taxjar
DeprecationWarning: `url.parse()`
The TaxJar Node.js client is generating deprecation warnings due to its internal use of the legacy url.parse() method via the node-fetch dependency.
Deprecation Warning
(node:77849) [DEP0169] DeprecationWarning: url.parse() behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for url.parse() vulnerabilities.
at urlParse (node:url:134:13)
at parseURL (webpack-internal:///(action-browser)/./node_modules/node-fetch/lib/index.mjs:1177:9)
at new Request (webpack-internal:///(action-browser)/./node_modules/node-fetch/lib/index.mjs:1216:17)
at eval (webpack-internal:///(action-browser)/./node_modules/node-fetch/lib/index.mjs:1458:19)
at new Promise (
Environment
- TaxJar version: 4.1.0 (latest)
- Node.js version: [your Node version]
- Platform: Next.js 15.3.3 with React 19
Root Cause
The warning originates from TaxJar's HTTP request utility (taxjar/dist/util/request.js) which uses node-fetch. The node-fetch library internally uses the deprecated url.parse() method.
Impact
While this doesn't break functionality, it generates console warnings and indicates potential security concerns as noted in the deprecation message.
Suggested Solution
Update the HTTP client implementation to use:
- The native fetch API (available in Node.js 18+)
- Or update node-fetch to a version that uses the WHATWG URL API
- Or replace url.parse() usage with new URL() constructor
Workaround
Currently suppressing with NODE_OPTIONS="--no-deprecation" but would prefer a proper fix.
