@contrast/agent 5.15.0 → 5.17.0

package/README.md

@@ -18,9 +18,9 @@ easiest and cheapest to remediate.
 
 ## New in version 5
 
-- The agent no longer ships or operates with the `contrast-service` "sidecar" executables. This allows for a drastically smaller download and simplified deployments.
+- The agent no longer ships or operates with the `contrast-service` "sidecar" executables. This allows for a drastically smaller download size and simplified deployments.
 
-- Framework support includes `express`, `koa`, and `fastify`, with others soon to come.
+- Framework support includes `express`, `koa`, `fastify`, `hapi`, and `restify`.
 
 - The agent does not respond to any command-line configuration flags. Configuration options can be set using environment variables and/or `contrast_security.yaml` file. If you were previously using the agent's `-c` CLI option to set the location of your configuration file, you can use `CONTRAST_CONFIG_PATH` environment variable instead. See more about configuration [below](#configuration).
 
@@ -28,6 +28,7 @@ easiest and cheapest to remediate.
 
 - Ablility to run Assess and Protect modes concurrently.
 
+- Full support for ESM modules
 
 ## Getting Started
 
@@ -35,7 +36,7 @@ Existing Contrast Node.js agent users should install and update the Contrast
 Node.js agent from [npm](https://www.npmjs.com/). The Contrast Node.js agent follows semantic
 versioning (`major.minor.patch`).
 
-An API key, provided by Contrast Security, is required for the agent to function.
+An API key or token, provided by Contrast Security, is required for the agent to function.
 
 Ensure you have installed the latest LTS (Long Term Support) version of [Node.js](http://nodejs.org/)
 
@@ -60,14 +61,14 @@ node --import @contrast/agent app-main [app arguments]
 
 Notes:
 - `--import` should be used for Node.js LTS (Active and Maintenance) versions `>=18.19.0`
-- Node.js versions `>=20.0.0` and `<20.6.0` are not supported
+- Node.js versions `>=20.0.0 <20.6.0` are not supported
 
 ### With end-of-life Node.js Versions
 
 When using the agent with end-of-life Node.js versions, use either the `--loader` or
 `--require` flag, depending on the version of Node.js and the module system used.
 
-Use the `--loader` flag for Node.js versions `>=16.17.0` and `<18.19.0`.
+Use the `--loader` flag for Node.js versions `>=16.17.0 <18.19.0`.
 
 ```sh
 node --loader @contrast/agent app-main.mjs [app arguments]
@@ -82,15 +83,6 @@ node -r @contrast/agent app-main [app arguments]
 Note:
 - `-r` will still work for Node.js versions that have no ESM modules or dependencies.
 
-### With @contrast/agent v4
-
-The Contrast Node.js agent v4 is still available for use, but does not support ESM
-modules. To use the v4 agent, use the `--require` (`-r`) flag.
-
-```sh
-node -r @contrast/agent app-main [app arguments]
-```
-
 ### Configuration
 
 #### File Locations
@@ -131,7 +123,7 @@ The agent will look for the `contrast_security.yaml` configuration file in the f
 You can also specify the location of the configuration file with the `CONTRAST_CONFIG_PATH` environment variable:
 
 ```sh
-CONTRAST_CONFIG_PATH=/path/to/config.yaml node -r @contrast/agent app-main.js
+CONTRAST_CONFIG_PATH=/path/to/config.yaml node --import @contrast/agent app-main
 ```
 
 > Note:  If `process.env.CONTRAST_CONFIG_PATH` set, the agent will look at that location _only_. If there is an issue reading the configuration file from this location the agent will not look in the standard locations described above, but instead do the following:
@@ -155,6 +147,14 @@ api:
   url: https://app.contrastsecurity.com
 ```
 
+OR
+
+```yaml
+api:
+  # base64 encoded JSON object containing the url, api_key, service_key, and user_name
+  token: eyJ1cmwiOiJodHRwczovL2FwcC5jb250cmFzdHNlY3VyaXR5LmNvbSIsImFwaV9rZXkiOiJkQ0J2bTQ2dUVKQVVWMm11c05GYjM1N1NudnFZcmxxMSIsInNlcnZpY2Vfa2V5IjoiUFpVNDk5S0szWUQ0WDJEVCIsInVzZXJfbmFtZSI6ImFnZW50X2QyMjhhNTI3LTEzMGMtMThjYy05M2I4LTIwMDk2MTM2YmEwYkBVc2VyT3JnIn0=
+```
+
 Visit https://agent.config.contrastsecurity.com/ to use our online tool for building your YAML file interactively.
 
 For detailed installation and configuration instructions, see the [Node.js Agent documentation](https://docs.contrastsecurity.com/en/install-node-js.html).

package/lib/start-agent.js

@@ -16,8 +16,9 @@
 'use strict';
 
 const process = require('process');
-const { isMainThread } = require('worker_threads');
+const { isMainThread, threadId } = require('worker_threads');
 const _agentify = require('@contrast/agentify');
+
 const {
   name: agentName,
   version: agentVersion,
@@ -100,7 +101,7 @@ function startAgent({ type = 'cjs' } = {}) {
       console.error(err);
     }
   } else {
-    console.warn('Not in main thread. Thread continuing without instrumentation.');
+    console.warn('Not in main thread. Thread (tid: %d) continuing without instrumentation.', threadId);
   }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/agent",
-  "version": "5.15.0",
+  "version": "5.17.0",
   "description": "Assess and Protect agents for Node.js",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -21,12 +21,12 @@
     "test": "../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/agentify": "1.32.0",
-    "@contrast/architecture-components": "1.24.0",
-    "@contrast/assess": "1.35.0",
-    "@contrast/library-analysis": "1.25.0",
-    "@contrast/protect": "1.43.0",
-    "@contrast/route-coverage": "1.25.0",
-    "@contrast/telemetry": "1.12.0"
+    "@contrast/agentify": "1.34.0",
+    "@contrast/architecture-components": "1.26.0",
+    "@contrast/assess": "1.37.0",
+    "@contrast/library-analysis": "1.27.0",
+    "@contrast/protect": "1.45.0",
+    "@contrast/route-coverage": "1.27.0",
+    "@contrast/telemetry": "1.14.0"
   }
 }