npm - @contrast/agent-bundle - Versions diffs - 5.39.1 → 5.41.0 - Mend

@contrast/agent-bundle 5.39.1 → 5.41.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (279) hide show

package/node_modules/@contrast/sec-obs/node_modules/@contrast/patcher/package.json DELETED Viewed

@@ -1,25 +0,0 @@
-{
-  "name": "@contrast/patcher",
-  "version": "1.25.0",
-  "description": "Advanced monkey patching--registers hooks to run in and around functions",
-  "license": "SEE LICENSE IN LICENSE",
-  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
-  "files": [
-    "lib/",
-    "!*.test.*",
-    "!tsconfig.*",
-    "!*.map"
-  ],
-  "main": "lib/index.js",
-  "types": "lib/index.d.ts",
-  "engines": {
-    "npm": ">=6.13.7 <7 || >= 8.3.1",
-    "node": ">= 16.9.1"
-  },
-  "scripts": {
-    "test": "bash ../scripts/test.sh"
-  },
-  "dependencies": {
-    "@contrast/logger": "1.26.0"
-  }
-}

package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/LICENSE DELETED Viewed

@@ -1,12 +0,0 @@
-Copyright: 2025 Contrast Security, Inc
-Contact: support@contrastsecurity.com
-License: Commercial
-NOTICE: This Software and the patented inventions embodied within may only be
-used as part of Contrast Security’s commercial offerings. Even though it is
-made available through public repositories, use of this Software is subject to
-the applicable End User Licensing Agreement found at
-https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
-between Contrast Security and the End User. The Software may not be reverse
-engineered, modified, repackaged, sold, redistributed or otherwise used in a
-way not consistent with the End User License Agreement.

package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/README.md DELETED Viewed

@@ -1,6 +0,0 @@
-## `@contrast/rewriter`
-Rewrite javascript code with custom rewrite transforms.
-For example, Assess will register transforms for `+` -> `ContrastMethods.add()`
-so that it can perform propagation via instrumentation of `ContrastMethods.add()`.

package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/lib/cache.js DELETED Viewed

