm also using fs in the same file, which actually has Buffer() inside, but commenting out the dependency and related functions didn't get rid of the warning.

Edit: Thanks to the suggestions by @ix3 I lowered the scope of the problem

• This doesn't happen while running in node server
• This doesn't happen while running mocha test from terminal https://prnt.sc/lh012c
• This does happen when running mocha tests from Webstorm : https://prnt.sc/lh01ac

So the problem is in the interaction of Webstorm + Mocha + Node + js-logging. Each of them work perfectly alone, but I get this error when they are together.

Answer 1

The fact that js-logging is no longer maintained makes it a sensible first place to look. However, if it is not calling new Buffer (and neither are any of its dependencies) then something else must be triggering that warning message. How did you "pinpoint" the problem to that package?

You might want to try running your program with a debugger (eg the one built into Chrome) attached. You can do this by following the instructions that Paul Irish explains here . Also note that Chrome 70 now offers ndb .

You can also try "grepping" your entire source tree (including node_modules ) for "new Buffer". There are multiple ways to do this, and they vary by operating system. For example, on a POSIX system like Linux you can usually do something like grep -drecurse "new Buffer" . from the root folder of your project to search for all occurrences of that string in all files within that tree.

Finally, it bears repeating that the message you listed is not an error but only a warning . Consequently, it is not causing any different behavior. In other words, fixing it will only make the message go away; it will not significantly change the behavior of your program. Of course, you should still strive to address it as the warning is telling you that in a future version of node the code you have right now will stop working.

Edit : Looking at the audio-less videos you shared, it looks like you are doing all kinds of things that your question didn't mention, eg

• You are writing in TypeScript (What happens when you use plain JavaScript?)
• You are only running the tests from within the IDE (What happens when you run them from the command line?)

It's quite possible that you are using an old version of ts-node which used the Buffer constructor until about May 2018 .

Aside: To track when dependencies change (especially dependencies of dependencies of ....) I strongly recommend using yarn or at least package-lock.json as otherwise it is completely possible that your app will build and work one day and not the next due to changes upstream.