We recently had a user reporting an issue that on their machine the MCP server straightaway crashes and the error is that openid-client which is an ESM only package is being require'd.

It is happening because the user was using Node v22.11.0 which does not support require'ing ESM only packages. It only works from v22.12.0 and onwards.

We document this explicitly in our README but because the v6 of open-id client was a breaking change which was added to our main downstream dependency (oidc-plugin), eventually ended up in our npm packages as a minor dependency, we sort of broke the semver promise.

To fix that we are proposing to look into introducing backwards compatibility with the node versions we unknowingly broke. This was first reported indirectly in Github Issue - 348 which we partially addressed by mentioning the correctly required version.

The change to introduce backwards compatibility seems pretty small. It would require changing the static imports to dynamic imports for openid-client package in oidc-plugin repo. Pushing an update and eventually adapting that update in MCP server.