Deepmerge is not a function

[pacey]

Version: 2.9.1
Node version: 6.10
Environment: AWS Lambda

I'm having trouble with a transitive dependency that this project is using called deepmerge, via rest-facade. At runtime I get an error deepmerge is not a function.

[luisrudge]

does it work in your machine (not in lambda)?

[pacey]

It's hard to run locally, but using a tool called sam local it spins up a docker container with a similar execution environment to that of Lambda.

Sam local output:

2018/02/01 14:19:41 Successfully parsed cfn.yaml
2018/02/01 14:19:41 Connected to Docker 1.35
2018/02/01 14:19:41 Fetching lambci/lambda:nodejs6.10 image for nodejs6.10 runtime...
nodejs6.10: Pulling from lambci/lambda
Digest: sha256:b72789e8a544e658a76d71a0abbb2fa8b4122cc882bcd27097037bd28f657c9b
Status: Image is up to date for lambci/lambda:nodejs6.10
2018/02/01 14:19:42 Invoking  (nodejs6.10)
2018/02/01 14:19:42 Decompressing /Users/jamespace/Development/notification-service/dist/orderCreated/orderCreated.zip
2018/02/01 14:19:42 Mounting /private/var/folders/90/hw3fsjqj13v6b8kghq_q6xyh0000gn/T/aws-sam-local-1517494782706213000 as /var/task:ro inside runtime container
START RequestId: 0325e4c4-b25e-1b92-5aff-6382504037c8 Version: $LATEST
2018-02-01T14:19:42.714Z	0325e4c4-b25e-1b92-5aff-6382504037c8	{}
2018-02-01T14:19:42.716Z	0325e4c4-b25e-1b92-5aff-6382504037c8	{"errorMessage":"deepmerge is not a function","errorType":"TypeError","stackTrace":["new Client (/var/task/index.js:83164:18)","new OAuthAuthenticator (/var/task/index.js:116108:16)","new AuthenticationClient (/var/task/index.js:44973:16)","new ManagementTokenProvider (/var/task/index.js:116004:31)","new ManagementClient (/var/task/index.js:63767:26)","/var/task/index.js:63619:12","process._tickDomainCallback (internal/process/next_tick.js:135:7)"]}
END RequestId: 0325e4c4-b25e-1b92-5aff-6382504037c8
REPORT RequestId: 0325e4c4-b25e-1b92-5aff-6382504037c8	Duration: 997.09 ms	Billed Duration: 1000 ms	Memory Size: 128 MB	Max Memory Used: 130 MB

AWS Lambda output:

Function Logs:
START RequestId: 40820935-074d-11e8-a139-6bc76e506aec Version: $LATEST
2018-02-01T12:41:41.113Z	40820935-074d-11e8-a139-6bc76e506aec	{}
2018-02-01T12:41:41.113Z	40820935-074d-11e8-a139-6bc76e506aec	{"errorMessage":"deepmerge is not a function","errorType":"TypeError","stackTrace":["new Client (/var/task/index.js:83164:18)","new OAuthAuthenticator (/var/task/index.js:116108:16)","new AuthenticationClient (/var/task/index.js:44973:16)","new ManagementTokenProvider (/var/task/index.js:116004:31)","new ManagementClient (/var/task/index.js:63767:26)","/var/task/index.js:63619:12","process._tickDomainCallback (internal/process/next_tick.js:135:7)"]}
END RequestId: 40820935-074d-11e8-a139-6bc76e506aec
REPORT RequestId: 40820935-074d-11e8-a139-6bc76e506aec	Duration: 12.60 ms	Billed Duration: 100 ms 	Memory Size: 512 MB	Max Memory Used: 131 MB	

The call that triggers this error is constructing a new instance of the ManagementClient:

new auth0.ManagementClient({
    domain: "xxxxx",
    clientId: "xxxxx",
    clientSecret: "xxxxx",
    scope: "read:user"
})

[pacey]

I think I am falling foul of this issue - webpack/webpack#5756 which is probably just a bug with the deepmerge package 👎

[TehShrike]

It is not a bug in deepmerge. See TehShrike/deepmerge#92 (comment) + TehShrike/deepmerge#87 (comment)

[luisrudge]

