@ceon-oy/monitor-sdk 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +261 -0
- package/dist/index.d.mts +241 -0
- package/dist/index.d.ts +241 -0
- package/dist/index.js +605 -0
- package/dist/index.mjs +575 -0
- package/package.json +50 -0
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,241 @@
|
|
|
1
|
+
type Severity = 'DEBUG' | 'INFO' | 'WARNING' | 'ERROR' | 'CRITICAL';
|
|
2
|
+
type TechnologyType = 'FRAMEWORK' | 'LIBRARY' | 'DATABASE' | 'RUNTIME' | 'TOOL' | 'OTHER';
|
|
3
|
+
type SecurityCategory = 'AUTHENTICATION' | 'AUTHORIZATION' | 'RATE_LIMIT' | 'INPUT_VALIDATION' | 'SUSPICIOUS_ACTIVITY';
|
|
4
|
+
type SecuritySeverity = 'LOW' | 'MEDIUM' | 'HIGH' | 'CRITICAL';
|
|
5
|
+
interface DependencySource {
|
|
6
|
+
path: string;
|
|
7
|
+
environment: string;
|
|
8
|
+
}
|
|
9
|
+
interface MonitorClientConfig {
|
|
10
|
+
/** API key for authentication (required, format: cm_xxx) */
|
|
11
|
+
apiKey: string;
|
|
12
|
+
/** Endpoint URL for the monitoring server (required, must be HTTP/HTTPS) */
|
|
13
|
+
endpoint: string;
|
|
14
|
+
/** Environment label (default: 'production') */
|
|
15
|
+
environment?: string;
|
|
16
|
+
/** Number of errors to batch before sending (default: 10, min: 1) */
|
|
17
|
+
batchSize?: number;
|
|
18
|
+
/** Interval in ms between automatic flushes (default: 5000, min: 1000) */
|
|
19
|
+
flushIntervalMs?: number;
|
|
20
|
+
/** Whether to track package.json dependencies (default: false) */
|
|
21
|
+
trackDependencies?: boolean;
|
|
22
|
+
/** Path to package.json for dependency tracking */
|
|
23
|
+
packageJsonPath?: string;
|
|
24
|
+
/** Multiple dependency sources with environment labels */
|
|
25
|
+
dependencySources?: DependencySource[];
|
|
26
|
+
/** Glob patterns for packages to exclude from tracking */
|
|
27
|
+
excludePatterns?: string[];
|
|
28
|
+
/** Maximum queue size to prevent memory exhaustion (default: 1000) */
|
|
29
|
+
maxQueueSize?: number;
|
|
30
|
+
/** Maximum retry attempts for failed sends (default: 3) */
|
|
31
|
+
maxRetries?: number;
|
|
32
|
+
/** Request timeout in ms (default: 10000) */
|
|
33
|
+
requestTimeoutMs?: number;
|
|
34
|
+
}
|
|
35
|
+
interface TechnologyItem {
|
|
36
|
+
name: string;
|
|
37
|
+
version: string;
|
|
38
|
+
type?: TechnologyType;
|
|
39
|
+
}
|
|
40
|
+
interface ErrorContext {
|
|
41
|
+
severity?: Severity;
|
|
42
|
+
route?: string;
|
|
43
|
+
method?: string;
|
|
44
|
+
statusCode?: number;
|
|
45
|
+
userAgent?: string;
|
|
46
|
+
ip?: string;
|
|
47
|
+
requestId?: string;
|
|
48
|
+
metadata?: Record<string, unknown>;
|
|
49
|
+
}
|
|
50
|
+
interface ErrorPayload {
|
|
51
|
+
severity: Severity;
|
|
52
|
+
message: string;
|
|
53
|
+
stack?: string;
|
|
54
|
+
environment: string;
|
|
55
|
+
route?: string;
|
|
56
|
+
method?: string;
|
|
57
|
+
statusCode?: number;
|
|
58
|
+
userAgent?: string;
|
|
59
|
+
ip?: string;
|
|
60
|
+
requestId?: string;
|
|
61
|
+
metadata?: Record<string, unknown>;
|
|
62
|
+
}
|
|
63
|
+
interface SecurityEventInput {
|
|
64
|
+
eventType: string;
|
|
65
|
+
category: SecurityCategory;
|
|
66
|
+
severity: SecuritySeverity;
|
|
67
|
+
ip?: string;
|
|
68
|
+
identifier?: string;
|
|
69
|
+
endpoint?: string;
|
|
70
|
+
userAgent?: string;
