fix: use node: protocol prefix for built-in module imports

[sonarqube-agent]

Add the node: protocol prefix to built-in module imports (fs/promises, os, path) in credential-setup.ts to fix SonarQube issues S7772. This improves code clarity, prevents potential naming conflicts with npm packages, and aligns with modern Node.js best practices.

View Project in SonarCloud

---

Fixed Issues

typescript:S7772 - Prefer `node:fs/promises` over `fs/promises`. • MINOR • View issue

Location: src/credential-setup.ts:2

Why is this an issue?

When importing Node.js built-in modules, using the node: protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.

What changed

This hunk adds the node: protocol prefix to three Node.js built-in module imports in src/credential-setup.ts. It changes 'fs/promises' to 'node:fs/promises', 'os' to 'node:os', and 'path' to 'node:path'. This directly fixes all three static analysis warnings about preferring the node: protocol for built-in module imports, which improves clarity (making it obvious these are core Node.js modules), security (preventing potential confusion with similarly-named npm packages), and consistency with modern Node.js best practices.

--- a/src/credential-setup.ts
+++ b/src/credential-setup.ts
@@ -2,3 +2,3 @@ import * as core from '@actions/core';
-import * as fs from 'fs/promises';
-import * as os from 'os';
-import * as path from 'path';
+import * as fs from 'node:fs/promises';
+import * as os from 'node:os';
+import * as path from 'node:path';

typescript:S7772 - Prefer `node:os` over `os`. • MINOR • View issue

Location: src/credential-setup.ts:3

Why is this an issue?

When importing Node.js built-in modules, using the node: protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.

What changed

This hunk adds the node: protocol prefix to three Node.js built-in module imports in src/credential-setup.ts. It changes 'fs/promises' to 'node:fs/promises', 'os' to 'node:os', and 'path' to 'node:path'. This directly fixes all three static analysis warnings about preferring the node: protocol for built-in module imports, which improves clarity (making it obvious these are core Node.js modules), security (preventing potential confusion with similarly-named npm packages), and consistency with modern Node.js best practices.

--- a/src/credential-setup.ts
+++ b/src/credential-setup.ts
@@ -2,3 +2,3 @@ import * as core from '@actions/core';
-import * as fs from 'fs/promises';
-import * as os from 'os';
-import * as path from 'path';
+import * as fs from 'node:fs/promises';
+import * as os from 'node:os';
+import * as path from 'node:path';

typescript:S7772 - Prefer `node:path` over `path`. • MINOR • View issue

Location: src/credential-setup.ts:4

Why is this an issue?

When importing Node.js built-in modules, using the node: protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.

What changed

This hunk adds the node: protocol prefix to three Node.js built-in module imports in src/credential-setup.ts. It changes 'fs/promises' to 'node:fs/promises', 'os' to 'node:os', and 'path' to 'node:path'. This directly fixes all three static analysis warnings about preferring the node: protocol for built-in module imports, which improves clarity (making it obvious these are core Node.js modules), security (preventing potential confusion with similarly-named npm packages), and consistency with modern Node.js best practices.

--- a/src/credential-setup.ts
+++ b/src/credential-setup.ts
@@ -2,3 +2,3 @@ import * as core from '@actions/core';
-import * as fs from 'fs/promises';
-import * as os from 'os';
-import * as path from 'path';
+import * as fs from 'node:fs/promises';
+import * as os from 'node:os';
+import * as path from 'node:path';

Have a suggestion or found an issue? Share your feedback here.

---

SonarQube Remediation Agent uses AI. Check for mistakes.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonarqube-cloud-us]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sonar-review-alpha]

Summary

⚠️ The PR description exceeded the analysis limit and was truncated. The review may not reflect all context.

Three built-in Node.js module imports in src/credential-setup.ts (lines 2-4) have been updated to use the node: protocol prefix: fs/promises, os, and path. This fixes three SonarQube S7772 violations and aligns with modern Node.js conventions.

What reviewers should know

This is a minimal, syntax-only change affecting only import statements. No runtime behavior is altered. Reviewers should verify:

• All three imports were updated correctly (fs/promises, os, path)
• The module names remain unchanged, only the protocol prefix was added
• No other code modifications snuck in (the diff shows only the three import lines changed)

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

LGTM! ✅

Clean, focused change that correctly applies the node: protocol prefix to the three built-in imports in src/credential-setup.ts. The fix is compatible with the project's Node.js 20 + TypeScript 5.7 + ES2022 toolchain, and it aligns this file with the convention already established in src/retry.ts.

Note that src/credential-guard-post.ts still imports fs/promises, os, and path without the node: prefix — a follow-up PR to standardise the remaining files would complete the migration.

🗣️ Give feedback