npm - @anomira/node-sdk - Versions diffs - 0.1.0 → 0.1.2 - Mend

@anomira/node-sdk 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +131 -0
package/package.json +29 -15

package/README.md ADDED Viewed

@@ -0,0 +1,131 @@
+# @anomira/node-sdk
+Drop-in API security monitoring for Node.js. Detect brute force, credential stuffing, account takeover, data scraping, path traversal, XSS, geo-velocity attacks, and more — in real time.
+## Install
+```bash
+npm install @anomira/node-sdk
+```
+## Quick Start
+```ts
+import { SentinelAPI } from "@anomira/node-sdk";
+const sentinel = new SentinelAPI({
+  apiKey: process.env.ANOMIRA_API_KEY!,
+  appId:  process.env.ANOMIRA_APP_ID!,
+});
+```
+## Express
+```ts
+import express from "express";
+import { SentinelAPI } from "@anomira/node-sdk";
+const app = express();
+const sentinel = new SentinelAPI({
+  apiKey: process.env.ANOMIRA_API_KEY!,
+  appId:  process.env.ANOMIRA_APP_ID!,
+});
+// Add as global middleware — must come before your routes
+app.use(sentinel.express());
+app.listen(3000);
+```
+## Fastify
+```ts
+import Fastify from "fastify";
+import { SentinelAPI } from "@anomira/node-sdk";
+const app = Fastify();
+const sentinel = new SentinelAPI({
+  apiKey: process.env.ANOMIRA_API_KEY!,
+  appId:  process.env.ANOMIRA_APP_ID!,
+});
+await app.register(sentinel.fastify());
+app.listen({ port: 3000 });
+```
+## Manual Event Tracking
+```ts
+// Track a failed OTP attempt
+sentinel.track("auth.otp.failed", {
+  ip:     req.ip,
+  userId: req.body.phone,
+  meta:   { endpoint: "/api/verify-otp" },
+});
+// Track a login and run geo-velocity check automatically
+await sentinel.trackLogin({ ip: req.ip, userId: user.id });
+// Track phone-based auth (SIM swap detection)
+sentinel.trackPhoneAuth({ ip: req.ip, userId: user.id, phone: user.phone });
+```
+## Structured Logging
+```ts
+sentinel.log("info",  "User registered",        { userId: user.id });
+sentinel.log("warn",  "Slow DB query",           { queryMs: 1240 });
+sentinel.log("error", "Payment failed",          { reason: err.message });
+```
+## Blocklist & Firewall
+The SDK syncs your blocklist and firewall rules from the dashboard every 60 seconds. In your own middleware you can check:
+```ts
+if (sentinel.isBlocked(req.ip)) {
+  return res.status(403).json({ error: "Forbidden" });
+}
+const match = sentinel.matchFirewallRule({
+  url:     req.url,
+  body:    req.body,
+  headers: req.headers as Record<string, string>,
+  ip:      req.ip,
+});
+if (match?.rule.action === "block") {
+  return res.status(403).json({ error: "Blocked by firewall rule" });
+}
+```
+## Secret Scanner CLI
+Scan your codebase for hardcoded secrets, API keys, and PII before they reach production:
+```bash
+npx anomira scan ./src
+```
+Exit code `1` if violations are found — CI/CD compatible.
+## Configuration
+| Option | Type | Default | Description |
+|---|---|---|---|
+| `apiKey` | `string` | — | Your Anomira API key (required) |
+| `appId` | `string` | — | Your Anomira app ID (required) |
+| `ingestUrl` | `string` | Anomira cloud | Custom ingest endpoint |
+| `debug` | `boolean` | `false` | Log SDK activity to console |
+| `captureConsole` | `boolean` | `false` | Forward `console.*` calls to the Logs dashboard |
+| `service` | `string` | `"app"` | Service name tag for logs |
+| `detect.bruteForce` | `boolean` | `true` | Detect brute force login attempts |
+| `detect.rateAbuse` | `boolean` | `true` | Detect rate limit abuse |
+| `detect.pathTraversal` | `boolean` | `true` | Detect path traversal attempts |
+| `detect.xss` | `boolean` | `true` | Detect XSS in request bodies |
+| `detect.scanDetection` | `boolean` | `true` | Detect scanner/bot probing |
+| `detect.geoVelocity` | `boolean` | `true` | Detect impossible travel between logins |
+## License
+MIT

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@anomira/node-sdk",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "Anomira Node.js SDK — drop-in API security monitoring for Express and Fastify",
   "author": "Anomira <sdk@anomira.io>",
   "license": "MIT",
@@ -17,35 +17,49 @@
       }
     }
   },
-  "main":  "./dist/index.cjs",
+  "main": "./dist/index.cjs",
   "module": "./dist/index.js",
   "types": "./dist/index.d.ts",
-  "files": ["dist", "README.md"],
+  "files": [
+    "dist",
+    "README.md"
+  ],
   "bin": {
     "anomira": "./dist/cli.js"
   },
   "scripts": {
-    "build":     "tsup",
-    "dev":       "tsup --watch",
+    "build": "tsup",
+    "dev": "tsup --watch",
     "typecheck": "tsc -p tsconfig.json --noEmit",
-    "test":      "vitest run",
-    "test:watch":"vitest"
+    "test": "vitest run",
+    "test:watch": "vitest"
   },
   "dependencies": {},
   "devDependencies": {
-    "@types/node":         "^20.12.12",
-    "@types/express":      "^4.17.21",
-    "typescript":          "^5.4.5",
-    "tsup":                "^8.0.2",
-    "vitest":              "^1.6.0"
+    "@types/node": "^20.12.12",
+    "@types/express": "^4.17.21",
+    "typescript": "^5.4.5",
+    "tsup": "^8.0.2",
+    "vitest": "^1.6.0"
   },
   "peerDependencies": {
     "express": ">=4.0.0",
     "fastify": ">=4.0.0"
   },
   "peerDependenciesMeta": {
-    "express": { "optional": true },
-    "fastify": { "optional": true }
+    "express": {
+      "optional": true
+    },
+    "fastify": {
+      "optional": true
+    }
   },
-  "keywords": ["security", "api", "monitoring", "anomira", "fraud-detection", "api-security"]
+  "keywords": [
+    "security",
+    "api",
+    "monitoring",
+    "anomira",
+    "fraud-detection",
+    "api-security"
+  ]
 }