MongoServerError: Received authentication for mechanism SCRAM-SHA-1 which is not enabled

[arunkush5]

Description

When deploying mongo-express in a Kubernetes cluster to connect to a MongoDB instance that has only SCRAM-SHA-256 authentication enabled, the following error occurs during startup:

MongoServerError: Received authentication for mechanism SCRAM-SHA-1 which is not enabled
    at Connection.onMessage (/app/node_modules/mongodb/lib/cmap/connection.js:227:30)
    at MessageStream.<anonymous> (/app/node_modules/mongodb/lib/cmap/connection.js:60:60)
    at MessageStream.emit (node:events:517:28)
    at processIncomingData (/app/node_modules/mongodb/lib/cmap/message_stream.js:125:16)
    at MessageStream._write (/app/node_modules/mongodb/lib/cmap/message_stream.js:33:9)
    at writeOrBuffer (node:internal/streams/writable:392:12)
    at _write (node:internal/streams/writable:333:10)
    at Writable.write (node:internal/streams/writable:337:10)
    at Socket.ondata (node:internal/streams/readable:809:22)
    at Socket.emit (node:events:517:28) {
  ok: 0,
  code: 334,
  codeName: 'MechanismUnavailable',
  ...
}

Expected Behavior

mongo-express should either:

• Default to using SCRAM-SHA-256 when available/supported by the MongoDB server, or
• Provide a way to explicitly configure the authentication mechanism via environment variable or config file.

Environment Details

• mongo-express version: latest (Docker image: mongo-express:latest)
• MongoDB version: 6.0.x
• Deployment platform: Kubernetes
• Node.js version inside container: v18.x
• Error reproducible?: Yes, consistently on every pod start

---

Steps to Reproduce

1. Deploy a MongoDB instance with only default configuration.

2. Deploy mongo-express without specifying auth mechanism.

3. Observe the error on pod logs:

   MongoServerError: Received authentication for mechanism SCRAM-SHA-1 which is not enabled