Neo4J _isFailFastSecurityError occurs when attempting to perform verifyAuthentication multiple times when sharing a Neo4j Driver Instance in a CF Worker Runtime #1315
Description
Bug Report
The driver.verifyAuthentication() crashes with
TypeError: Cannot read properties of undefined (reading 'startsWith')
(and sometimes TypeError: Cannot read properties of null (reading 'remaining'))
when run in a Cloudflare Workers environment that re-uses a WebSocket opened in a previous request.
Root cause: _isFailFastSecurityError() unconditionally calls
error.code.startsWith(...), but many low-level I/O errors bubble up as a plain
Error without a code field, leading to the null/undefined dereference.
To reproduce:
import neo4j from 'neo4j-driver';
const driver = neo4j.driver(
'neo4j+s://...',
neo4j.auth.basic(WORKER_ENV.USER, WORKER_ENV.PASS)
);
// Worker entry-point
export default {
async fetch(request) {
try {
// first call succeeds; second call in a new request crashes
await driver.verifyAuthentication();
return new Response('ok');
} catch (e) {
console.error('verifyAuth blew up', e);
return new Response('err', { status: 500 });
}
}
};
Expected behaviour
verifyAuthentication() should either succeed or throw a regular Neo4jError
(e.g. ServiceUnavailable). It must not crash inside driver internals.
Actual behaviour
An unrelated transport exception (Cloudflare’s per-request I/O guard) reaches
_isFailFastSecurityError() without a code field → TypeError.
After patching that guard, the driver later re-uses a half-initialised channel and
throws Cannot read properties of null (reading 'remaining').
My Environment
Javascript Runtime Version: CF Worker - Wrangler
Driver Version: 5.28.1
Neo4j Version and Edition: N/A
Operating System: Linux