npm - @contrast/agent - Versions diffs - 5.14.0 → 5.16.0 - Mend

@contrast/agent 5.14.0 → 5.16.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -18,9 +18,9 @@ easiest and cheapest to remediate.
 ## New in version 5
-- The agent no longer ships or operates with the `contrast-service` "sidecar" executables. This allows for a drastically smaller download and simplified deployments.
+- The agent no longer ships or operates with the `contrast-service` "sidecar" executables. This allows for a drastically smaller download size and simplified deployments.
-- Framework support includes `express`, `koa`, and `fastify`, with others soon to come.
+- Framework support includes `express`, `koa`, `fastify`, `hapi`, and `restify`.
 - The agent does not respond to any command-line configuration flags. Configuration options can be set using environment variables and/or `contrast_security.yaml` file. If you were previously using the agent's `-c` CLI option to set the location of your configuration file, you can use `CONTRAST_CONFIG_PATH` environment variable instead. See more about configuration [below](#configuration).
@@ -28,6 +28,7 @@ easiest and cheapest to remediate.
 - Ablility to run Assess and Protect modes concurrently.
+- Full support for ESM modules
 ## Getting Started
@@ -35,7 +36,7 @@ Existing Contrast Node.js agent users should install and update the Contrast
 Node.js agent from [npm](https://www.npmjs.com/). The Contrast Node.js agent follows semantic
 versioning (`major.minor.patch`).
-An API key, provided by Contrast Security, is required for the agent to function.
+An API key or token, provided by Contrast Security, is required for the agent to function.
 Ensure you have installed the latest LTS (Long Term Support) version of [Node.js](http://nodejs.org/)
@@ -60,14 +61,14 @@ node --import @contrast/agent app-main [app arguments]
 Notes:
 - `--import` should be used for Node.js LTS (Active and Maintenance) versions `>=18.19.0`
-- Node.js versions `>=20.0.0` and `<20.6.0` are not supported
+- Node.js versions `>=20.0.0 <20.6.0` are not supported
 ### With end-of-life Node.js Versions
 When using the agent with end-of-life Node.js versions, use either the `--loader` or
 `--require` flag, depending on the version of Node.js and the module system used.
-Use the `--loader` flag for Node.js versions `>=16.17.0` and `<18.19.0`.
+Use the `--loader` flag for Node.js versions `>=16.17.0 <18.19.0`.
 ```sh
 node --loader @contrast/agent app-main.mjs [app arguments]
@@ -82,15 +83,6 @@ node -r @contrast/agent app-main [app arguments]
 Note:
 - `-r` will still work for Node.js versions that have no ESM modules or dependencies.
-### With @contrast/agent v4
-The Contrast Node.js agent v4 is still available for use, but does not support ESM
-modules. To use the v4 agent, use the `--require` (`-r`) flag.
-```sh
-node -r @contrast/agent app-main [app arguments]
-```
 ### Configuration
 #### File Locations
@@ -131,7 +123,7 @@ The agent will look for the `contrast_security.yaml` configuration file in the f
 You can also specify the location of the configuration file with the `CONTRAST_CONFIG_PATH` environment variable:
 ```sh
-CONTRAST_CONFIG_PATH=/path/to/config.yaml node -r @contrast/agent app-main.js
+CONTRAST_CONFIG_PATH=/path/to/config.yaml node --import @contrast/agent app-main
 ```
 > Note:  If `process.env.CONTRAST_CONFIG_PATH` set, the agent will look at that location _only_. If there is an issue reading the configuration file from this location the agent will not look in the standard locations described above, but instead do the following:
@@ -155,6 +147,14 @@ api:
   url: https://app.contrastsecurity.com
 ```
+OR
+```yaml
+api:
+  # base64 encoded JSON object containing the url, api_key, service_key, and user_name
+  token: eyJ1cmwiOiJodHRwczovL2FwcC5jb250cmFzdHNlY3VyaXR5LmNvbSIsImFwaV9rZXkiOiJkQ0J2bTQ2dUVKQVVWMm11c05GYjM1N1NudnFZcmxxMSIsInNlcnZpY2Vfa2V5IjoiUFpVNDk5S0szWUQ0WDJEVCIsInVzZXJfbmFtZSI6ImFnZW50X2QyMjhhNTI3LTEzMGMtMThjYy05M2I4LTIwMDk2MTM2YmEwYkBVc2VyT3JnIn0=
+```
 Visit https://agent.config.contrastsecurity.com/ to use our online tool for building your YAML file interactively.
 For detailed installation and configuration instructions, see the [Node.js Agent documentation](https://docs.contrastsecurity.com/en/install-node-js.html).

package/lib/start-agent.js CHANGED Viewed

@@ -18,6 +18,7 @@
 const process = require('process');
 const { isMainThread } = require('worker_threads');
 const _agentify = require('@contrast/agentify');
 const {
   name: agentName,
   version: agentVersion,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "5.14.0",
+  "version": "5.16.0",
   "description": "Assess and Protect agents for Node.js",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,12 +21,12 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/agentify": "1.31.0",
-    "@contrast/architecture-components": "1.23.0",
-    "@contrast/assess": "1.34.0",
-    "@contrast/library-analysis": "1.24.0",
-    "@contrast/protect": "1.42.0",
-    "@contrast/route-coverage": "1.24.0",
-    "@contrast/telemetry": "1.11.0"
+    "@contrast/agentify": "1.33.0",
+    "@contrast/architecture-components": "1.25.0",
+    "@contrast/assess": "1.36.0",
+    "@contrast/library-analysis": "1.26.0",
+    "@contrast/protect": "1.44.0",
+    "@contrast/route-coverage": "1.26.0",
+    "@contrast/telemetry": "1.13.0"
   }
 }