@@ -1,318 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-// @ts-nocheck
-'use strict';
-const fs = require('node:fs');
-const fsPromises = require('node:fs/promises');
-const os = require('node:os');
-const path = require('node:path');
-const { version } = require('../package.json');
-const { primordials: { StringPrototypeReplace, StringPrototypeReplaceAll, FsReadFileSync } } = require('@contrast/common');
-/**
- * Returns the modification time of a file as a number.
- * @param {string} filename
- * @returns {Promise<number>}
- */
-const mtime = async (filename) => +(await fsPromises.stat(filename)).mtime;
-/**
- * Returns the modification time of a file as a number.
- * @param {string} filename
- * @returns {number}
- */
-const mtimeSync = (filename) => +fs.statSync(filename).mtime;
-module.exports.Cache = class Cache {
-  /**
-   * @param {import('.').Core} core
-   */
-  constructor(core) {
-    this.config = core.config;
-    this.logger = core.logger.child({ name: 'contrast:rewriter:cache' });
-    /** @type {Set<import('.').Mode>} */
-    this.modes = new Set();
-    this.appDirRegex = new RegExp(`^${StringPrototypeReplaceAll.call(core.appInfo.app_dir, '\\', '\\\\')}`);
-    this.cacheDir = path.join(
-      core.config.agent.node.rewrite.cache.path,
-      StringPrototypeReplace.call(core.appInfo.name, '/', '_'),
-      version,
-    );
-  }
-  /**
-   * Sets the rewriter to 'assess' or 'protect' mode, enabling different
-   * transforms.
-   * @param {import('.').Mode} mode
-   */
-  install(mode) {
-    this.modes.add(mode);
-  }
-  /**
-   * Returns the filename of a cached rewrite result. Paths within the `app_dir`
-   *  directory are nested under the `_` directory to prevent potential
-   *  collisions with absolute paths.
-   *   /path/to/app/node_modules/mod/index.js
-   *      -> '.contrast/app_name/5.1.2/assess/_/node_modules/mod/index.js
-   *   /somewhere/else/index.js
-   *      -> .contrast/app_name/5.1.2/assess/somewhere/else/index.js
-   * @param {string} filename
-   * @returns {string}
-   */
-  getCachedFilename(filename) {
-    filename = StringPrototypeReplace.call(filename, this.appDirRegex, '_');
-    if (os.platform() === 'win32') {
-      filename = StringPrototypeReplace.call(filename, /^([A-Za-z]):/, '$1_');
-    }
-    return path.join(
-      this.cacheDir,
-      this.modes.has('assess') ? 'assess' : 'protect',
-      filename,
-    );
-  }
-  /**
-   * Looks up and returns the cached filename for a previously rewritten file
-   * asynchronously.
-   * @param {string} filename
-   * @returns {Promise<string | undefined>}
-   */
-  async find(filename) {
-    const filenameCached = this.getCachedFilename(filename);
-    try {
-      const [time, timeCached] = await Promise.all([mtime(filename), mtime(filenameCached)]);
-      if (time > timeCached) {
-        this.logger.trace(
-          {
-            filename,
-            filenameCached,
-            mtime: time,
-            mtimeCached: timeCached,
-          },
-          'Cache stale, falling back to compiling.'
-        );
-        return undefined;
-      }
-      this.logger.trace(
-        {
-          filename,
-          filenameCached,
-          mtime: time,
-          mtimeCached: timeCached,
-        },
-        'Cache current.'
-      );
-      return filenameCached;
-    } catch (err) {
-      // @ts-expect-error ts treats errors poorly.
-      if (err.code !== 'ENOENT') {
-        this.logger.error(
-          { err, filename, filenameCached },
-          'An unexpected error occurred, falling back to compiling.'
-        );
-      } else {
-        this.logger.trace(
-          { filename, filenameCached },
-          'Cache miss, falling back to compiling.',
-        );
-      }
-      return undefined;
-    }
-  }
-  /**
-   * Looks up and returns the source map for a previously rewritten file.
-   * @param {string} filename
-   * @returns {Promise<string | undefined>}
-   */
-  async readMap(filename) {
-    const filenameCached = this.getCachedFilename(filename);
-    const sourceMap = `${filenameCached}.map`;
-    try {
-      return fsPromises.readFile(sourceMap, 'utf8');
-    } catch (err) {
-      // @ts-expect-error ts treats errors poorly.
-      if (err.code !== 'ENOENT') {
-        this.logger.warn(
-          { err, filename, filenameCached, sourceMap },
