npm - @contrast/agent - Versions diffs - 4.5.2 → 4.8.0 - Mend

@contrast/agent 4.5.2 → 4.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/lib/util/trace-util.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
-Copyright: 2021 Contrast Security, Inc
+Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
   License: Commercial

package/lib/util/traverse.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
-Copyright: 2021 Contrast Security, Inc
+Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
   License: Commercial

package/lib/util/user-input-evaluator.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
-Copyright: 2021 Contrast Security, Inc
+Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
   License: Commercial

package/lib/util/xml-analyzer/external-entity-finder.js CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
-Copyright: 2021 Contrast Security, Inc
+Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
   License: Commercial

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "4.5.2",
+  "version": "4.8.0",
   "description": "Node.js security instrumentation by Contrast Security",
   "keywords": [
     "security",
@@ -38,7 +38,8 @@
     "extract-licenses": "node scripts/extract-licenses",
     "fix": "eslint . --fix",
     "prepare": "husky install || exit 0",
-    "preversion": "npm run test:gh-ci"
+    "preversion": "npm run test:gh-ci",
+    "initsecrets": "scripts/detect-secrets.sh"
   },
   "lint-staged": {
     "*.js": "eslint --fix",
@@ -74,11 +75,10 @@
     "@contrast/fn-inspect": "^2.4.2",
     "@contrast/heapdump": "^1.1.0",
     "@contrast/protobuf-api": "^3.2.0",
-    "@contrast/require-hook": "^2.0.5",
+    "@contrast/require-hook": "^2.0.6",
     "@contrast/synchronous-source-maps": "^1.1.0",
     "amqp-connection-manager": "^3.2.2",
     "amqplib": "^0.8.0",
-    "base64url": "^3.0.1",
     "big-integer": "^1.6.36",
     "bluebird": "^3.5.3",
     "builtin-modules": "^3.2.0",
@@ -94,18 +94,14 @@
     "jspack": "0.0.4",
     "lodash": "^4.17.21",
     "make-dir": "^3.1.0",
-    "moment": "^2.21.0",
     "multi-stage-sourcemap": "^0.3.1",
     "on-finished": "^2.3.0",
     "parseurl": "^1.3.3",
     "prom-client": "^12.0.0",
     "recursive-readdir": "^2.2.2",
-    "request": "^2.88.0",
     "semver": "^7.3.2",
-    "source-map": "^0.7.3",
     "winston": "^3.1.0",
     "winston-daily-rotate-file": "^3.5.1",
-    "winston-syslog": "2.1.0",
     "yaml": "^1.10.0"
   },
   "devDependencies": {
@@ -113,7 +109,7 @@
     "@bmacnaughton/string-generator": "^1.0.0",
     "@contrast/eslint-config": "^2.0.1",
     "@contrast/fake-module": "file:test/mock/contrast-fake",
-    "@contrast/screener-service": "^1.12.4",
+    "@contrast/screener-service": "^1.12.8",
     "@hapi/boom": "file:test/mock/boom",
     "@hapi/hapi": "file:test/mock/hapi",
     "@ls-lint/ls-lint": "^1.8.1",
@@ -130,9 +126,10 @@
     "config": "^3.3.3",
     "csv-writer": "^1.2.0",
     "deasync": "^0.1.20",
+    "dustjs-linkedin": "^3.0.0",
     "ejs": "^3.1.6",
     "escape-html": "^1.0.3",
-    "eslint": "^5.16.0",
+    "eslint": "^8.2.0",
     "eslint-config-prettier": "^6.11.0",
     "eslint-plugin-mocha": "^7.0.1",
     "eslint-plugin-node": "^11.1.0",
@@ -148,27 +145,28 @@
     "jsdoc": "^3.6.7",
     "libxmljs": "file:test/mock/libxmljs",
     "libxmljs2": "file:test/mock/libxmljs2",
-    "lint-staged": "^11.0.0",
+    "lint-staged": "^12.0.2",
     "madge": "^4.0.1",
     "marsdb": "file:test/mock/marsdb",
-    "mocha": "^8.2.0",
-    "mochawesome": "^6.2.2",
+    "mocha": "^9.1.3",
+    "mochawesome": "^7.0.1",
     "mongodb": "file:test/mock/mongodb",
     "mongodb-npm": "npm:mongodb@^3.6.5",
+    "mongoose": "^6.1.1",
     "mustache": "^3.0.1",
     "mysql": "file:test/mock/mysql",
     "nock": "^12.0.3",
     "node-fetch": "^2.6.1",
     "node-serialize": "file:test/mock/node-serialize",
     "npm-license-crawler": "^0.2.1",
-    "nyc": "^15.0.0",
+    "nyc": "^15.1.0",
     "pg": "file:test/mock/pg",
     "pino": "^6.7.0",
     "prettier": "^1.19.1",
     "proxyquire": "^2.1.0",
     "qs": "^6.9.4",
     "rethinkdb": "file:test/mock/rethinkdb",
-    "sequelize": "^6.3.3",
+    "sequelize": "^6.11.0",
     "shellcheck": "^1.0.0",
     "sinon": "^7.2.2",
     "sinon-chai": "^3.3.0",
@@ -177,7 +175,7 @@
     "triple-beam": "^1.3.0",
     "typeorm": "file:test/mock/typeorm",
     "uuid": "^8.3.1",
-    "validator": "^13.5.2",
+    "validator": "^13.7.0",
     "xpath": "file:test/mock/xpath"
   },
   "main": "bootstrap.js",

