@contrast/core 1.0.0

package/LICENSE

@@ -0,0 +1,12 @@
+Copyright: 2022 Contrast Security, Inc
+Contact: support@contrastsecurity.com
+License: Commercial
+
+NOTICE: This Software and the patented inventions embodied within may only be
+used as part of Contrast Security’s commercial offerings. Even though it is
+made available through public repositories, use of this Software is subject to
+the applicable End User Licensing Agreement found at
+https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
+between Contrast Security and the End User. The Software may not be reverse
+engineered, modified, repackaged, sold, redistributed or otherwise used in a
+way not consistent with the End User License Agreement.

package/README.md

@@ -0,0 +1,98 @@
+# `@contrast/core`
+
+Discovers Contrast configuration data (yaml, env vars, etc) and preconfigures a common set of APIs to be used for agent and tooling development.
+
+## Basic Usage
+
+The module exports a factory function.
+
+```typescript
+const core = require('@contrast/core')();
+
+```
+### What You Get
+
+- Logging
+
+  ```typescript
+  core.logger.info('...');
+  ```
+
+  See more about the `@contrast/logger` service [here](../logger/README.md).
+
+- Monkey-patching
+
+  ```typescript
+  core.patcher.patch(res, 'end', {
+    name: 'http.ServerResponse.end',
+    patchType: 'http-things',
+    pre(data) {
+      // ...
+    }
+  });
+  ```
+
+  See more about the `@contrast/patcher` service [here](../patcher/README.md).
+  
+
+- Code rewriting
+
+  ```typescript
+  core.rewriter.addTransforms({
+    CallExpression(path, state) {
+      // ...
+    };
+  });
+  core.rewriter.rewrite('function() { ...');
+  ```
+
+  See more about the `@contrast/rewriter` service [here](../rewriter/README.md).
+
+
+- Dependency hooks
+
+  ```typescript
+  core.depHooks.resolve({ name: 'http' }, http => {
+    // implemention details
+  });
+  ```
+
+  See more about the `@contrast/dep-hooks` service [here](../dep-hooks/README.md).
+
+
+- Models and factories
+
+  The construction of model data _can_ rely on configuration and therefore can be stateful. So, we provide the models and their factories as services that can be used by consumers as if static.
+
+  ```typescript
+  // stackframe filtration is configurable, thus stateful
+  const snap = core.models.StacktraceFactory.createSnapshot();
+  const frames = snap();
+  ```
+
+  See more about the `@contrast/models` service [here](../models/README.md).
+
+- Report messages
+
+  ```typescript
+  // configuration will tell which reporters become active
+  core.reporters.install();
+  core.messages.emit('ProtectInputTracingEvent', { ... });
+  ```
+
+  See more about the `@contrast/reporter` service [here](../reporter/README.md).
+
+- Other stuff
+
+  There are some utility-type functions that rely on configuration state.
+
+  ```typescript
+  // This uses core.config.stack_trace_filters (new to v5)
+  core.isAgentPath('/foo'); 
+  ```
+
+## Related
+
+- `@contrast/agentify`: Integrate core services and instrumentation into an application. See more [here](../agentify/README.md).
+
+<br><br>

