This rule raises an issue when Node.js built-in modules are imported without using the node: protocol prefix.
When importing Node.js built-in modules, using the node: protocol makes it explicitly clear that you’re importing a core Node.js
module rather than a third-party package from npm.
Without the node: prefix, it can be ambiguous whether import fs from 'fs' refers to the built-in file system module or a
potential npm package named 'fs'. This ambiguity can lead to confusion, especially for developers who are new to a codebase or when reviewing
code.
The node: protocol was introduced in Node.js 12.20.0 and became the recommended approach for importing built-in modules. It provides
several benefits:
This practice is particularly important in larger codebases where the distinction between built-in modules and external dependencies needs to be clear at a glance.
Using imports without the node: protocol can lead to confusion about whether a module is built-in or external. In rare cases, this
could create security vulnerabilities if malicious packages with names similar to built-in modules are installed. The lack of explicit protocol also
makes code less self-documenting and harder to understand for new team members.
Add the node: prefix to ES6 import statements when importing Node.js built-in modules.
import fs from 'fs';
import path from 'path';
import { createServer } from 'http'; // Noncompliant
import fs from 'node:fs';
import path from 'node:path';
import { createServer } from 'node:http';