|
|
71
|
+
metadata?: Record<string, unknown>;
|
|
72
|
+
}
|
|
73
|
+
interface SecurityEventPayload extends SecurityEventInput {
|
|
74
|
+
environment: string;
|
|
75
|
+
}
|
|
76
|
+
interface BruteForceDetectionResult {
|
|
77
|
+
detected: boolean;
|
|
78
|
+
pattern: string;
|
|
79
|
+
count: number;
|
|
80
|
+
threshold: number;
|
|
81
|
+
timeWindowMinutes: number;
|
|
82
|
+
ip?: string;
|
|
83
|
+
identifier?: string;
|
|
84
|
+
}
|
|
85
|
+
type VulnerabilitySeverity = 'info' | 'low' | 'moderate' | 'high' | 'critical';
|
|
86
|
+
interface VulnerabilityItem {
|
|
87
|
+
packageName: string;
|
|
88
|
+
severity: VulnerabilitySeverity;
|
|
89
|
+
title: string;
|
|
90
|
+
url?: string;
|
|
91
|
+
vulnerableRange?: string;
|
|
92
|
+
installedVersion?: string;
|
|
93
|
+
patchedVersions?: string;
|
|
94
|
+
path?: string;
|
|
95
|
+
recommendation?: string;
|
|
96
|
+
cwe?: string[];
|
|
97
|
+
cvss?: number;
|
|
98
|
+
isFixable?: boolean;
|
|
99
|
+
isDirect?: boolean;
|
|
100
|
+
}
|
|
101
|
+
interface AuditResult {
|
|
102
|
+
environment: string;
|
|
103
|
+
totalDeps: number;
|
|
104
|
+
vulnerabilities: VulnerabilityItem[];
|
|
105
|
+
scanDurationMs: number;
|
|
106
|
+
}
|
|
107
|
+
interface AuditSummary {
|
|
108
|
+
scanId: string;
|
|
109
|
+
processed: number;
|
|
110
|
+
resolved: number;
|
|
111
|
+
summary: {
|
|
112
|
+
critical: number;
|
|
113
|
+
high: number;
|
|
114
|
+
moderate: number;
|
|
115
|
+
low: number;
|
|
116
|
+
info: number;
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
declare class MonitorClient {
|
|
121
|
+
private apiKey;
|
|
122
|
+
private endpoint;
|
|
123
|
+
private environment;
|
|
124
|
+
private batchSize;
|
|
125
|
+
private flushIntervalMs;
|
|
126
|
+
private queue;
|
|
127
|
+
private flushTimer;
|
|
128
|
+
private isClosed;
|
|
129
|
+
private trackDependencies;
|
|
130
|
+
private packageJsonPath?;
|
|
131
|
+
private dependencySources?;
|
|
132
|
+
private excludePatterns;
|
|
133
|
+
private maxQueueSize;
|
|
134
|
+
private maxRetries;
|
|
135
|
+
private retryCount;
|
|
136
|
+
private isFlushInProgress;
|
|
137
|
+
private requestTimeoutMs;
|
|
138
|
+
constructor(config: MonitorClientConfig);
|
|
139
|
+
captureError(error: Error, context?: ErrorContext): Promise<void>;
|
|
140
|
+
captureMessage(message: string, severity?: Severity, context?: ErrorContext): Promise<void>;
|
|
141
|
+
flush(): Promise<void>;
|
|
142
|
+
private getErrorKey;
|
|
143
|
+
close(): Promise<void>;
|
|
144
|
+
private enqueue;
|
|
145
|
+
/**
|
|
146
|
+
* Fetch with timeout to prevent hanging requests
|
|
147
|
+
*/
|
|
148
|
+
private fetchWithTimeout;
|
|
149
|
+
private sendSingle;
|
|
150
|
+
private sendBatch;
|
|
151
|
+
private startFlushTimer;
|
|
152
|
+
private stopFlushTimer;
|
|
153
|
+
syncDependencies(): Promise<void>;
|
|
154
|
+
syncTechnologies(technologies: TechnologyItem[]): Promise<void>;
|
|
155
|
+
private readPackageJson;
|
|
156
|
+
private readPackageJsonFromPath;
|
|
157
|
+
private shouldExclude;
|
|
158
|
+
private sendTechnologies;
|
|
159
|
+
private sendTechnologiesWithEnvironment;
|
|
160
|
+
/**
|
|
161
|
+
* Capture a security event (auth failures, rate limits, suspicious activity, etc.)