package/lib/app-info.js

@@ -0,0 +1,189 @@
+'use strict';
+
+const os = require('os');
+const path = require('path');
+const fs = require('fs');
+const process = require('process');
+
+const MAX_ATTEMPTS = 5;
+
+module.exports = function (deps) {
+  const { logger, config } = deps;
+
+  const appInfo = (deps.appInfo = {
+    os: {
+      type: os.type(),
+      platform: os.platform(),
+      architecture: os.arch(),
+      release: os.release(),
+    },
+    hostname: os.hostname(),
+  });
+
+  let cmd, _path, pkg;
+
+  try {
+    const entrypoint = config.script || config.entrypoint;
+    if (entrypoint) {
+      cmd = appInfo.cmd = path.resolve(entrypoint);
+    } else {
+      appInfo.cmd = undefined;
+    }
+
+    _path = appInfo.path = resolveAppPath(
+      config.agent.node.app_root,
+      cmd ? path.dirname(cmd) : undefined
+    );
+    pkg = require(_path);
+    appInfo.pkg = pkg;
+    appInfo.name = config.application.name || pkg.name;
+    appInfo.app_dir = path.dirname(appInfo.path);
+  } catch (e) {
+    throw new Error(`Unable to find application's package.json: ${_path}`);
+  }
+
+  appInfo.serverVersion = config.server.version;
+  appInfo.node_version = process.version;
+
+  appInfo.appPath = config.application.path || appInfo.app_dir;
+  appInfo.indexFile = cmd;
+  appInfo.serverName = config.server.name;
+  appInfo.serverEnvironment = config.server.environment;
+
+  return appInfo;
+
+  function resolveAppPath(appRoot, scriptPath) {
+    let packageLocation;
+
+    if (appRoot) {
+      packageLocation = findFile({ directory: appRoot, file: 'package.json' });
+    }
+
+    if (!packageLocation) {
+      packageLocation = findFile({
+        directory: scriptPath,
+        file: 'package.json',
+      });
+    }
+
+    if (packageLocation) {
+      deps.logger.info('using package.json at %s', packageLocation);
+    }
+
+    return packageLocation;
+  }
+
+  /**
+   * Gets contents of a directory
+   *
+   * @param {String} directory
+   * @param {Array} contents of a directory
+   */
+  function getDirectoryEntries(directory) {
+    try {
+      return fs.readdirSync(directory);
+    } catch (err) {
+      logger.error({ err }, 'error reading directory %s', directory);
+      return [];
+    }
+  }
+
+  /**
+   * Filters files with name matching the file param
+   *
+   * @param {String} directory path to check for file
+   * @param {Array} files list of entries in a directory
+   * @param {String} file file to check
+   *
+   * @return {*} path to file file or false
+   */
+  function filterFiles(directory, files, file) {
+    const hit = files.filter((entry) => entry === file)[0];
+    return hit ? path.resolve(directory, hit) : false;
+  }
+
+  /**
+   * Checks each direct sibling folder for file
+   *
+   * @param {Object} params
+   * @param {String} params.file file to check
+   * @param {String} params.directory path to check for file
+   * @param {Array} params.foundFiles array to hold found files
+   * @param {Array} params.entries list of directory contents
+   */
+  function checkNestedFolders({ file, directory, entries, foundFiles }) {
+    entries.reduce((foundFiles, entry) => {
+      const resolvedEntry = path.resolve(directory, entry);
+      try {
+        if (!fs.statSync(resolvedEntry).isFile()) {
+          const path = filterFiles(
+            resolvedEntry,
+            getDirectoryEntries(resolvedEntry),
+            file
+          );
+          if (path) {
+            foundFiles.push(path);
+          }
+        }
+      } catch (err) {
+        // swallow this error, we don't care
+      }
+      return foundFiles;
+    }, foundFiles);
+  }
+
+  /**
+   * Tries to find a file in entryPoint, 1 folder below or up to 5 directories
+   * above initial path
+   *
+   * @param {Object} params
+   * @param {String} params.directory path to check for file
+   * @param {String} params.file file to check
+   * @param {Int} [params.maxAttempts=5] max attempts to check above params.directory
+   * @param {Int} params.attempts current attempt to find file in path
+   * @param {Boolean} params.checkNested flag to check in nested directories
+   *
+   * @return {String} path to file
+   */
+  function findFile({
+    directory,
+    file,
+    maxAttempts = MAX_ATTEMPTS,
+    attempts = 0,
+    checkNested = true,
+  }) {
+    if (attempts >= maxAttempts) {
+      return;
+    }
+
+    attempts++;
+    directory = path.resolve(directory);
+
+    const entries = getDirectoryEntries(directory);
+    const location = filterFiles(directory, entries, file);
+    if (location) {
+      return location;
+    }
+
+    // we only want to check files for each directory in the intial call to this function
+    if (checkNested) {
+      const foundFiles = [];
+      checkNestedFolders({ directory, entries, file, foundFiles });
+      // we found a file in the child folders return path to it
+      if (foundFiles.length > 0) {
+        return foundFiles[0];
+      }
+    }
+
+    // we only want to look at dirs in the intial directory
+    // assign parent directory to directory
+    directory = path.dirname(directory);
+    return findFile({
+      directory,
+      file,
+      maxAttempts,
+      attempts,
+      checkNested: false,
+    });
+  }
+};

