Description

Since tls.createSecurePair() is deprecated (DEP0064) and has reached End-of-Life status, we should provide a codemod to replace it.

• The codemod should replace all instances of tls.createSecurePair() with tls.Socket constructor or appropriate tls.connect() usage.
• The codemod should update the implementation to use the modern TLS socket API instead of the deprecated secure pair approach.
• If tls.createSecurePair is the only TLS function being used from a destructured import, the codemod should update the import to include the replacement methods.
• The codemod should handle different usage patterns and provide appropriate replacements based on context.

Additional Information

Note that tls.createSecurePair() was removed in Node.js v24.0.0 and users should use tls.Socket instead. The createSecurePair() API was deprecated because it was an older, less secure approach to creating TLS connections. The modern tls.Socket provides better security, performance, and API consistency.

The tls.createSecurePair() method created a pair of streams (cleartext and encrypted) for TLS communication, but this pattern has been superseded by the more straightforward tls.Socket approach which handles the encryption transparently.

Examples

Case 1: Basic createSecurePair usage

Before:

const { createSecurePair } = require('node:tls');

const pair = createSecurePair(credentials);

After:

const { TLSSocket } = require('node:tls');

const socket = new TLSSocket(underlyingSocket, { secureContext: credentials });

Case 2: Namespace import

Before:

const tls = require('node:tls');

const pair = tls.createSecurePair(credentials);

After:

const tls = require('node:tls');

const socket = new tls.TLSSocket(underlyingSocket, { secureContext: credentials });

Case 3: With server context

Before:

const { createSecurePair } = require('node:tls');

const pair = createSecurePair(credentials, true, true, false);

After:

const { TLSSocket } = require('node:tls');

const socket = new TLSSocket(underlyingSocket, { 
  secureContext: credentials, 
  isServer: true, 
  requestCert: true, 
  rejectUnauthorized: false 
});

Case 4: ESM import

Before:

import { createSecurePair } from 'node:tls';

const pair = createSecurePair(credentials);

After:

import { TLSSocket } from 'node:tls';

const socket = new TLSSocket(underlyingSocket, { secureContext: credentials });

Case 5: ESM namespace import

Before:

import * as tls from 'node:tls';

const pair = tls.createSecurePair(credentials);

After:

import * as tls from 'node:tls';

const socket = new tls.TLSSocket(underlyingSocket, { secureContext: credentials });

Case 6: Mixed usage with other TLS functions

Before:

const { createSecurePair, createServer } = require('node:tls');

const pair = createSecurePair(credentials);
const server = createServer(options);

After:

const { TLSSocket, createServer } = require('node:tls');

const socket = new TLSSocket(underlyingSocket, { secureContext: credentials });
const server = createServer(options);

Refs

• DEP0064: tls.createSecurePair()