feat(crypto): add RSA-PSS codemod for DEP0154 (#164)

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Augustin Mauroy <[email protected]>

Author: 3 people

package-lock.json

@@ -0,0 +1,78 @@
+# crypto-rsa-pss-update
+
+Codemod to handle Node.js crypto deprecation DEP0154 by transforming deprecated RSA-PSS key generation options.
+
+## What it does
+
+This codemod transforms deprecated RSA-PSS crypto options in `crypto.generateKeyPair()` and `crypto.generateKeyPairSync()` calls:
+
+- `hash` → `hashAlgorithm`
+- `mgf1Hash` → `mgf1HashAlgorithm`
+
+The transformation only applies to calls with `'rsa-pss'` as the key type.
+
+## Examples
+
+**Before**
+
+```js
+const crypto = require("node:crypto");
+
+crypto.generateKeyPair(
+	"rsa-pss",
+	{
+		modulusLength: 2048,
+		hash: "sha256",
+		mgf1Hash: "sha1",
+		saltLength: 32,
+	},
+	(err, publicKey, privateKey) => {
+		// callback
+	},
+);
+
+crypto.generateKeyPairSync("rsa-pss", {
+	modulusLength: 2048,
+	hash: "sha256",
+});
+```
+
+**After**
+
+```js
+const crypto = require("crypto");
+
+crypto.generateKeyPair(
+	"rsa-pss",
+	{
+		modulusLength: 2048,
+		hashAlgorithm: "sha256",
+		mgf1HashAlgorithm: "sha1",
+		saltLength: 32,
+	},
+	(err, publicKey, privateKey) => {
+		// callback
+	},
+);
+
+crypto.generateKeyPairSync("rsa-pss", {
+	modulusLength: 2048,
+	hashAlgorithm: "sha256",
+});
+```
+
+## Usage
+
+```bash
+npx codemod @nodejs/crypto-rsa-pss-update
+```
+
+## Supports
+
+- Both `crypto.generateKeyPair()` and `crypto.generateKeyPairSync()`
+- Destructured imports: `const { generateKeyPair } = require('crypto')`
+- Variable references: `const options = { hash: 'sha256' }`
+- Function calls: `getKeyOptions()` returning crypto options
+- This property patterns: `this.options = { hash: 'sha256' }`
+- Only transforms `'rsa-pss'` key type calls
+- Preserves all other options and call structure

recipes/crypto-rsa-pss-update/README.md

@@ -0,0 +1,25 @@
+schema_version: "1.0"
+name: "@nodejs/crypto-rsa-pss-update"
+version: 1.0.0
+description: >-
+  Handle DEP0154 via transforming deprecated RSA-PSS crypto options `hash` to
+  `hashAlgorithm` and `mgf1Hash` to `mgf1HashAlgorithm`
+author: Mauro Nievas
+license: MIT
+workflow: workflow.yaml
+category: migration
+
+targets:
+  languages:
+    - javascript
+    - typescript
+
+keywords:
+  - transformation
+  - migration
+  - crypto
+  - rsa-pss
+
+registry:
+  access: public
+  visibility: public

recipes/crypto-rsa-pss-update/codemod.yaml

@@ -0,0 +1,24 @@
+{
+  "name": "@nodejs/crypto-rsa-pss-update",
+  "version": "1.0.0",
+  "description": "Handle DEP0154 via transforming deprecated RSA-PSS crypto options `hash` to `hashAlgorithm` and `mgf1Hash` to `mgf1HashAlgorithm`.",
+  "type": "module",
+  "scripts": {
+    "test": "npx codemod jssg test -l typescript ./src/workflow.ts ./"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nodejs/userland-migrations.git",
+    "directory": "recipes/crypto-rsa-pss-update",
+    "bugs": "https://github.com/nodejs/userland-migrations/issues"
+  },
+  "author": "Mauro Nievas",
+  "license": "MIT",
+  "homepage": "https://github.com/nodejs/userland-migrations/blob/main/recipes/crypto-rsa-pss-update/README.md",
+  "devDependencies": {
+    "@codemod.com/jssg-types": "^1.0.3"
+  },
+  "dependencies": {
+    "@nodejs/codemod-utils": "*"
+  }
+}