package/lib/app-info.test.js

@@ -0,0 +1,75 @@
+'use strict';
+
+const { expect } = require('chai');
+const sinon = require('sinon');
+const proxyquire = require('proxyquire');
+const nodePath = require('path');
+const mockPackageJson = require('../../test/mocks/package.json');
+
+describe('core app-info', function() {
+  let os;
+  let path;
+  let fs;
+  let core;
+  let appInfo;
+  let pathToPackageJson;
+
+  beforeEach(function() {
+    const mocks = require('../../test/mocks');
+    core = mocks.core();
+    core.config = mocks.config();
+    core.logger = mocks.logger();
+    core.config.server.name = 'zoing';
+
+    os = {
+      type: sinon.stub().returns('Linux'),
+      platform: sinon.stub().returns('linux'),
+      arch: sinon.stub().returns('x64'),
+      release: sinon.stub().returns('1.23.45'),
+      hostname: sinon.stub().returns('hostname'),
+    };
+    path = {
+      resolve: sinon.stub().callsFake(() => {
+        pathToPackageJson = nodePath.resolve('./test/mocks/package.json');
+        return pathToPackageJson;
+      }),
+      dirname: sinon.stub().callsFake(() => '/path/to'),
+    };
+    fs = {
+      readdirSync: sinon.stub().callsFake(() => ['package.json']),
+      statSync: sinon.stub(),
+    };
+    appInfo = proxyquire(
+      './app-info',
+      {
+        fs,
+        os,
+        path,
+        process: { ...process, version: 'v14.17.5' }
+      }
+    )(core);
+  });
+
+  it('builds out app data from os and process information', function() {
+    expect(appInfo).eql({
+      os: {
+        type: 'Linux',
+        platform: 'linux',
+        architecture: 'x64',
+        release: '1.23.45'
+      },
+      app_dir: '/path/to',
+      hostname: 'hostname',
+      cmd: undefined,
+      name: 'project-name',
+      pkg: mockPackageJson,
+      serverVersion: undefined,
+      node_version: 'v14.17.5',
+      appPath: '/',
+      path: pathToPackageJson,
+      indexFile: undefined,
+      serverName: 'zoing',
+      serverEnvironment: undefined
+    });
+  });
+});