Do you have a stack trace? We don't use deepmerge directly, so it's probably a dependency

[pacey]

The stack trace references my webpack bundled code so it's not massively helpful, but it does have the class names in so I'll add it below. The library is coming in from the dependency on rest-facade. Here is the stack trace anyways:

Response:
{
  "errorMessage": "deepmerge is not a function",
  "errorType": "TypeError",
  "stackTrace": [
    "new Client (/var/task/index.js:83164:18)",
    "new OAuthAuthenticator (/var/task/index.js:116108:16)",
    "new AuthenticationClient (/var/task/index.js:44973:16)",
    "new ManagementTokenProvider (/var/task/index.js:116004:31)",
    "new ManagementClient (/var/task/index.js:63767:26)",
    "/var/task/index.js:63619:12",
    "process._tickDomainCallback (internal/process/next_tick.js:135:7)"
  ]
}

[luisrudge]

https://github.com/ngonzalvez/rest-facade/blob/82b14e0ed0d9227f192471bf59c987ef16fa10e4/src/Client.js#L4

This looks like a pretty standard require to me, but maybe the rest-facade owner has more info about it. I'll close it since it's not related with this project.

[pacey]

Maybe, but the end result is that I can't use this library in my application. Which is shame as we are currently storing all our user data in Auth0.

[luisrudge]

You absolutely can use it. The SDK itself works as expected. What you're having is an environment issue, not an SDK issue.

[luisrudge]

Unfortunately, I don't know enough about aws lambda to help you fix this issue :(

[pacey]

Lambda aside, I think building the webpack bundle is where it's tripping up. It's a very basic webpack build that creates a bundle targeting commonjs2. I've tried various ways of requiring the library e.g. import { ManagementClient } from "auth0", const ManagementClient = require("auth0").ManagementClient; but nothing seems to work.

[shankie-codes]

I'd just like to add my support to Pacey. I'm having the same issue, but on a normal Node 7 environment –– and I'm not using rest-facade.

My stack trace looks like this:

TypeError: deepmerge is not a function
    at new Client (/usr/src/app/dist/server.bundle.js:625608:18)
    at new ClientsManager (/usr/src/app/dist/server.bundle.js:645120:19)
    at new ManagementClient (/usr/src/app/dist/server.bundle.js:612845:18)
    at /usr/src/app/dist/server.bundle.js:612653:24
    at Generator.next (<anonymous>)
    at step (/usr/src/app/dist/server.bundle.js:612632:191)
    at /usr/src/app/dist/server.bundle.js:612632:437
    at /usr/src/app/dist/server.bundle.js:612632:99
    at tokenManager.getToken.then (/usr/src/app/dist/server.bundle.js:612663:19)
    at process._tickDomainCallback (internal/process/next_tick.js:135:7)

Is it possible that both node-auth0 and another dependency are somehow importing packages in ways that conflict?

[luisrudge]

as with any npm package, everything is possible 😝 can you reproduce with only node-auth0? Or this only happens in your app, which you have some other dependencies?

[TehShrike]

Apparently most of the people reporting issues in TehShrike/deepmerge#87 were using TypeScript - is that the case with you folks?

[shankie-codes]

My app has loads of dependencies @luisrudge ! 😁 . Producing a minimal test case is going to be tricky here – but suffice to say that it only happens when I call methods of node-auth0. Very confusing.

@TehShrike I'm not using TypeScript. But I am using babel transformed ES6 code.

[TehShrike]

Like I asked in that issue over on deepmerge, if anyone is able to put together a minimal reproduction repo with Webpack, we can take it to the Webpack devs for them to work on.

I don't use Webpack and am not motivated to learn, so I'm not going to be the one putting it together :-x

[shankie-codes]

Fair enough @TehShrike . I guess my main reluctance to do that is I don't know where the conflict is coming in. I've got a big project with dozens of dependencies – and it's reasonably likely that deepmerge isn't even in the first level of those dependencies, so it's going to be a massive trial and error job, not only removing dependencies from package.json, but also from the codebase.

My gut feeling is that it's not a problem with deepmerge itself, but more likely some incompatibility between two separate imports of the package.

Having said that, I've just reverted my app to a commit from about six weeks ago and it works fine, so that means that the issue is either in a version bump or an additional package in the intervening time.