package/perf-logs.js CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 /**
-Copyright: 2021 Contrast Security, Inc
+Copyright: 2022 Contrast Security, Inc
   Contact: support@contrastsecurity.com
   License: Commercial

package/lib/hooks/frameworks/https.js DELETED Viewed

@@ -1,42 +0,0 @@
-/**
-Copyright: 2021 Contrast Security, Inc
-  Contact: support@contrastsecurity.com
-  License: Commercial
-  NOTICE: This Software and the patented inventions embodied within may only be
-  used as part of Contrast Security’s commercial offerings. Even though it is
-  made available through public repositories, use of this Software is subject to
-  the applicable End User Licensing Agreement found at
-  https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
-  between Contrast Security and the End User. The Software may not be reverse
-  engineered, modified, repackaged, sold, redistributed or otherwise used in a
-  way not consistent with the End User License Agreement.
-*/
-'use strict';
-const emitter = require('../../agent-emitter');
-const { HTTP_EVENTS } = require('../../constants');
-const HttpFramework = require('./http');
-const id = 'https';
-class HttpsFramework extends HttpFramework {
-  constructor(agent) {
-    super(agent, id);
-  }
-  /**
-   * Override for <code>HttpSource.prototype.handleServerCreate</code>.
-   * We override in order to emit the event with the proper callback argument -
-   * HTTPS servers take an `options` object as the first argument. We want the
-   * second callback argument.
-   * @param {*[]} args The arguments passed to the Server constructor
-   * @param {Server} server
-   */
-  handleServerCreate(args, server) {
-    const callback = args[1];
-    emitter.emit(HTTP_EVENTS.SERVER_CREATE, callback, server);
-  }
-}
-module.exports = HttpsFramework;

