Suppress "saslprep" warning

How can I suppress this warning:
“Warning: no saslprep library specified. Passwords will not be sanitized”

without having to install this third-party npm, “saslprep”


Hi @Melody_Maker,

A SASLprep implementation (RFC-4013) is a prerequisite for the SCRAM-SHA-256 spec and required for compliance if you are using this auth method. This library prepares strings that contain non-ASCII characters for use in username and password values.

saslprep is currently only used for SCRAM-SHA-256 authentication in the Node.js driver. As this library is large, it was made an optional dependency per NODE-1663 in the MongoDB issue tracker. Other authentication mechanisms (such as the earlier default of SCRAM-SHA-1) do not require this library.

The warning should only appear when sha256 is used without saslprep available (ref: lib/core/auth/scram.js).

If you are using SCRAM-SHA-256, you should install saslprep to remove the warning.

Alternatively, you could use SCRAM-SHA-1 to avoid the library requirement. SCRAM-SHA-256 is a more secure standard than SCRAM-SHA-1, but also computationally more expensive.

If this warning appears to be incorrect for your deployment, please confirm your version of the Node.js driver. The code snippet I referenced above is from the 3.6.x Node.js driver, so if you are using an older version behaviour may differ (and I would suggest testing the latest version with your application code).


Thanks for the info.

I’ll just install the saslprep library then.

I’m sick of looking at that warning message many dozens of times per day, while developing.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.