Upgrading to vite 3.1.4 - Module path has been externalized for browser in Chrome

[rezelute]

Describe the bug

In a project I am currently using vite 2.9.15 and everything is working fine. When i upgraded to vite 3.1.4, I now get the following warning in Chrome:
browser-external:crypto:9 Module "crypto" has been externalized for browser compatibility. Cannot access "crypto.randomBytes" in client code.

It seems to be coming from importing bcrypt in a file but why is it throwing this warning after upgrading to the new vite version.

I have double checked this to make sure its the vite version causing issues by creating a new branch.

Any advice for what you think might be happening is appreciated!

Reproduction

Install the latest version of vite and import bcrypt

System Info

System:
    OS: Windows 10 10.0.19044
    CPU: (12) x64 AMD Ryzen 5 5600X 6-Core Processor
    Memory: 13.44 GB / 31.92 GB
  Binaries:
    Node: 14.20.0 - C:\Program Files\nodejs\node.EXE
    npm: 8.5.4 - C:\Program Files\nodejs\npm.CMD
  Browsers:
    Edge: Spartan (44.19041.1266.0), Chromium (105.0.1343.50)    
    Internet Explorer: 11.0.19041.1566
  npmPackages:
    @vitejs/plugin-vue: ^2.3.4 => 2.3.4
    vite: ^3.1.4 => 3.1.4

Used Package Manager

npm

Logs

No response

Validations

• Follow our Code of Conduct
• Read the Contributing Guidelines.
• Read the docs.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a Vite issue and not a framework-specific issue. For example, if it's a Vue SFC related bug, it should likely be reported to vuejs/core instead.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion or join our Discord Chat Server.
• The provided reproduction is a minimal reproducible example of the bug.

[github-actions]

Hello @rezelute. Please provide a minimal reproduction using a GitHub repository or StackBlitz. Issues marked with need reproduction will be closed if they have no activity within 3 days.

[rezelute]

Thanks for the reply.
Let me know if you have any trouble accessing this: https://stackblitz.com/edit/vitejs-vite-efwknr
But essentially if you just import bcrypt from "bcryptjs"; you will immediately see the warning, you dont even have to start using bcrypt in the project.

This error doesnt seem to happen with version 2 of vite for some reason.

[sapphi-red]

But essentially if you just import bcrypt from "bcryptjs";

Because you were saying "bcrypt", I thought it was bcrypt package and a different behavior happened when I tried that. Now I understand you were intending bcryptjs package.

BTW the warning is happening because bcryptjs is accessing crypto here.
https://github.com/dcodeIO/bcrypt.js/blob/7e2e93af99df2952253f9cf32db29aefa8f272f7/src/bcrypt.js#L23-L26
The reason why this warning exists is explained at #9837.

[rezelute]

Ah sorry about the confusion about bcrypt vs bcryptjs 😬.
Thank you for that explanation, do you have a recommendation as to what I could to to resolve the warning? Would you recommend a different node package instead which doesnt "try import and test if exist" ?

[sapphi-red]

Yes, I would recommend that.