Why did this error only appear after upgrading @reactflow/core to v11+?

ReactFlow v10 and earlier shipped a pre-bundled CommonJS dist as the main package entry point. Starting with v11, the team switched to shipping ESM as the primary export (pointing `package.json` `module` and `exports` fields to the ESM dist). Webpack 5 respects the `exports` field and resolves to the ESM file. If your Babel loader excludes node_modules, it now encounters raw ESM syntax it cannot parse, whereas previously it was receiving already-bundled CJS code that needed no transformation.

Does this fix work for other ESM-only packages like @radix-ui, nanoid, or d3-*?

Yes. The exact same pattern applies. Extend the `include` array in your dedicated vendor transpilation rule: add `/node_modules\/@radix-ui/`, `/node_modules\/nanoid/`, `/node_modules\/d3-/`, etc. Each of these packages ships ESM-only in recent versions. The negative lookahead regex approach (`exclude: /node_modules\/(?!(pkg-a|pkg-b))/)` also works but becomes harder to maintain as the list grows — the explicit `include` array in a separate rule is more readable at scale.

Will transpiling @reactflow through Babel significantly increase my build time?

Minimally, if you configure it correctly. Use `targets: { esmodules: true }` in the vendor rule's `@babel/preset-env` options — this instructs Babel to apply only the syntax transforms needed for modern ES module support, skipping the heavy polyfill injection it would apply against a broad browserslist. Also ensure `babel-loader`'s `cacheDirectory: true` is set and use a distinct `cacheIdentifier` for the vendor rule so cached transforms are not invalidated by changes to your app-level Babel config.

Fixing Webpack 5 'Module parse failed: Unexpected token' with @reactflow/core ESM Imports

Threat/Impact Level: HIGH | Downtime Risk: HIGH | Time to Fix: 10–20 mins

TL;DR

What broke: Webpack 5's default module.rules excludes node_modules from Babel transpilation. @reactflow/core ships pure ESM (uses import/export, optional chaining, nullish coalescing). Webpack's JS parser hits an unexpected token and hard-crashes the build.
How to fix it: Add an explicit include rule (or remove the exclude: /node_modules/ guard) for @reactflow packages so Babel processes their ESM syntax before Webpack bundles it.
Fast path: Use our Client-Side Sandbox below to auto-refactor your webpack.config.js — paste your config, get the patched module.rules back instantly.

The Incident (What Does the Error Mean?)

Raw error output from a failing webpack --mode production run:

ERROR in ./node_modules/@reactflow/core/dist/esm/index.js 16:19
Module parse failed: Unexpected token (16:19)
You may need an appropriate loader to handle this file type,
currently no loaders are configured to process this file.
See https://webpack.js.org/concepts#loaders
| import { useCallback, useEffect, useRef } from 'react';
| 
> const FlowRenderer = ({ children, onlyRenderVisibleElements = false }) => {

Immediate consequence: Build exits non-zero. No bundle is emitted. Your CI pipeline fails, your deployment is blocked, and if this surfaces in a hot-fix branch during an incident, you are now fighting two fires simultaneously.

The line onlyRenderVisibleElements = false uses a default parameter with an ES2015+ syntax inside an ESM module. Webpack's internal acorn parser (configured for a CommonJS baseline) cannot parse it because no loader has been told to handle this file.

The Attack Vector / Blast Radius

This is a build-time total failure, not a runtime degradation. Blast radius:

Every environment (local, CI, staging, prod) fails identically — there is no partial degradation. The app simply does not build.
Monorepos are worse: If @reactflow/core is hoisted to the root node_modules, every package in the monorepo that shares this Webpack config inherits the failure.
Version-bump triggered: This commonly surfaces silently after a npm update or yarn upgrade because older ReactFlow versions shipped a pre-bundled CJS dist. ReactFlow v11+ switched the primary export to ESM. A routine dependency update with no code changes suddenly breaks the build — the worst kind of failure to diagnose under pressure.
Next.js / CRA wrappers: If you ejected CRA or are using a custom Next.js Webpack config override, the same exclusion pattern is present and will fail identically.

How to Fix It (The Solution)

Basic Fix — Whitelist `@reactflow` in Your Babel Loader Rule

Locate your babel-loader rule in webpack.config.js. The standard scaffolded config has a blanket exclude: /node_modules/. You need to punch a hole in it for the ReactFlow scope.

