Skip to content

feat(DEP0106): migrate from crypto.createCipher & crypto.createDecipher#265

Open
AugustinMauroy wants to merge 10 commits intomainfrom
augustin/DEP-0106
Open

feat(DEP0106): migrate from crypto.createCipher & crypto.createDecipher#265
AugustinMauroy wants to merge 10 commits intomainfrom
augustin/DEP-0106

Conversation

@AugustinMauroy
Copy link
Member

@AugustinMauroy AugustinMauroy commented Nov 4, 2025

Description

  • It's the only EOL between v20 to 22 It's mean after this pr we will hable to create @nodejs/v20-to-v22
  • the name of the codemod doesn't look good to me need to found something bettert

Related issue

close #264

@AugustinMauroy AugustinMauroy added awaiting reviewer Author has responded and needs action from the reviewer dep:v22 Migration handles deprecation introduced in node v22 labels Nov 4, 2025
@brunocroh brunocroh self-requested a review December 13, 2025 14:04
avivkeller
avivkeller reviewed Dec 18, 2025
View reviewed changes
@JakobJingleheimer JakobJingleheimer added this to the 20.x → 22.x milestone Jan 25, 2026
@JakobJingleheimer JakobJingleheimer changed the title feat(crypto-createcipheriv-migration): introduce feat(DEP0106): migrate from node:crypto.createCipher & node:crypto.createDecipher Jan 25, 2026
@JakobJingleheimer JakobJingleheimer requested review from tniessen and removed request for tniessen January 25, 2026 17:41
@JakobJingleheimer
Copy link
Member

JakobJingleheimer commented Jan 25, 2026
edited
Loading

@nodejs/crypto I'm not familiar with this part of node. could you check that the input and expected test fixtures are accurate?

@JakobJingleheimer JakobJingleheimer changed the title feat(DEP0106): migrate from node:crypto.createCipher & node:crypto.createDecipher feat(DEP0106): migrate from crypto.createCipher & crypto.createDecipher Jan 25, 2026
JakobJingleheimer
JakobJingleheimer approved these changes Jan 25, 2026
View reviewed changes
Copy link
Member

@JakobJingleheimer JakobJingleheimer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks fine to me! I'd like someone from the crypto team to take a look at the before & after test fixtures though before landing this.

AugustinMauroy and others added 2 commits February 2, 2026 10:55
@AugustinMauroy
Merge branch 'main' into augustin/DEP-0106
f7e7ecc
@AugustinMauroy @JakobJingleheimer
Update workflow.ts
ae6040b 
Co-Authored-By: Jacob Smith <3012099+JakobJingleheimer@users.noreply.github.com>
@JakobJingleheimer JakobJingleheimer added awaiting author Reviewer has requested something from the author awaiting reviewer Author has responded and needs action from the reviewer and removed awaiting reviewer Author has responded and needs action from the reviewer labels Feb 2, 2026
tniessen
tniessen reviewed Feb 4, 2026
View reviewed changes
recipes/crypto-createcipheriv-migration/workflow.yaml
name: Apply AST Transformations
type: automatic
steps:
- name: Migrate `crypto.createCipher()`/`createDecipher()` to iv variants with secure key derivation.
Copy link
Member

@tniessen tniessen Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- name: Migrate `crypto.createCipher()`/`createDecipher()` to iv variants with secure key derivation.
- name: Migrate `crypto.createCipher()`/`createDecipher()` to IV variants with secure key derivation.

recipes/crypto-createcipheriv-migration/README.md

- The codemod cannot guarantee algorithm-specific key/IV sizes. Review the generated `scryptSync` length and IV length defaults and adjust as needed.
- Decryption snippets include placeholders (`Buffer.alloc(16)`) that must be replaced with the salt and IV stored during encryption.
- If your project already wraps key derivation logic, you may prefer to adapt the generated scaffolding to call existing helpers.
Copy link
Member

@tniessen tniessen Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- If your project already wraps key derivation logic, you may prefer to adapt the generated scaffolding to call existing helpers.
- If your project already wraps key derivation logic, you may prefer to adapt the generated scaffolding to call existing helpers.
- The generated code is not backward-compatible and will be unable to decrypt data that was encrypted using `createCipher()`.
- The use of scrypt is one possible choice for deriving a key from a password, but you may wish to use Argon2id or PBKDF2 instead.

@JakobJingleheimer JakobJingleheimer removed the awaiting reviewer Author has responded and needs action from the reviewer label Feb 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tniessen tniessen tniessen left review comments

@JakobJingleheimer JakobJingleheimer JakobJingleheimer approved these changes

@avivkeller avivkeller avivkeller approved these changes

@brunocroh brunocroh Awaiting requested review from brunocroh

Assignees

No one assigned

Labels

awaiting author Reviewer has requested something from the author dep:v22 Migration handles deprecation introduced in node v22

Projects

None yet

Milestone

20.x → 22.x

Development

Successfully merging this pull request may close these issues.

sepc: createCipher-to-createCipheriv

4 participants

@AugustinMauroy @JakobJingleheimer @tniessen @avivkeller