package/lib/protect/rules/nosqli/no-sql-injection-rule.js DELETED Viewed

@@ -1,109 +0,0 @@
-/**
-Copyright: 2021 Contrast Security, Inc
-  Contact: support@contrastsecurity.com
-  License: Commercial
-  NOTICE: This Software and the patented inventions embodied within may only be
-  used as part of Contrast Security’s commercial offerings. Even though it is
-  made available through public repositories, use of this Software is subject to
-  the applicable End User Licensing Agreement found at
-  https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
-  between Contrast Security and the End User. The Software may not be reverse
-  engineered, modified, repackaged, sold, redistributed or otherwise used in a
-  way not consistent with the End User License Agreement.
-*/
-const _ = require('lodash');
-const logger = require('../../../core/logger')('contrast:rules:protect');
-const { INPUT_TYPES, SINK_TYPES } = require('../common');
-const MONGODB = 'mongodb';
-const ScannerKit = new Map([
-  [MONGODB, () => require('../nosqli/nosql-scanner').create('MongoDB')]
-]);
-class NoSqlInjectionRule extends require('../') {
-  constructor(policy = {}) {
-    policy.inputParseDepth = 3;
-    super(policy);
-    this._scanners = new Map();
-    this.id = 'nosql-injection';
-    this.name = 'NoSQL Injection';
-    this.applicableInputs = [
-      INPUT_TYPES.BODY,
-      INPUT_TYPES.JSON_VALUE,
-      INPUT_TYPES.JSON_ARRAYED_VALUE,
-      INPUT_TYPES.PARAMETER_NAME,
-      INPUT_TYPES.PARAMETER_VALUE,
-      INPUT_TYPES.QUERYSTRING,
-      INPUT_TYPES.XML_VALUE,
-      INPUT_TYPES.URI,
-      INPUT_TYPES.URL_PARAMETER
-    ];
-    this.applicableSinks = [SINK_TYPES.NOSQL_QUERY];
-  }
-  evaluateAtSink({ event, applicableSamples }) {
-    if (_.isEmpty(applicableSamples)) {
-      return;
-    }
-    const scanner = this.getScanner(event.id);
-    for (const sample of applicableSamples) {
-      const injection = scanner.findInjection(sample.input.value, event.data);
-      if (injection) {
-        this.appendAttackDetails(sample, injection);
-        sample.captureAppContext(event);
-        logger.warn(`EFFECTIVE - rule: ${this.id}, mode: ${this.mode} `);
-        this.blockRequest(sample);
-      }
-    }
-  }
-  getScanner(id) {
-    if (!ScannerKit.has(id)) {
-      throw new Error(`Unknown NoSQL scanner: ${id}`);
-    }
-    if (!this._scanners.has(id)) {
-      this._scanners.set(id, ScannerKit.get(id)());
-    }
-    return this._scanners.get(id);
-  }
-  /**
-   * Builds details for Sql Injection Attack.
-   * @param   {UserInput} inputDtm The user input that resulted in attack
-   * @param   {String}    query    The query that was analyzed
-   * @param   {Object}    results  The repsults of the sql-scanner
-   * @returns {Object}             The details
-   */
-  buildDetails(sample, findings) {
-    if (!findings) {
-      return null;
-    }
-    const { boundary, location, query } = findings;
-    const inputBoundaryIndex = boundary.previous
-      ? boundary.previous.start
-      : boundary.start;
-    return {
-      start: location[0],
-      end: location[1] + 1,
-      input: sample.input.toSerializable(),
-      boundaryOverrunIndex: boundary.stop + 1,
-      inputBoundaryIndex,
-      query
-    };
-  }
-}
-module.exports = NoSqlInjectionRule;

package/node_modules/bindings/LICENSE.md DELETED Viewed

@@ -1,22 +0,0 @@
-(The MIT License)
-Copyright (c) 2012 Nathan Rajlich &lt;nathan@tootallnate.net&gt;
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/node_modules/bindings/README.md DELETED Viewed

@@ -1,98 +0,0 @@
-node-bindings
-=============
-### Helper module for loading your native module's `.node` file
-This is a helper module for authors of Node.js native addon modules.
-It is basically the "swiss army knife" of `require()`ing your native module's
-`.node` file.
-Throughout the course of Node's native addon history, addons have ended up being
-compiled in a variety of different places, depending on which build tool and which
-version of node was used. To make matters worse, now the `gyp` build tool can
-produce either a __Release__ or __Debug__ build, each being built into different
-locations.
-This module checks _all_ the possible locations that a native addon would be built
-at, and returns the first one that loads successfully.
-Installation
-------------
-Install with `npm`:
-``` bash
-$ npm install --save bindings
-```
-Or add it to the `"dependencies"` section of your `package.json` file.
-Example
--------
-`require()`ing the proper bindings file for the current node version, platform
-and architecture is as simple as:
-``` js
-var bindings = require('bindings')('binding.node')
-// Use your bindings defined in your C files
-bindings.your_c_function()
-```
-Nice Error Output
------------------
-When the `.node` file could not be loaded, `node-bindings` throws an Error with
-a nice error message telling you exactly what was tried. You can also check the
-`err.tries` Array property.
-```
-Error: Could not load the bindings file. Tried:
- → /Users/nrajlich/ref/build/binding.node
- → /Users/nrajlich/ref/build/Debug/binding.node
- → /Users/nrajlich/ref/build/Release/binding.node
- → /Users/nrajlich/ref/out/Debug/binding.node
- → /Users/nrajlich/ref/Debug/binding.node
- → /Users/nrajlich/ref/out/Release/binding.node
- → /Users/nrajlich/ref/Release/binding.node
- → /Users/nrajlich/ref/build/default/binding.node
- → /Users/nrajlich/ref/compiled/0.8.2/darwin/x64/binding.node
-    at bindings (/Users/nrajlich/ref/node_modules/bindings/bindings.js:84:13)
-    at Object.<anonymous> (/Users/nrajlich/ref/lib/ref.js:5:47)
-    at Module._compile (module.js:449:26)
-    at Object.Module._extensions..js (module.js:467:10)
-    at Module.load (module.js:356:32)
-    at Function.Module._load (module.js:312:12)
-    ...
-```
-The searching for the `.node` file will originate from the first directory in which has a `package.json` file is found.
-License
--------
-(The MIT License)
-Copyright (c) 2012 Nathan Rajlich &lt;nathan@tootallnate.net&gt;
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