 // webpack.config.js
 module: {
   rules: [
     {
       test: /\.[jt]sx?$/,
-      exclude: /node_modules/,
+      exclude: /node_modules\/(?!(@reactflow))/,
       use: {
         loader: 'babel-loader',
         options: {
           presets: ['@babel/preset-env', '@babel/preset-react'],
         },
       },
     },
   ],
 },

The regex /node_modules\/(?!(@reactflow))/ is a negative lookahead — it excludes all of node_modules except the @reactflow scope. This is surgical; you are not transpiling all of node_modules (which would destroy build performance).

Enterprise Best Practice — Explicit Include + `@babel/preset-env` Targets + Separate Rule

For production codebases, a cleaner pattern is a dedicated second rule for known ESM-only packages. This keeps your app's Babel config isolated from the vendor transpilation config and makes the intent explicit in code review.

 // webpack.config.js
 module: {
   rules: [
     {
       test: /\.[jt]sx?$/,
       exclude: /node_modules/,
       use: {
         loader: 'babel-loader',
         options: {
           presets: [
             ['@babel/preset-env', { targets: '> 0.5%, last 2 versions, not dead' }],
             '@babel/preset-react',
             '@babel/preset-typescript',
           ],
         },
       },
     },
+    {
+      // Dedicated rule: transpile ESM-only packages that ship without CJS fallback
+      test: /\.[jt]sx?$/,
+      include: [
+        /node_modules\/@reactflow/,
+      ],
+      use: {
+        loader: 'babel-loader',
+        options: {
+          // Minimal preset — only syntax transforms, no polyfills
+          // Assumes your app-level preset-env handles polyfills globally
+          presets: [
+            ['@babel/preset-env', { targets: { esmodules: true } }],
+            '@babel/preset-react',
+          ],
+          // Critical: use a separate cache identifier to avoid
+          // collisions with your app's babel-loader cache
+          cacheIdentifier: 'esm-vendor-v1',
+        },
+      },
+    },
   ],
 },

Why targets: { esmodules: true } for the vendor rule? You want the lightest possible transform — just enough to make acorn happy. You do not want @babel/preset-env aggressively polyfilling vendor code based on your browserslist, which would bloat the bundle and potentially double-polyfill.

💡 Tired of pasting proprietary configs into ChatGPT? Generic AI tools log your company's ARNs, DB strings, and private keys. StackEngine is a zero-backend, pure Client-Side WASM utility. Drop your failing webpack.config.js into the sandbox above. We redact your secrets locally in the browser and auto-generate the refactored code using your own API key.

Prevention in CI/CD

This class of failure — ESM package breaking a CJS-assumed Webpack pipeline — will recur every time a dependency updates its dist format. Lock it down:

1. Webpack Build Smoke Test in CI (Non-Negotiable)

Add a dedicated CI step that runs webpack --mode production --bail on every PR that touches package.json or package-lock.json. Do not rely on unit tests to catch build failures.

# .github/workflows/build-check.yml
- name: Webpack production build smoke test
  run: npx webpack --mode production --bail
  env:
    NODE_ENV: production

2. eslint-plugin-import + eslint-import-resolver-webpack

Configure ESLint to resolve imports through your Webpack config. This surfaces loader misconfiguration at lint time, before the full build runs.

3. Renovate / Dependabot with postUpgradeTasks

In your renovate.json, add a postUpgradeTasks command that runs the production build. Renovate will mark the PR as failing before it even reaches your team for review:

{
  "postUpgradeTasks": {
    "commands": ["npm run build"],
    "fileFilters": ["**/*"],
    "executionMode": "branch"
  }
}

4. webpack-bundle-analyzer Baseline Check

After fixing, run webpack-bundle-analyzer and snapshot your bundle composition. If @reactflow chunks are unexpectedly large after the fix, you may be over-transpiling — tighten the targets in your vendor rule.

5. Document the ESM Vendor List

Maintain a comment block in webpack.config.js listing every package in the include array of your vendor transpilation rule, with the version that forced the addition and a link to the relevant upstream changelog. Future engineers will thank you at 2 AM.