package/lib/capture-stacktrace.js

@@ -0,0 +1,186 @@
+'use strict';
+
+const process = require('process');
+const EVAL_ORIGIN_REGEX = /\((.*?):(\d+):\d+\)/;
+
+module.exports = function(core) {
+  const { config, isAgentPath } = core;
+
+  const stacktraceFactory = new StacktraceFactory({
+    stackTraceLimit: config.agent.stack_trace_limit,
+    isAgentPath
+  });
+
+  core.captureStacktrace = function(...args) {
+    return stacktraceFactory.captureStacktrace(...args);
+  };
+
+  return core.captureStacktrace;
+};
+
+/**
+ * The factory will set stacktrace limit for stackframe lists created by it.
+ * @param {number} stackTraceLimit set the stack trace limit
+ * @param {function} isAgentPath function indicating if path is agent code
+ */
+class StacktraceFactory {
+  constructor({ stackTraceLimit, isAgentPath }) {
+    this.stackTraceLimit = stackTraceLimit;
+    this.isAgentPath = isAgentPath;
+  }
+
+  captureStacktrace(obj, opts, key = 'stack') {
+    let stack;
+    const snapshot = this.createSnapshot(opts);
+    Object.defineProperty(obj, key, {
+      enumerable: true,
+      configurable: true,
+      get() {
+        if (!stack) {
+          Object.defineProperty(obj, key, {
+            configurable: true,
+            writable: true,
+            enumerable: true,
+            value: snapshot()
+          });
+        }
+        return obj[key];
+      }
+    });
+    return obj;
+  }
+
+  /**
+   * Creates a function that will build a stacktrace when invoked. It will keep
+   * an error in a closure whose stack will be generated and processed when the
+   * returned function executes. The result will be cached.
+   * @param {object} params
+   * @param {function} params.limitFn The constructorOpt param used when creating stack
+   * @returns {function}
+   */
+  createSnapshot({ constructorOpt, prependFrames } = {}) {
+    const { isAgentPath } = this;
+    const target = {};
+
+    this.appendStackGetter(target, constructorOpt);
+
+    let ret;
+
+    /**
+     * Generates array of frames from `target`'s `stack` getter
+     * @returns {array}
+     */
+    function snapshot() {
+      if (!ret) {
+        const callsites = StacktraceFactory.generateCallsites(target);
+        /* eslint-disable complexity */
+        ret = (callsites || []).reduce((acc, callsite) => {
+          if (StacktraceFactory.isCallsiteValid(callsite)) {
+            const frame = StacktraceFactory.makeFrame(callsite);
+
+            if (
+              frame.file &&
+              !`${frame.type}${frame.method}`.includes('ContrastMethods')
+            ) {
+              if (!isAgentPath(frame.file)) {
+                acc.push(frame);
+              }
+            }
+          }
+
+          return acc;
+        }, []);
+      }
+
+      return prependFrames ? [...prependFrames, ...ret] : ret;
+    }
+
+    return snapshot;
+  }
+
+  /**
+   * Based on stacktrace limit and constructor opt, will append a stack getter
+   * @param {} error
+   * @param {} limitFn
+   */
+  appendStackGetter(error, constructorOpt) {
+    const { stackTraceLimit } = Error;
+    Error.stackTraceLimit = this.stackTraceLimit;
+    Error.captureStackTrace(error, constructorOpt);
+    Error.stackTraceLimit = stackTraceLimit;
+  }
+
+  static isCallsiteValid(callsite) {
+    return callsite instanceof Callsite;
+  }
+
+  /**
+   * Creates an array frame objects from an array of Callsite instances
+   * @param {} callsite
+   * @returns {}
+   */
+  static makeFrame(callsite) {
+    let evalOrigin;
+    let file;
+    let lineNumber;
+
+    if (callsite.isEval()) {
+      evalOrigin = StacktraceFactory.formatFileName(callsite.getEvalOrigin());
+      [, file, lineNumber] = evalOrigin.match(EVAL_ORIGIN_REGEX) || evalOrigin.endsWith('.ejs');
+    }
+
+    file = file || callsite.getFileName();
+    lineNumber = lineNumber || callsite.getLineNumber();
+
+    return {
+      eval: evalOrigin,
+      file,
+      lineNumber,
+      method: callsite.getFunctionName(),
+      type: callsite.getTypeName()
+    };
+  }
+
+  static formatFileName(fileName = '') {
+    const cwd = `${process.cwd()}/`;
+    const idx = fileName.indexOf(cwd);
+
+    if (idx > -1) {
+      return fileName.replace(cwd, ''); // + 1 to remove /
+    }
+    return fileName;
+  }
+
+  /**
+   * Will access `stack` getter propery on the provided error to generate
+   * a stacktrace. We capture the callsite instances passed to `prepareStacktrace`
+   * using an ephemeral monkey patch.
+   * @param {object} error object with a `stack` getter property
+   * @returns {}
+   */
+  static generateCallsites(error) {
+    let callsites;
+
+    const { prepareStackTrace } = Error;
+
+    Error.prepareStackTrace = function(_, _callsites) {
+      callsites = _callsites;
+      return _callsites;
+    };
+
+    // accessing the getter will call `Error.prepareStacktrace`
+    error.stack;
+
+    // restore original method
+    Error.prepareStackTrace = prepareStackTrace;
+
+    return callsites;
+  }
+}
+
+module.exports.StacktraceFactory = StacktraceFactory;
+module.exports.generateCallsites = StacktraceFactory.generateCallsites;
+
+const Callsite = (module.exports.Callsite = StacktraceFactory.generateCallsites(
+  new Error()
+)[0].constructor);