package/node_modules/bindings/bindings.js DELETED Viewed

@@ -1,221 +0,0 @@
-/**
- * Module dependencies.
- */
-var fs = require('fs'),
-  path = require('path'),
-  fileURLToPath = require('file-uri-to-path'),
-  join = path.join,
-  dirname = path.dirname,
-  exists =
-    (fs.accessSync &&
-      function(path) {
-        try {
-          fs.accessSync(path);
-        } catch (e) {
-          return false;
-        }
-        return true;
-      }) ||
-    fs.existsSync ||
-    path.existsSync,
-  defaults = {
-    arrow: process.env.NODE_BINDINGS_ARROW || ' → ',
-    compiled: process.env.NODE_BINDINGS_COMPILED_DIR || 'compiled',
-    platform: process.platform,
-    arch: process.arch,
-    nodePreGyp:
-      'node-v' +
-      process.versions.modules +
-      '-' +
-      process.platform +
-      '-' +
-      process.arch,
-    version: process.versions.node,
-    bindings: 'bindings.node',
-    try: [
-      // node-gyp's linked version in the "build" dir
-      ['module_root', 'build', 'bindings'],
-      // node-waf and gyp_addon (a.k.a node-gyp)
-      ['module_root', 'build', 'Debug', 'bindings'],
-      ['module_root', 'build', 'Release', 'bindings'],
-      // Debug files, for development (legacy behavior, remove for node v0.9)
-      ['module_root', 'out', 'Debug', 'bindings'],
-      ['module_root', 'Debug', 'bindings'],
-      // Release files, but manually compiled (legacy behavior, remove for node v0.9)
-      ['module_root', 'out', 'Release', 'bindings'],
-      ['module_root', 'Release', 'bindings'],
-      // Legacy from node-waf, node <= 0.4.x
-      ['module_root', 'build', 'default', 'bindings'],
-      // Production "Release" buildtype binary (meh...)
-      ['module_root', 'compiled', 'version', 'platform', 'arch', 'bindings'],
-      // node-qbs builds
-      ['module_root', 'addon-build', 'release', 'install-root', 'bindings'],
-      ['module_root', 'addon-build', 'debug', 'install-root', 'bindings'],
-      ['module_root', 'addon-build', 'default', 'install-root', 'bindings'],
-      // node-pre-gyp path ./lib/binding/{node_abi}-{platform}-{arch}
-      ['module_root', 'lib', 'binding', 'nodePreGyp', 'bindings']
-    ]
-  };
-/**
- * The main `bindings()` function loads the compiled bindings for a given module.
- * It uses V8's Error API to determine the parent filename that this function is
- * being invoked from, which is then used to find the root directory.
- */
-function bindings(opts) {
-  // Argument surgery
-  if (typeof opts == 'string') {
-    opts = { bindings: opts };
-  } else if (!opts) {
-    opts = {};
-  }
-  // maps `defaults` onto `opts` object
-  Object.keys(defaults).map(function(i) {
-    if (!(i in opts)) opts[i] = defaults[i];
-  });
-  // Get the module root
-  if (!opts.module_root) {
-    opts.module_root = exports.getRoot(exports.getFileName());
-  }
-  // Ensure the given bindings name ends with .node
-  if (path.extname(opts.bindings) != '.node') {
-    opts.bindings += '.node';
-  }
-  // https://github.com/webpack/webpack/issues/4175#issuecomment-342931035
-  var requireFunc =
-    typeof __webpack_require__ === 'function'
-      ? __non_webpack_require__
-      : require;
-  var tries = [],
-    i = 0,
-    l = opts.try.length,
-    n,
-    b,
-    err;
-  for (; i < l; i++) {
-    n = join.apply(
-      null,
-      opts.try[i].map(function(p) {
-        return opts[p] || p;
-      })
-    );
-    tries.push(n);
-    try {
-      b = opts.path ? requireFunc.resolve(n) : requireFunc(n);
-      if (!opts.path) {
-        b.path = n;
-      }
-      return b;
-    } catch (e) {
-      if (e.code !== 'MODULE_NOT_FOUND' &&
-          e.code !== 'QUALIFIED_PATH_RESOLUTION_FAILED' &&
-          !/not find/i.test(e.message)) {
-        throw e;
-      }
-    }
-  }
-  err = new Error(
-    'Could not locate the bindings file. Tried:\n' +
-      tries
-        .map(function(a) {
-          return opts.arrow + a;
-        })
-        .join('\n')
-  );
-  err.tries = tries;
-  throw err;
-}
-module.exports = exports = bindings;
-/**
- * Gets the filename of the JavaScript file that invokes this function.
- * Used to help find the root directory of a module.
- * Optionally accepts an filename argument to skip when searching for the invoking filename
- */
-exports.getFileName = function getFileName(calling_file) {
-  var origPST = Error.prepareStackTrace,
-    origSTL = Error.stackTraceLimit,
-    dummy = {},
-    fileName;
-  Error.stackTraceLimit = 10;
-  Error.prepareStackTrace = function(e, st) {
-    for (var i = 0, l = st.length; i < l; i++) {
-      fileName = st[i].getFileName();
-      if (fileName !== __filename) {
-        if (calling_file) {
-          if (fileName !== calling_file) {
-            return;
-          }
-        } else {
-          return;
-        }
-      }
-    }
-  };
-  // run the 'prepareStackTrace' function above
-  Error.captureStackTrace(dummy);
-  dummy.stack;
-  // cleanup
-  Error.prepareStackTrace = origPST;
-  Error.stackTraceLimit = origSTL;
-  // handle filename that starts with "file://"
-  var fileSchema = 'file://';
-  if (fileName.indexOf(fileSchema) === 0) {
-    fileName = fileURLToPath(fileName);
-  }
-  return fileName;
-};
-/**
- * Gets the root directory of a module, given an arbitrary filename
- * somewhere in the module tree. The "root directory" is the directory
- * containing the `package.json` file.
- *
- *   In:  /home/nate/node-native-module/lib/index.js
- *   Out: /home/nate/node-native-module
- */
-exports.getRoot = function getRoot(file) {
-  var dir = dirname(file),
-    prev;
-  while (true) {
-    if (dir === '.') {
-      // Avoids an infinite loop in rare cases, like the REPL
-      dir = process.cwd();
-    }
-    if (
-      exists(join(dir, 'package.json')) ||
-      exists(join(dir, 'node_modules'))
-    ) {
-      // Found the 'package.json' file or 'node_modules' dir; we're done
-      return dir;
-    }
-    if (prev === dir) {
-      // Got to the top
-      throw new Error(
-        'Could not find module root given file: "' +
-          file +
-          '". Do you have a `package.json` file? '
-      );
-    }
-    // Try the parent dir next
-    prev = dir;
-    dir = join(dir, '..');
-  }
-};

