How do I fix "TypeError: crypto.createCipher is not a function"?

Switch to `crypto.createCipheriv(algorithm, key, iv)` / `crypto.createDecipheriv(...)` with an explicit key and IV. Derive the key with `crypto.scryptSync(password, salt, keylen)` (or `crypto.pbkdf2`) and a random IV from `crypto.randomBytes(16)`; store the IV alongside the ciphertext. To read legacy data made with the old createCipher, re-implement its OpenSSL EVP_BytesToKey(MD5) derivation once, then re-encrypt under the new scheme. Upgrade any dependency that still calls createCipher to a current release. Source: https://nodejs.org/api/deprecations.html

Node.js 22

TypeError: crypto.createCipher is not a function

TypeError: crypto.createCipher is not a function

What it means

crypto.createCipher and crypto.createDecipher were removed in Node.js 22.

Why it happens

Deprecated since Node 10 (DEP0106) for using a weak, salt-less MD5 key derivation and a static IV, createCipher/createDecipher were removed in Node.js 22. Code (or a dependency) still calls them and now throws after the runtime upgrade.

How to fix it

Switch to `crypto.createCipheriv(algorithm, key, iv)` / `crypto.createDecipheriv(...)` with an explicit key and IV.
Derive the key with `crypto.scryptSync(password, salt, keylen)` (or `crypto.pbkdf2`) and a random IV from `crypto.randomBytes(16)`; store the IV alongside the ciphertext.
To read legacy data made with the old createCipher, re-implement its OpenSSL EVP_BytesToKey(MD5) derivation once, then re-encrypt under the new scheme.
Upgrade any dependency that still calls createCipher to a current release.

Related deadline: Lambda Node.js 18 EOL — 2027-02-01.

Find every instance in your project

The free EOLkits scanner runs in your browser (nothing uploaded) and flags this and related breakages across your IaC and dependency files.

Primary source: https://nodejs.org/api/deprecations.html

Get the full migration audit — $299, hash-anchored PDF →