package/lib/capture-stacktrace.test.js

@@ -0,0 +1,32 @@
+'use strict';
+
+const { expect } = require('chai');
+
+describe('core capture-stactrace', function g() {
+  let core;
+
+  beforeEach(function() {
+    const mocks = require('../../test/mocks');
+    core = mocks.core();
+    core.config = mocks.config();
+    require('./capture-stacktrace')(core);
+  });
+
+  it('appends a stack getter property', function() {
+    const obj = { foo: 'bar' };
+    core.captureStacktrace(obj);
+    const desc = Object.getOwnPropertyDescriptor(obj, 'stack');
+    expect(typeof desc.get).to.eql('function');
+  });
+
+  it('generates a stacktrace from given options', function() {
+    (function outer() {
+      (function inner() {
+        const obj = {};
+        core.captureStacktrace(obj, { constructorOpt: inner });
+        expect(obj.stack[0]).to.have.property('method', 'outer');
+        expect(obj.stack).to.have.lengthOf(10);
+      })();
+    })();
+  });
+});

package/lib/cli-rewriter/dependency-rewriter.js

@@ -0,0 +1,206 @@
+'use strict';
+
+const Module = require('module');
+const process = require('process');
+const fs = require('fs');
+const path = require('path');
+const util = require('util');
+const builtins = require('builtin-modules');
+const readFile = util.promisify(fs.readFile);
+
+module.exports = function(core) {
+  const dependencyRewriter = new RecursiveDependencyRewriter(core);
+  core.dependencyRewriter = dependencyRewriter;
+  return dependencyRewriter;
+};
+
+// Ported from node agent lib/cli-rewriter/index.js
+class RecursiveDependencyRewriter {
+  /**
+   * Receives entrypoint used to initialize agent.
+   * Sets up config, logging, agent, and rewriter state.
+   * @param {string} entrypoint application's entrypoint script
+   */
+  constructor(core) {
+    this.deps = core;
+    this.logger = core.logger;
+    this.rewriter = core.rewriter;
+    this.rewriter.visitors.push(RecursiveDependencyRewriter.requireDetector);
+    // keep track of files rewritten - don't rewrite if file is required more than once
+    this.visited = new Set();
+    this.entrypoint = core.config.entrypoint;
+    this.filename = path.resolve(process.cwd(), this.entrypoint);
+    try {
+      fs.statSync(this.filename);
+    } catch (err) {
+      this.logger.error('entrypoint file not found: %s', this.filename);
+      process.exit(1);
+    }
+  }
+
+  /**
+   * Starting at the provided entrypoint will rewrite it and any dependencies
+   * detected. Recursively continues until all files are rewritten.
+   * @param {string} entrypoint provided application entrypoint script
+   */
+  async rewrite() {
+
+    const parent = RecursiveDependencyRewriter.getModuleData(this.filename);
+    const start = Date.now();
+
+    await this.traverse(this.filename, parent);
+
+    this.logger.info('rewriting complete [%ss]', (Date.now() - start) / 1000);
+  }
+
+  /**
+   * Visits the filename in order to rewrite and cache. Visitor returns found
+   * dependencies in the file. Recursively traverses the absolute file paths of
+   * dependencies found by the require detector.
+   * @param {string} filename file to rewrite
+   * @param {object} parent parent module data
+   */
+  async traverse(filename, parent) {
+    const fileDependencies = await this.visitDependency(filename);
+
+    return Promise.all(
+      fileDependencies.map((request) => {
+        try {
+          const _filename = Module._resolveFilename(request, parent);
+          if (_filename.endsWith('.js')) {
+            const _parent = RecursiveDependencyRewriter.getModuleData(_filename);
+            return this.traverse(_filename, _parent);
+          }
+        } catch (err) {
+          if (err.code === 'MODULE_NOT_FOUND') {
+            this.logger.debug(
+              `module not found. skipping ${request} required by ${filename}`
+            );
