diff --git a/src/node/db/SecurityManager.js b/src/node/db/SecurityManager.js
index 64091dbdc..24d966d18 100644
--- a/src/node/db/SecurityManager.js
+++ b/src/node/db/SecurityManager.js
@@ -1,3 +1,4 @@
+'use strict';
 /**
  * Controls the security of pad access
  */
@@ -19,7 +20,7 @@
  */
 
 const authorManager = require('./AuthorManager');
-const hooks = require('ep_etherpad-lite/static/js/pluginfw/hooks.js');
+const hooks = require('../../static/js/pluginfw/hooks.js');
 const padManager = require('./PadManager');
 const sessionManager = require('./SessionManager');
 const settings = require('../utils/Settings');
@@ -47,7 +48,7 @@ const DENY = Object.freeze({accessStatus: 'deny'});
  * WARNING: Tokens and session IDs MUST be kept secret, otherwise users will be able to impersonate
  * each other (which might allow them to gain privileges).
  */
-exports.checkAccess = async function (padID, sessionCookie, token, userSettings) {
+exports.checkAccess = async (padID, sessionCookie, token, userSettings) => {
   if (!padID) {
     authLogger.debug('access denied: missing padID');
     return DENY;