package/node_modules/bindings/package.json DELETED Viewed

@@ -1,32 +0,0 @@
-{
-  "name": "bindings",
-  "description": "Helper module for loading your native module's .node file",
-  "keywords": [
-    "native",
-    "addon",
-    "bindings",
-    "gyp",
-    "waf",
-    "c",
-    "c++"
-  ],
-  "version": "1.5.0",
-  "author": "Nathan Rajlich <nathan@tootallnate.net> (http://tootallnate.net)",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/TooTallNate/node-bindings.git"
-  },
-  "main": "./bindings.js",
-  "bugs": {
-    "url": "https://github.com/TooTallNate/node-bindings/issues"
-  },
-  "homepage": "https://github.com/TooTallNate/node-bindings",
-  "license": "MIT",
-  "dependencies": {
-    "file-uri-to-path": "1.0.0"
-  }
-,"_resolved": "https://registry.npmjs.org/bindings/-/bindings-1.5.0.tgz"
-,"_integrity": "sha512-p2q/t/mhvuOj/UeLlV6566GD/guowlr0hHxClI0W9m7MWYkL1F0hLo+0Aexs9HSPCtR1SXQ0TD3MMKrXZajbiQ=="
-,"_from": "bindings@1.5.0"
-}

package/node_modules/file-uri-to-path/.npmignore DELETED Viewed

	@@ -1 +0,0 @@
1	- /node_modules