+          } else {
+            this.logger.error('error resolving filename: %o', err);
+          }
+        }
+      })
+    );
+  }
+
+  /**
+   * For each file dependency rewrite and cache it. Returns array of found
+   * dependencies.
+   * @param {string} filename name of file to rewrite / cache
+   * @returns {array[string]} list of the file's dependencies
+   */
+  async visitDependency(filename) {
+    if (this.visited.has(filename)) {
+      return [];
+    }
+
+    this.visited.add(filename);
+
+    try {
+      const content = await readFile(filename, 'utf8');
+      const rewriteData = this.rewriter.rewriteFile({
+        content,
+        filename,
+        opts: {
+          inject: true,
+          sourceType: 'script',
+          wrap: true,
+          deps: []
+        }
+      });
+
+      if (!rewriteData.deps) {
+        return [];
+      }
+
+      return rewriteData.deps.filter((dep) => !builtins.includes(dep));
+    } catch (e) {
+      console.log('visit error\n', e);
+      return;
+    }
+  }
+
+  /**
+   * Gets module data in order to resolve abs paths of deps.
+   * @param {string} filename absolute path of file being rewritten
+   * @returns {object}
+   */
+  static getModuleData(filename) {
+    return {
+      id: filename,
+      filename,
+      paths: Module._nodeModulePaths(path.dirname(filename))
+    };
+  }
+
+  /**
+   * Added to agent's static visitors. Runs during rewriting to detect require
+   * calls to discover dependencies.
+   * @param {object} node AST node being visited during rewrite
+   * @param {string} filename file being rewritten
+   * @param {object} state rewriter state
+   */
+  static requireDetector(path, state) {
+    const { node } = path;
+    if (isRequire(node)) {
+      if (isLiteralRequire(node) || isStaticTemplateRequire(node)) {
+        const request = getRequireArg(node);
+        if (request) {
+          state.deps.push(request);
+        }
+      }
+    }
+  }
+}
+
+/**
+ * Whether AST node looks like a `require([request])` call.
+ * @param {object} node AST node
+ * @returns {boolean}
+ */
+function isRequire(node) {
+  return (
+    node.type === 'CallExpression' &&
+    node.callee &&
+    node.callee.type === 'Identifier' &&
+    node.callee.name === 'require' &&
+    node.arguments &&
+    node.arguments.length === 1
+  );
+}
+
+/**
+ * Whether node is static template require
+ * @param {object} node AST node
+ * @returns {boolean}
+ */
+function isStaticTemplateRequire(node) {
+  return (
+    node.arguments[0].type === 'TemplateLiteral' &&
+    node.arguments[0].expressions.length === 0
+  );
+}
+
+/**
+ * Whether node is literal require
+ * @param {object} node AST node
+ * @returns {boolean}
+ */
+function isLiteralRequire(node) {
+  return (
+    node.arguments[0].type === 'Literal' ||
+    node.arguments[0].type === 'StringLiteral'
+  );
+}
+
+/**
+ * Gets value of argument to `require([request])`
+ * @param {object} node AST node
+ * @returns {string}
+ */
+function getRequireArg(node) {
+  return node.arguments[0].type === 'TemplateLiteral'
+    ? node.arguments[0].quasis[0].value.raw
+    : node.arguments[0].value;
+}

package/lib/cli-rewriter/index.js

@@ -0,0 +1,24 @@
+'use strict';
+
+module.exports = function(deps) {
+  const cliRewriter = deps.cliRewriter = async function (preHook) {
+    // fix this - config doesn't resolve this properly for this cli use case
+    deps.config.entrypoint = process.argv[2];
+
+    require('./dependency-rewriter')(deps);
+
+    /*
+     * Callers just need to set up their rewriter policy e.g.
+     * deps.depHooks.rewriting.install()
+     * deps.assess.rewriting.install()
+     */
+    preHook(deps);
+
+    // once clients configure their stuff
+    await deps.dependencyRewriter.rewrite();
+
+    deps.logger.info('done');
+  };
+
+  return cliRewriter;
+};