-          'An unexpected error occurred finding source map.'
-        );
-      }
-      return undefined;
-    }
-  }
-  /**
-   * Looks up and returns the string content of a previously rewritten file
-   * synchronously. Used when we need to block on cache lookups.
-   * @param {string} filename
-   * @returns {string | undefined}
-   */
-  readSync(filename) {
-    const filenameCached = this.getCachedFilename(filename);
-    try {
-      const time = mtimeSync(filename);
-      const timeCached = mtimeSync(filenameCached);
-      if (time > timeCached) {
-        this.logger.trace(
-          {
-            filename,
-            filenameCached,
-            mtime: time,
-            mtimeCached: timeCached,
-          },
-          'Cache stale, falling back to compiling.'
-        );
-        return undefined;
-      }
-      this.logger.trace(
-        {
-          filename,
-          filenameCached,
-          mtime: time,
-          mtimeCached: timeCached,
-        },
-        'Cache current.'
-      );
-      return FsReadFileSync(filenameCached, 'utf8');
-    } catch (err) {
-      // @ts-expect-error ts treats errors poorly.
-      if (err.code !== 'ENOENT') {
-        this.logger.error(
-          { err, filename, filenameCached },
-          'An unexpected error occurred, falling back to compiling.'
-        );
-      } else {
-        this.logger.trace(
-          { filename, filenameCached },
-          'Cache miss, falling back to compiling.',
-        );
-      }
-      return undefined;
-    }
-  }
-  /**
-   * Synchronously writes a rewritten file to the cache directory. This is
-   * intended for use by require instrumentation because require is a sync
-   * operation.
-   *
-   * Incorrectly using the .write() method for require can result in the
-   * "unexpected end-of-file" error or rewriting the same file multiple
-   * times because it's required again before the write operation has
-   * completed.
-   *
-   * @param {string} filename
-   * @param {import('@swc/core').Output} result
-   * @returns {void}
-   */
-  writeSync(filename, result) {
-    const filenameCached = this.getCachedFilename(filename);
-    try {
-      fs.mkdirSync(path.dirname(filenameCached), { recursive: true });
-      fs.writeFileSync(filenameCached, result.code, 'utf8');
-      if (result.map) {
-        fs.writeFileSync(`${filenameCached}.map`, result.map, 'utf8');
-      }
-      this.logger.trace(
-        {
-          filename,
-          filenameCached,
-        },
-        'Cache entry created.'
-      );
-    } catch (err) {
-      this.logger.warn(
-        {
-          err,
-          filename,
-          filenameCached,
-        },
-        'Unable to cache rewrite results.'
-      );
-    }
-  }
-  /**
-   * Asynchronously writes a rewritten file to the cache directory. This is
-   * intended for use by import instrumentation because import is an async
-   * operation.
-   *
-   * The caller should await this method to ensure that the cache is written
-   * before proceeding. If the caller doesn't wait, it's possible that the
-   * code will attempt to read a half-written file and get an "unexpected
-   * end-of-file" error or that the same file will be rewritten because it's
-   * required again before the file appears in the file system.
-   *
-   * @param {string} filename
-   * @param {import('@swc/core').Output} result
-   * @returns {Promise<void>}
-   */
-  async write(filename, result) {
-    const filenameCached = this.getCachedFilename(filename);
-    try {
-      await fsPromises.mkdir(path.dirname(filenameCached), { recursive: true });
-      const writePromises = [
-        fsPromises.writeFile(filenameCached, result.code, 'utf8')
-      ];
-      if (result.map) {
-        writePromises.push(
-          fsPromises.writeFile(`${filenameCached}.map`, result.map, 'utf8')
-        );
-      }
-      await Promise.all(writePromises);
-      this.logger.trace(
-        {
-          filename,
-          filenameCached,
-        },
-        'Cache entry created.'
-      );
-    } catch (err) {
-      this.logger.warn(
-        {
-          err,
-          filename,
-          filenameCached,
-        },
-        'Unable to cache rewrite results.'
-      );
-    }
-  }
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/rewriter/lib/index.js DELETED Viewed

