feat: handle `crypto.createCredentials()` depreciation

[AugustinMauroy]

Description

Since crypto.createCredentials() is deprecated (DEP0010) and has reached End-of-Life status, we should provide a codemod to replace it.

• The codemod should replace all instances of crypto.createCredentials() with tls.createSecureContext().
• The codemod should update import/require statements to replace node:crypto with node:tls when createCredentials is the only crypto function being used.
• If the node:crypto import is destructured and only contains createCredentials, it should be replaced with node:tls destructured import.
• If there are other crypto functions being used, the codemod should add a separate node:tls import and keep the existing node:crypto import.

Additional Information

Note that crypto.createCredentials() was removed in Node.js v11.0.0 and replaced with tls.createSecureContext(). The functionality is identical, but the API has been moved to the more appropriate tls module. The options object format remains the same (key, cert, ca, etc.).

Examples

Case 1: Destructured import with only createCredentials

Before:

const { createCredentials } = require('node:crypto');

const credentials = createCredentials({
  key: privateKey,
  cert: certificate,
  ca: [caCertificate]
});

After:

const { createSecureContext } = require('node:tls');

const credentials = createSecureContext({
  key: privateKey,
  cert: certificate,
  ca: [caCertificate]
});

Case 2: Namespace import

Before:

const crypto = require('node:crypto');

const credentials = crypto.createCredentials({
  key: fs.readFileSync('server-key.pem'),
  cert: fs.readFileSync('server-cert.pem')
});

After:

const tls = require('node:tls');

const credentials = tls.createSecureContext({
  key: fs.readFileSync('server-key.pem'),
  cert: fs.readFileSync('server-cert.pem')
});

Case 3: Mixed usage with other crypto functions

Before:

const { createCredentials, createHash } = require('node:crypto');

const credentials = createCredentials({
  key: privateKey,
  cert: certificate
});

const hash = createHash('sha256');
hash.update('some data');

After:

const { createHash } = require('node:crypto');
const { createSecureContext } = require('node:tls');

const credentials = createSecureContext({
  key: privateKey,
  cert: certificate
});

const hash = createHash('sha256');
hash.update('some data');

Case 4: ESM import

Before:

import { createCredentials } from 'node:crypto';

const credentials = createCredentials({
  key: privateKey,
  cert: certificate,
  ca: [caCertificate]
});

After:

import { createSecureContext } from 'node:tls';

const credentials = createSecureContext({
  key: privateKey,
  cert: certificate,
  ca: [caCertificate]
});

Case 5: ESM namespace import

Before:

import * as crypto from 'node:crypto';

const credentials = crypto.createCredentials({
  key: privateKey,
  cert: certificate
});

After:

import * as tls from 'node:tls';

const credentials = tls.createSecureContext({
  key: privateKey,
  cert: certificate
});

REFS

• DEP0010: crypto.createCredentials

[0hmX]

Hi @AugustinMauroy,

I have a question about test case 2. Your example implies that we need to check if any other methods from the crypto library are being used. If not, we should replace const crypto = require('node:crypto'); with const tls = require('node:tls');. Otherwise, we should keep the crypto import. Is my understanding correct?

It seems like it would be better not to touch the const crypto = require('node:crypto'); import and just add const tls = require('node:tls');. This might create some dead code, but it seems simpler and more like what I would expect a codemod to do. I'm new, so my assumption could be wrong.

[AugustinMauroy]

Hi @AugustinMauroy,

I have a question about test case 2. Your example implies that we need to check if any other methods from the crypto library are being used. If not, we should replace const crypto = require('node:crypto'); with const tls = require('node:tls');. Otherwise, we should keep the crypto import. Is my understanding correct?

It seems like it would be better not to touch the const crypto = require('node:crypto'); import and just add const tls = require('node:tls');. This might create some dead code, but it seems simpler and more like what I would expect a codemod to do. I'm new, so my assumption could be wrong.

Hey 👋
I understand that the import handling part maybe be complicated but take a look at this pr I had achieved it #119 we can maybe have an utility that automatically handle that