[TehShrike]

npm ls deepmerge should hopefully get you at least close to the file that's importing it, so you can see if it's using import vs require.

Hopefully seeing where it's used will make it easier to set up a reproduction.

[shankie-codes]

Ooh I didn't know that nugget. Handy.

So, here's some odd stuff. When I do that, I get this:

[email protected] /Users/shankie/Sites/artist-advance
└─┬ [email protected]
  └── [email protected]

So, a dependency on MUI, nothing to do with Auth0.

However, if I do npm ls (without specifying a package), I get:

npm ERR! invalid: [email protected] /Users/shankie/Sites/artist-advance/node_modules/auth0. This is doubly odd because Auth0 is the only one listed as invalid, and because it's not even the version I currently have installed (I've got "auth0": "2.7.0",)

More digging tomorrow...

[shankie-codes]

My bad, the npm ERR! invalid: [email protected] is a red herring. I had a mismatch between my installed version and my package.json version

[shankie-codes]

Aha, binning my node_modules and reinstalling has revealed that Auth0 is using deepmerge, through rest-facade.

├─┬ [email protected]
│ └─┬ [email protected]
│   └── [email protected]
└─┬ [email protected]
  └── [email protected]

Is it possible that these two versions of deepmerge are somehow conflicting? I can see how in Pacey's case he'd end up with something similar if he was using a newer version of rest-facade that included a different version of deepmerge.

I'll do some digging tomorrow to understand how these two packages are importing deepmerge.

[TehShrike]

The main difference between those two versions of deepmerge is that deepmerge 1.5.2 did include a browser field:

• 1.5.2
• 2.0.1

[shankie-codes]

I've sorted my issue! For me, it turns out that it was a configuration error in my part in my webpack config. I don't totally understand the ins and outs of this, but it looks like Webpack has the concepts of 'externals', which says "look don't transpile the stuff that you find that matches this pattern". The usual use case is for the node_modules directory, so that (again, I could be wrong here) you use the dist version of packages, rather than trying to build from source.

In my case, I had moved where my node_modules lived up a directory (due to how I was structuring my Docker image), but hadn't changed my ExternalsPlugin configuration to reflect the new directory:

new ExternalsPlugin({
      type: "commonjs",
      include: path.join(__dirname, "../node_modules/"),
    }),

Now, I don't really know why this only reared its head now. It could be that I just wasn't testing it properly on the server (which is the one that uses this path configuration), or it could be that something changed in one of the dependent packages that affected how imports worked. The timing coinciding with @pacey makes me suspicious!

I suppose it could be related to the fact that this ExternalsPlugin is only set up to 'ignore' commonjs modules – and perhaps something to do with the removal of the browser field somehow affected this. webpack/webpack#5756 seems to suggest something to do with CommonJS imports.

[TehShrike]

this ExternalsPlugin is only set up to 'ignore' commonjs modules

That's interesting. If that's related, I'll bet it had more to do with deepmerge adding a ESM build exposed via module in package.json than anything to do with the browser field.

[shankie-codes]

Ah ok and that happened somewhere between 1.5.2->2.0.1 ?

My guess is that this isn't a 'new' issue and reared its head when the issue over on webpack was posted in October.

[TehShrike]

No, 1.5.2 had main, module, and browser: https://unpkg.com/[email protected]/package.json

[TehShrike]

The browser and module properties were added in 1.4.0. browser was removed in 1.5.0.

[i8ramin]

Would like to also voice my concern here. Exact issue us happening on a Netlify app using Functions (AWS Lambda) and trying to use the auth0 management API client. No real solution seems to be given and the issue is closed? Has anyone found any workarounds?

[TehShrike]

It's a bug in Webpack: webpack/webpack#6584

[TehShrike]

This workaround might get you by: https://github.com/KyleAMathews/deepmerge#webpack-bug

[nicosuave]

I added the following to my webpack config as an alias to mitigate

    alias: {
      deepmerge$: 'deepmerge/dist/umd.js',
    },

[TehShrike]

rest-facade could also upgrade to deepmerge@3, which no longer exposes an ESM package (which apparently confuses Webpack to no end).

[bebbi]

@TehShrike [email protected] just has upgraded..