fix: add node: protocol prefix to built-in module imports#64
fix: add node: protocol prefix to built-in module imports#64sonarqube-agent[bot] wants to merge 1 commit into
Conversation
Fixed issues: - AZzYE2GUPf0LcAuwqQVK for typescript:S7772 rule - AZzYE2GsPf0LcAuwqQVX for typescript:S7772 rule - AZzYE2GsPf0LcAuwqQVY for typescript:S7772 rule - AZzYE2GsPf0LcAuwqQVZ for typescript:S7772 rule Generated by SonarQube Agent (task: 9cca4bbd-d888-4489-8626-d559469d0184)
Summary
This PR adds the
The changes are purely mechanical — prefixing imports with What reviewers should knowWhat to check:
No surprises here — this is a straightforward linting fix with zero risk of introducing bugs or behavior changes.
|
|
|
![sonar-review-alpha[bot]](https://avatars.githubusercontent.com/in/3025063?s=60&v=4){kind=small}
There was a problem hiding this comment.
Clean, low-risk linting fix. No logic changes, no test-mocking issues (fs is used directly in tests for real file I/O, not mocked), and node: prefix carries identical runtime semantics in any Node.js version the GitHub Actions runner supplies.
Two observations worth knowing:
src/credential-setup.tshas the same three bare built-in imports (fs/promises,os,path) and was not updated. That file is not part of this PR's scope, but it will continue to generate S7772 findings unless addressed separately.- The bundled dist files in
credential-guard/dist/post/are committed to the repo but were not rebuilt as part of this PR. Sincenode:fs/promisesandfs/promisesresolve identically at runtime, this has zero functional impact — but the source and dist are now technically out of sync until the next build.
| import * as path from 'path'; | ||
| import * as os from 'os'; |
There was a problem hiding this comment.
Lines 2 and 3–4 are now inconsistent within the same file: fs/promises was updated to node:fs/promises by this PR, but path and os still use the bare form. SonarQube only flagged line 2 here, but leaving the file half-migrated makes the intent unclear to future readers.
| import * as path from 'path'; | |
| import * as os from 'os'; | |
| import * as path from 'node:path'; | |
| import * as os from 'node:os'; |
- Mark as noise
1 participant
Add the
node:protocol prefix to built-in Node.js module imports across the codebase to comply with SonarQube best practices. This clarifies that imports refer to core Node.js modules rather than third-party packages, enhances security against package name confusion attacks, and aligns with modern Node.js ESM standards.View Project in SonarCloud
Fixed Issues
typescript:S7772 - Prefer `node:os` over `os`. • MINOR • View issue
Location:
src/credential-guard-post.ts:3Why is this an issue?
When importing Node.js built-in modules, using the
node:protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.What changed
This hunk adds the
node:protocol prefix to three Node.js built-in module imports insrc/credential-guard-post.ts. It changes'fs/promises'to'node:fs/promises','os'to'node:os', and'path'to'node:path'. This directly fixes all three static analysis warnings about preferring thenode:protocol for built-in module imports, which improves clarity about whether imports refer to core Node.js modules versus third-party npm packages, enhances security against potential package name confusion attacks, and aligns with Node.js best practices.typescript:S7772 - Prefer `node:path` over `path`. • MINOR • View issue
Location:
src/credential-guard-post.ts:4Why is this an issue?
When importing Node.js built-in modules, using the
node:protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.What changed
This hunk adds the
node:protocol prefix to three Node.js built-in module imports insrc/credential-guard-post.ts. It changes'fs/promises'to'node:fs/promises','os'to'node:os', and'path'to'node:path'. This directly fixes all three static analysis warnings about preferring thenode:protocol for built-in module imports, which improves clarity about whether imports refer to core Node.js modules versus third-party npm packages, enhances security against potential package name confusion attacks, and aligns with Node.js best practices.typescript:S7772 - Prefer `node:fs/promises` over `fs/promises`. • MINOR • View issue
Location:
__tests__/credential-guard.test.ts:2Why is this an issue?
When importing Node.js built-in modules, using the
node:protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.What changed
This hunk changes the import of 'fs/promises' to 'node:fs/promises', adding the 'node:' protocol prefix to the Node.js built-in module import. This makes it explicitly clear that the import refers to a core Node.js module rather than a third-party package, following Node.js best practices for ESM imports and eliminating ambiguity about the module's origin.
typescript:S7772 - Prefer `node:fs/promises` over `fs/promises`. • MINOR • View issue
Location:
src/credential-guard-post.ts:2Why is this an issue?
When importing Node.js built-in modules, using the
node:protocol makes it explicitly clear that you’re importing a core Node.js module rather than a third-party package from npm.What changed
This hunk adds the
node:protocol prefix to three Node.js built-in module imports insrc/credential-guard-post.ts. It changes'fs/promises'to'node:fs/promises','os'to'node:os', and'path'to'node:path'. This directly fixes all three static analysis warnings about preferring thenode:protocol for built-in module imports, which improves clarity about whether imports refer to core Node.js modules versus third-party npm packages, enhances security against potential package name confusion attacks, and aligns with Node.js best practices.SonarQube Remediation Agent uses AI. Check for mistakes.