npm - @contrast/agent-bundle - Versions diffs - 5.40.0 → 5.42.0 - Mend

@contrast/agent-bundle 5.40.0 → 5.42.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (290) hide show

package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/lib/validators.js DELETED Viewed

@@ -1,23 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-// Abusing the `validators` pattern to allow us to log after core has been set up.
-module.exports.config = function config(core) {
-  core.config._logs.forEach(({ level, obj, msg, args = [] }) => {
-    core.logger[level](obj, msg, ...args);
-  });
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/config/package.json DELETED Viewed

@@ -1,27 +0,0 @@
-{
-  "name": "@contrast/config",
-  "version": "1.48.0",
-  "description": "An API for discovering Contrast agent configuration data",
-  "license": "SEE LICENSE IN LICENSE",
-  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
-  "files": [
-    "lib/",
-    "!*.test.*",
-    "!tsconfig.*",
-    "!*.map"
-  ],
-  "main": "lib/index.js",
-  "types": "lib/index.d.ts",
-  "engines": {
-    "npm": ">=6.13.7 <7 || >= 8.3.1",
-    "node": ">= 16.9.1"
-  },
-  "scripts": {
-    "test": "bash ../scripts/test.sh"
-  },
-  "dependencies": {
-    "@contrast/common": "1.33.0",
-    "@contrast/core": "1.53.0",
-    "yaml": "^2.2.2"
-  }
-}

package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/LICENSE DELETED Viewed

@@ -1,12 +0,0 @@
-Copyright: 2025 Contrast Security, Inc
-Contact: support@contrastsecurity.com
-License: Commercial
-NOTICE: This Software and the patented inventions embodied within may only be
-used as part of Contrast Security’s commercial offerings. Even though it is
-made available through public repositories, use of this Software is subject to
-the applicable End User Licensing Agreement found at
-https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
-between Contrast Security and the End User. The Software may not be reverse
-engineered, modified, repackaged, sold, redistributed or otherwise used in a
-way not consistent with the End User License Agreement.

package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/README.md DELETED Viewed

@@ -1,98 +0,0 @@
-# `@contrast/core`
-Discovers Contrast configuration data (yaml, env vars, etc) and preconfigures a common set of APIs to be used for agent and tooling development.
-## Basic Usage
-The module exports a factory function.
-```typescript
-const core = require('@contrast/core')();
-```
-### What You Get
-- Logging
-  ```typescript
-  core.logger.info('...');
-  ```
-  See more about the `@contrast/logger` service [here](../logger/README.md).
-- Monkey-patching
-  ```typescript
-  core.patcher.patch(res, 'end', {
-    name: 'http.ServerResponse.end',
-    patchType: 'http-things',
-    pre(data) {
-      // ...
-    }
-  });
-  ```
-  See more about the `@contrast/patcher` service [here](../patcher/README.md).
-- Code rewriting
-  ```typescript
-  core.rewriter.addTransforms({
-    CallExpression(path, state) {
-      // ...
-    };
-  });
-  core.rewriter.rewrite('function() { ...');
-  ```
-  See more about the `@contrast/rewriter` service [here](../rewriter/README.md).
-- Dependency hooks
-  ```typescript
-  core.depHooks.resolve({ name: 'http' }, http => {
-    // implemention details
-  });
-  ```
-  See more about the `@contrast/dep-hooks` service [here](../dep-hooks/README.md).
-- Models and factories
-  The construction of model data _can_ rely on configuration and therefore can be stateful. So, we provide the models and their factories as services that can be used by consumers as if static.
-  ```typescript
-  // stackframe filtration is configurable, thus stateful
-  const snap = core.models.StacktraceFactory.createSnapshot();
-  const frames = snap();
-  ```
-  See more about the `@contrast/models` service [here](../models/README.md).
-- Report messages
-  ```typescript
-  // configuration will tell which reporters become active
-  core.reporters.install();
-  core.messages.emit('ProtectInputTracingEvent', { ... });
-  ```
-  See more about the `@contrast/reporter` service [here](../reporter/README.md).
-- Other stuff
-  There are some utility-type functions that rely on configuration state.
-  ```typescript
-  // This uses core.config.stack_trace_filters (new to v5)
-  core.isAgentPath('/foo');
-  ```
-## Related
-- `@contrast/agentify`: Integrate core services and instrumentation into an application. See more [here](../agentify/README.md).
-<br><br>

package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/agent-info.js DELETED Viewed