|
|
162
|
+
* Returns brute force warning if pattern is detected
|
|
163
|
+
*/
|
|
164
|
+
captureSecurityEvent(input: SecurityEventInput): Promise<{
|
|
165
|
+
warning?: BruteForceDetectionResult;
|
|
166
|
+
}>;
|
|
167
|
+
/**
|
|
168
|
+
* Capture a login failure event (convenience method)
|
|
169
|
+
*/
|
|
170
|
+
captureLoginFailure(options: {
|
|
171
|
+
ip?: string;
|
|
172
|
+
identifier?: string;
|
|
173
|
+
endpoint?: string;
|
|
174
|
+
userAgent?: string;
|
|
175
|
+
reason?: string;
|
|
176
|
+
authMethod?: 'password' | 'magic_link' | 'oauth' | 'azure_ad' | 'google' | 'other';
|
|
177
|
+
}): Promise<{
|
|
178
|
+
warning?: BruteForceDetectionResult;
|
|
179
|
+
}>;
|
|
180
|
+
/**
|
|
181
|
+
* Capture a successful login event
|
|
182
|
+
*/
|
|
183
|
+
captureLoginSuccess(options: {
|
|
184
|
+
ip?: string;
|
|
185
|
+
identifier?: string;
|
|
186
|
+
endpoint?: string;
|
|
187
|
+
userAgent?: string;
|
|
188
|
+
authMethod?: 'password' | 'magic_link' | 'oauth' | 'azure_ad' | 'google' | 'other';
|
|
189
|
+
}): Promise<void>;
|
|
190
|
+
/**
|
|
191
|
+
* Capture a rate limit event
|
|
192
|
+
*/
|
|
193
|
+
captureRateLimit(options: {
|
|
194
|
+
ip?: string;
|
|
195
|
+
identifier?: string;
|
|
196
|
+
endpoint?: string;
|
|
197
|
+
userAgent?: string;
|
|
198
|
+
limit?: number;
|
|
199
|
+
window?: string;
|
|
200
|
+
}): Promise<void>;
|
|
201
|
+
/**
|
|
202
|
+
* Capture an authorization failure (user tried to access unauthorized resource)
|
|
203
|
+
*/
|
|
204
|
+
captureAuthorizationFailure(options: {
|
|
205
|
+
ip?: string;
|
|
206
|
+
identifier?: string;
|
|
207
|
+
endpoint?: string;
|
|
208
|
+
userAgent?: string;
|
|
209
|
+
resource?: string;
|
|
210
|
+
action?: string;
|
|
211
|
+
}): Promise<void>;
|
|
212
|
+
/**
|
|
213
|
+
* Check if an IP or identifier has triggered brute force detection
|
|
214
|
+
*/
|
|
215
|
+
checkBruteForce(options: {
|
|
216
|
+
ip?: string;
|
|
217
|
+
identifier?: string;
|
|
218
|
+
timeWindowMinutes?: number;
|
|
219
|
+
threshold?: number;
|
|
220
|
+
}): Promise<BruteForceDetectionResult>;
|
|
221
|
+
/**
|
|
222
|
+
* Run npm audit and send results to the monitoring server.
|
|
223
|
+
* This scans the project for known vulnerabilities in dependencies.
|
|
224
|
+
*
|
|
225
|
+
* @param options.projectPath - Path to the project directory (defaults to cwd)
|
|
226
|
+
* @param options.environment - Environment label (defaults to client environment)
|
|
227
|
+
* @returns Audit summary with vulnerability counts
|
|
228
|
+
*/
|
|
229
|
+
auditDependencies(options?: {
|
|
230
|
+
projectPath?: string;
|
|
231
|
+
environment?: string;
|
|
232
|
+
}): Promise<AuditSummary | null>;
|
|
233
|
+
/**
|
|
234
|
+
* Parse npm audit JSON output into vulnerability items
|
|
235
|
+
*/
|
|
236
|
+
private parseNpmAuditOutput;
|
|
237
|
+
private getFixVersion;
|
|
238
|
+
private getRecommendation;
|
|
239
|
+
}
|
|
240
|
+
|
|
241
|
+
export { type AuditResult, type AuditSummary, type BruteForceDetectionResult, type DependencySource, type ErrorContext, type ErrorPayload, MonitorClient, type MonitorClientConfig, type SecurityCategory, type SecurityEventInput, type SecurityEventPayload, type SecuritySeverity, type Severity, type TechnologyItem, type TechnologyType, type VulnerabilityItem, type VulnerabilitySeverity };
|