@@ -1,216 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-// @ts-check
-'use strict';
-const Module = require('node:module');
-const { arch, platform } = require('node:os');
-const path = require('node:path');
-const { parseSync, transform, transformSync } = require('@swc/core');
-const { primordials: { StringPrototypeReplace, StringPrototypeSubstring } } = require('@contrast/common');
-const { Cache } = require('./cache');
-/**
- * @typedef {Object} Core
- * @prop {import('@contrast/common').AppInfo} appInfo
- * @prop {import('@contrast/config').Config} config
- * @prop {import('@contrast/logger').Logger} logger
- */
-/**
- * @typedef {'assess' | 'protect'} Mode
- */
-/**
- * @typedef {Object} RewriteOpts
- * @prop {string=} filename e.g. 'index.js'
- * @prop {boolean=} isModule if true, file is parsed as an ES module instead of a CJS script
- * @prop {boolean=} inject if true, injects ContrastMethods on the global object
- * @prop {boolean=} wrap if true, wraps the content with a modified module wrapper IIFE
- * @prop {boolean=} minify if true, minifies the output when source maps are enabled
- */
-// @ts-expect-error `wrapper` is missing from @types/node.
-const prefix = Module.wrapper[0];
-// @ts-expect-error `wrapper` is missing from @types/node, primordials overloads are poorly handled.
-const suffix = StringPrototypeReplace.call(Module.wrapper[1], /;$/, '.apply(this, arguments);');
-// @ts-expect-error `@contrast/agent-swc-plugin` .d.ts file doesn't exist.
-const { defaultRewriter, defaultUnwriter } = require('@contrast/agent-swc-plugin');
-/**
- * Wraps the source content as necessary to support rewriting.
- * Wrapping must occur before rewriting since the underlying rewriter cannot
- * parse certain valid statements such as `return` statements in a CJS script.
- * @param {string} content
- * @returns {string}
- */
-const wrap = (content) => {
-  let shebang = '';
-  // The shebang will be commented out since it cannot be present in a
-  // function body. swc doesn't include the commented shebang in the generated
-  // code despite including comments otherwise.
-  if (content.charAt(0) === '#') {
-    shebang = StringPrototypeSubstring.call(content, 0, content.indexOf('\n') + 1);
-    content = `//${content}`;
-  }
-  content = `${shebang}${prefix}${content}${suffix}`;
-  return content;
-};
-class Rewriter {
-  /**
-   * @param {Core} core
-   */
-  constructor(core) {
-    this.core = core;
-    this.logger = core.logger.child({ name: 'contrast:rewriter' });
-    /** @type {Set<Mode>} */
-    this.modes = new Set();
-    this.cache = new Cache(core);
-  }
-  /**
-   * Sets the rewriter to 'assess' or 'protect' mode, enabling different
-   * transforms.
-   * @param {Mode} mode
-   */
-  install(mode) {
-    this.logger.trace('installing rewriter mode: %s', mode);
-    this.modes.add(mode);
-    this.cache.install(mode);
-  }
-  /**
-   * @param {RewriteOpts} opts
-   * @returns {import('@swc/core').Options}
-   */
-  rewriteConfig(opts) {
-    const nodeCfg = this.core.config.agent.node;
-    const sourceMaps = nodeCfg.source_maps.enable;
-    const minify = opts.minify && nodeCfg.source_maps.enable && nodeCfg.rewrite.minify;
-    return {
-      swcrc: false,
-      filename: opts.filename,
-      isModule: opts.isModule,
-      env: {
-        targets: {
-          node: process.versions.node,
-        },
-      },
-      jsc: {
-        experimental: {
-          plugins: [[defaultRewriter, {
-            assess: this.modes.has('assess'),
-            inject: opts.inject,
-          }]],
-          cacheRoot: path.join(nodeCfg.rewrite.cache.path, '.swc'),
-        },
-        // disable most of the more invasive options.
-        // see: https://terser.org/docs/options/#compress-options
-        minify: minify ? { compress: { defaults: false } } : undefined
-      },
-      minify,
-      sourceMaps,
-    };
-  }
-  /**
-   * Rewrites the provided source code string asynchronously. this is used in an ESM
-   * context. CJS cannot use this because `require` is synchronous.
-   *
-   * @param {string} content
-   * @param {RewriteOpts=} opts
-   * @returns {Promise<import('@swc/core').Output>} with possibly modified source map.
-   */
-  async rewrite(content, opts = {}) {
-    this.logger.trace({ opts }, 'rewriting %s', opts.filename);
-    if (opts.wrap) {
-      content = wrap(content);
-    }
-    return transform(content, this.rewriteConfig(opts));
-  }
-  /**
-   * Rewrites the provided source code string synchronously. this is used in a CJS
-   * context. while ESM could use this, performance is better when using the async
-   * version.
-   *
-   * @param {string} content
-   * @param {RewriteOpts=} opts
-   * @returns {import('@swc/core').Output} with possibly modified source map.
-   */
-  rewriteSync(content, opts = {}) {
-    this.logger.trace({ opts }, 'rewriting %s', opts.filename);
-    if (opts.wrap) {
-      content = wrap(content);
-    }
-    return transformSync(content, this.rewriteConfig(opts));
-  }
-  /**
-   * Removes contrast-related rewritten code from provided source code string.
-   * @param {string} content
-   * @returns {string}
-   */
-  unwriteSync(content) {
-    return transformSync(content, {
-      swcrc: false,
-      env: {
-        targets: {
-          node: process.versions.node,
-        },
-      },
-      jsc: {
-        experimental: {
-          plugins: [[defaultUnwriter, {}]],
-        },
-      },
-      sourceMaps: false,
-    }).code;
-  }
-}
-/**
- * @param {Core & { rewriter?: Rewriter; }} core
- * @returns {Rewriter}
- */
-module.exports = function init(core) {
-  // Check that the correct bindings for `swc` are installed, throwing and
-  // stopping instrumentation if not.
-  try {
-    parseSync('');
-  } catch (cause) {
-    // @ts-expect-error TS hates errors.
-    throw cause.message === 'Bindings not found.'
-      ? new Error(
-        `Contrast cannot detect the correct precompiled dependencies for the current environment: ${platform()}-${arch()}. This typically occurs when deploying an installation from one environment to a different execution environment.`,
-        // @ts-expect-error `cause` requires ts to target es2022 or above, which corresponds to Node 17+, despite being added to Node in 16.9.
-        { cause },
-      )
-      : cause;
-  }
-  core.rewriter = new Rewriter(core);
-  return core.rewriter;
-};
-module.exports.Rewriter = Rewriter;