@@ -1,36 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { randomUUID } = require('crypto');
-const { name: agentName, version: agentVersion } = require('../package.json');
-module.exports = function init(core) {
-  // default to name and version of core
-  if (!core.agentName) {
-    core.agentName = agentName;
-  }
-  if (!core.agentVersion) {
-    core.agentVersion = agentVersion;
-  }
-  // default to a new random UUID
-  if (!core.reportingInstance) {
-    core.reportingInstance = randomUUID();
-  }
-  return core;
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/app-info.js DELETED Viewed

@@ -1,233 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const os = require('os');
-const fs = require('fs');
-const path = require('path');
-const semver = require('semver');
-const process = require('process');
-const { IntentionalError, primordials: { ArrayPrototypeJoin } } = require('@contrast/common');
-const { findPackageJsonSync } = require('@contrast/find-package-json');
-/**
- * @typedef {Object} PackageInfo
- * @property {string} dir - the directory containing the `package.json`
- * @property {object} packageData - parsed package contents
- * @property {string} packageFile - filename of `package.json` (abs path)
-*/
-module.exports = function (core) {
-  const { logger, config } = core;
-  const { app_root, cmd_ignore_list, exclusive_entrypoint } = config.agent.node;
-  checkPreLoadFlag();
-  const cmd = getCommand();
-  const pkgInfo = getPackageInfo();
-  const entrypoint = getEntrypoint();
-  const name = getApplicationName();
-  core.appInfo = {
-    // dedupe this? - it's already in systemInfo
-    os: {
-      type: os.type(),
-      platform: os.platform(),
-      architecture: os.arch(),
-      release: os.release(),
-    },
-    cmd,
-    hostname: os.hostname(),
-    indexFile: entrypoint,
-    path: pkgInfo.packageFile,
-    pkg: pkgInfo.packageData,
-    name,
-    app_dir: pkgInfo.dir,
-    version: config.application.version || pkgInfo.packageData.version,
-    serverVersion: config.server.version,
-    nodeVersion: process.version,
-    appPath: config.application.path || pkgInfo.dir,
-    serverName: config.server.name,
-    serverType: config.server.type,
-    serverEnvironment: config.server.environment,
-    group: config.application.group,
-    metadata: config.application.metadata,
-  };
-  // by convention return the object
-  return core.appInfo;
-  function checkPreLoadFlag() {
-    const {
-      version,
-      execArgv,
-      env: { NODE_OPTIONS },
-    } = process;
-    [
-      { range: '>=18.19.0', flags: ['--import'] },
-      { range: '>=16.17.0 <18.19.0', flags: ['--loader'] },
-      { range: '<16.17.0', flags: ['-r', '--require'] }
-    ].forEach(({ range, flags }) => {
-      if (
-        semver.satisfies(version, range) &&
-        (execArgv.some((el, idx) => el === '@contrast/agent' && !flags.includes(execArgv[idx - 1])) ||
-        NODE_OPTIONS?.includes('@contrast/agent') && !flags.some(flag => NODE_OPTIONS.includes(flag)))
-      ) {
-        logger.warn(
-          'For Node LTS %s, use %s command to run the agent. See: https://docs.contrastsecurity.com/en/install-node-js.html',
-          range,
-          flags
-        );
-      }
-    });
-  }
-  /**
-   * Generates a command string based on ARGV and process.argv0, which will be used
-   * for the `appInfo.cmd` field. This function will throw if any of the config's
-   * cmd_ignore_list values match the command.
-   * @returns {string} the issued command that started the current node process
-   * @throws {IntentionalError} when command should be is ignored by Contrast
-   */
-  function getCommand() {
-    const args = [process.argv0, ...process.argv].map((a) => path.basename(a));
-    const cmd = ArrayPrototypeJoin.call(Array.from(new Set(args)), ' ');
-    const message = 'application command matches cmd_ignore_list config option';
-    if (cmd_ignore_list) {
-      let err;
-      for (const ignoreCommand of cmd_ignore_list) {
-        if (ignoreCommand === 'npm*') {
-          if (cmd.includes('npm ')) err = new IntentionalError(message);
-        } else {
-          if (cmd.includes(ignoreCommand)) err = new IntentionalError(message);
-        }
-        if (err) {
-          logger.trace({ cmd_ignore_list, cmd }, message);
-          throw err;
-        }
-      }
-    }
-    return cmd;
-  }
-  /**
-   * Returns the entrypoint file. If none is found, or the one discovered doesn't match the
-   * config's `agent.node.exclusive_entrypoint` value, this will throw.
-   * @returns {string} entrypoint file name
-   * @throws {Error|IntentionalError} if no entrypoint is found or we're supposed to ignore the app
-   */
-  function getEntrypoint() {
-    let entrypoint = process.argv[1];
-    const { packageData } = pkgInfo;
-    try {
-      if (entrypoint && fs.statSync(entrypoint).isDirectory()) {
-        const main = path.join(entrypoint, packageData.main || 'index.js');
-        try {
-          if (fs.statSync(main)) {
-            entrypoint = main;
-          }
-        } catch (err) {
-          entrypoint = null;
-        }
-      }
-    } catch (err) {} // eslint-disable-line no-empty
-    if (!entrypoint) {
-      logger.error('no entrypoint found for application');
-      throw new Error('No entrypoint found');
-    }
-    if (exclusive_entrypoint) {
-      const expectedEntrypoint = path.resolve(app_root || process.cwd(), exclusive_entrypoint);
-      if (entrypoint !== expectedEntrypoint) {
-        const message = 'application does not match exclusive_entrypoint config option';
-        logger.trace({
-          entrypoint,
-          exclusive_entrypoint: expectedEntrypoint,
-        }, message);
-        throw new IntentionalError(message);
-      }
-    }
-    return entrypoint;
-  }
-  /**
-   * Will try to read the `package.json` file of the app. This will use find-pacakge-json
-   * starting first from entrypoint, then from CWD.
-   * NOTE: If the `app_root` value is specified, this will check only there and then throw if not found.
-   * @param {string} entrypoint app entrypoint
-   * @returns {PackageInfo} dir, packageData, and packageFile
-   * @throws {Error} if package can't be found or parsed
-   */
-  function getPackageInfo() {
-    const cwd = process.cwd();
-    const dirs = new Set();
-    let dir;
-    let packageData;
-    let packageFile;
-    // if this is not the default value, we should only check it
-    if (app_root && app_root !== cwd) {
-      dirs.add(path.resolve(app_root));
-    } else {
-      // otherwise check up folder tree from entrypoint and then cwd
-      dirs.add(cwd);
-    }
-    for (dir of dirs) {
-      try {
-        packageFile = process.env.npm_package_json ?? findPackageJsonSync({ cwd: dir });
-        packageData = require(packageFile);
-        break;
-      } catch (err) {} // eslint-disable-line no-empty
-    }
-    if (!packageData) {
-      const message = 'unable to locate application package.json';
-      logger.error({
-        app_root,
-        paths: Array.from(dirs),
-      }, message);
-      throw new Error(message);
-    }
-    return {
-      dir: path.dirname(packageFile),
-      packageData,
-      packageFile,
-    };
-  }
-  /**
-   * The name field is required e.g. reporting, rewrite caching, etc.
-   * @throws {Error} if there is no name identified
-   */
-  function getApplicationName() {
-    const name = config.application.name || pkgInfo.packageData.name;
-    if (!name) {
-      throw new Error(
-        'The application\'s name was not identified. ' +
-        'Please provide name in package.json field or with the agent\'s application.name config option.'
-      );
-    }
-    return name;
-  }
-};