package/lib/index.d.ts

@@ -0,0 +1,48 @@
+import { Agentify } from '@contrast/agentify';
+import { Config } from '@contrast/config';
+import { Logger } from '@contrast/logger';
+import { Messages } from '@contrast/common';
+import { Patcher } from '@contrast/patcher';
+import { ReporterBus } from '@contrast/reporter';
+import { Rewriter } from '@contrast/rewriter';
+import RequireHook from '@contrast/require-hook';
+import { Scopes } from '@contrast/scopes';
+
+export interface AppInfo {
+  os: {
+    type: string;
+    platform: string;
+    architecture: string;
+    release: string;
+  },
+  hostname: string;
+  version: string;
+  name: string;
+  pkg: object; // package.json
+  agentVersion: string;
+  app_dir: string;
+  serverVersion: string;
+  node_version: string;
+  appPath: string;
+  indexFile: string;
+  serverName: string;
+  serverEnvironment: string;
+}
+
+export interface Core {
+  agentify: Agentify<Core>;
+  config: Config;
+  depHooks: RequireHook;
+  appInfo: AppInfo;
+  logger: Logger;
+  messages: Messages;
+  patcher: Patcher;
+  reporter: ReporterBus;
+  protect: Protect;
+  rewriter: Rewriter;
+  scopes: Scopes;
+}
+
+declare function init(): Core;
+
+export = init;

package/lib/index.js

@@ -0,0 +1,22 @@
+'use strict';
+
+const EventEmitter = require('events');
+
+module.exports = function init(core = {}) {
+  core.messages = new EventEmitter();
+
+  require('@contrast/config')(core);
+  require('@contrast/logger').default(core);
+  require('./app-info')(core);
+  require('./is-agent-path')(core);
+  require('./capture-stacktrace')(core);
+  require('./cli-rewriter')(core);
+  require('@contrast/patcher')(core);
+  require('@contrast/rewriter')(core);
+  require('@contrast/dep-hooks')(core);
+  require('@contrast/scopes')(core);
+  require('@contrast/reporter').default(core);
+  require('@contrast/agentify')(core);
+
+  return core;
+};

package/lib/index.test.js

@@ -0,0 +1,3 @@
+'use strict';
+
+describe.skip('core', function () {});

package/lib/is-agent-path.js

@@ -0,0 +1,22 @@
+'use strict';
+
+/**
+ */
+module.exports = function(core) {
+  const { config } = core;
+
+  /**
+   */
+  function isAgentPath(path) {
+    for (const seg of config.agent.stack_trace_filters) {
+      if (path.indexOf(seg) > -1) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  core.isAgentPath = isAgentPath;
+
+  return isAgentPath;
+};

package/package.json

@@ -0,0 +1,31 @@
+{
+  "name": "@contrast/core",
+  "version": "1.0.0",
+  "description": "Preconfigured Contrast agent core services and models",
+  "license": "SEE LICENSE IN LICENSE",
+  "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
+  "files": [
+    "lib/"
+  ],
+  "main": "lib/index.js",
+  "types": "lib/index.d.ts",
+  "engines": {
+    "npm": ">= 8.4.0",
+    "node": ">= 14.15.0"
+  },
+  "scripts": {
+    "test": "../scripts/test.sh"
+  },
+  "dependencies": {
+    "@contrast/agentify": "1.0.0",
+    "@contrast/config": "1.0.0",
+    "@contrast/dep-hooks": "1.0.0",
+    "@contrast/logger": "1.0.0",
+    "@contrast/patcher": "1.0.0",
+    "@contrast/reporter": "1.0.0",
+    "@contrast/rewriter": "1.0.0",
+    "@contrast/scopes": "1.0.0",
+    "builtin-modules": "^3.2.0",
+    "semver": "^7.3.7"
+  }
+}