package/node_modules/@contrast/sec-obs/node_modules/@contrast/core/lib/build-id.js DELETED Viewed

@@ -1,51 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-'use strict';
-const { CRC32 } = require('@tsxper/crc32');
-const { readFile } = require('fs/promises');
-const { resolve } = require('path');
-/**
- * @param {Object} core
- * @param {import('@contrast/common').AppInfo} core.appInfo
- * @returns
- */
-module.exports = function init(core) {
-  /** @type {string | undefined} */
-  let _buildId;
-  /**
-   * Attempts to hash the contents of the `package-lock.json` neighbor of the
-   * application's `package.json`. If no package-lock is detected, fall back to
-   * the app's `package.json` to generate the build ID.
-   * @returns {Promise<number | void>}
-   */
-  return core.getBuildId = async function getBuildId() {
-    if (_buildId) return _buildId;
-    const crc32 = new CRC32();
-    try {
-      const buf = await readFile(resolve(core.appInfo.app_dir, 'package-lock.json'));
-      return _buildId = crc32.forBuffer(buf).toString(16);
-    } catch (err) {
-      // unable to hash package-lock.json, fall back to stored package.json
-    }
-    const str = JSON.stringify(core.appInfo.pkg);
-    return _buildId = crc32.forString(str).toString(16);
-  };
-};