@contrast/core 1.60.0 → 1.61.0

package/LICENSE

@@ -1,4 +1,4 @@
-Copyright: 2025 Contrast Security, Inc
+Copyright: 2026 Contrast Security, Inc
 Contact: support@contrastsecurity.com
 License: Commercial
 

package/lib/agent-info.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/app-info.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/build-id.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -32,7 +32,7 @@ module.exports = function init(core) {
    * Attempts to hash the contents of the `package-lock.json` neighbor of the
    * application's `package.json`. If no package-lock is detected, fall back to
    * the app's `package.json` to generate the build ID.
-   * @returns {Promise<number | void>}
+   * @returns {Promise<string | void>}
    */
   return core.getBuildId = async function getBuildId() {
     if (_buildId) return _buildId;

package/lib/contrast-methods.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/index.d.ts

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -14,41 +14,25 @@
  */
 
 import { AppInfo, Messages, SystemInfo, ThreadTransferData } from '@contrast/common';
+import Perf from '@contrast/perf';
+import * as IOCCore from './ioc/core';
 
-interface Frame {
-  eval: string | undefined;
-  file: string | undefined;
-  lineNumber: number | null;
-  method: string | null;
-  type: string | null;
-}
-
-/* eslint-disable @typescript-eslint/ban-types */
-interface CreateSnapshotOpts {
-  constructorOpt?: Function;
-  prependFrames?: (Function | Frame)[];
-}
+export interface Core extends IOCCore {
+  // these should be defined on IOCCore but sometimes typescript isn't resolving them correctly
+  Perf: typeof Perf;
+  perf: Perf;
 
-export interface Core {
-  threadTransferData: ThreadTransferData;
   agentName: string;
   agentVersion: string;
-  reportingInstance: string;
-
   appInfo: AppInfo;
-
-  captureStackTrace<T>(obj: T, opts: CreateSnapshotOpts, key: string): T;
-  createSnapshot(opts?: CreateSnapshotOpts): () => Frame[];
-
-  isAgentPath(path: string): boolean;
-
   messages: Messages;
-
+  reportingInstance: string;
   sensitiveDataMasking: SensitiveDataMasking;
+  threadTransferData: ThreadTransferData;
 
+  isAgentPath(path: string): boolean;
   getSystemInfo(): Promise<SystemInfo>;
-  getBuildId(): Promse<number | void>;
-  Perf: any;
+  getBuildId(): Promise<string | void>;
 }
 
 export interface SensitiveDataMasking {

package/lib/ioc/core.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -15,7 +15,9 @@
 
 'use strict';
 
+
 const EventEmitter = require('events');
+const { set } = require('@contrast/common');
 const Perf = require('@contrast/perf');
 
 const kComponentName = Symbol('kComponentName');
@@ -23,8 +25,8 @@ const kComponentName = Symbol('kComponentName');
 class Core {
   constructor(initData = {}) {
     const core = this;
-    // setup perf tools
 
+    // setup perf tools
     this.Perf = Perf;
     this.perf = new Perf('core');
     Perf.setInterval();
@@ -69,18 +71,26 @@ class Core {
    * If component factory is decorated with metadata, then we can
    * use the metadata to hook into core's extension events.
    * @param {function} component
-   * @param {string} component.fullName
    * @throws {Error} if component doesn't have appropriate metadata
    */
   initComponentSync(component) {
-    this.perf.wrapInit(component, component[kComponentName])(this);
+    if (component?.prototype instanceof ComponentBase) {
+      if (!component.prototype.constructor[kComponentName])
+        throw new Error(`no kComponentName on ${component.prototype.constructor.name}`);
+
+      const componentName = component.prototype.constructor[kComponentName];
+      this.perf.wrapInit(() => new component(this), componentName)(this);
+    } else {
+      this.perf.wrapInit(component, component[kComponentName])(this);
+    }
     this.messages.emit('ext:core.init', component[kComponentName]);
   }
 
   static isComponent(target) {
-    return typeof target == 'function' && target[kComponentName]?.length > 0;
+    return typeof target == 'function' && target[kComponentName]?.length;
   }
 
+  /** @deprecated Use {@Link ComponentBase} instead*/
   static makeComponent(meta) {
     if (!meta.factory || !meta.name) throw new Error('makeComponent requires factory and name');
 
@@ -91,5 +101,27 @@ class Core {
   }
 }
 
+/** @template {import('..').Core} T */
+class ComponentBase {
+
+  /** @type {T} */
+  core;
+
+  /**
+   * @param {T} core
+   */
+  constructor(core) {
+    // avoid core being enumerable
+    Object.defineProperty(this, 'core', { value: core });
+
+    if (!this.constructor[kComponentName])
+      throw new Error(`no kComponentName on ${this.constructor}`);
+
+    set(core, this.constructor[kComponentName], this);
+  }
+}
+
 module.exports = Core;
 module.exports.Core = Core;
+module.exports.ComponentBase = ComponentBase;
+module.exports.kComponentName = kComponentName;

package/lib/is-agent-path.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/messages.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/sensitive-data-masking/constants.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/sensitive-data-masking/index.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/sensitive-data-masking/server-settings-listener.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/system-info/cloud-provider-metadata.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/system-info/index.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/system-info/linux-os-info.js

@@ -19,7 +19,7 @@
  */
 
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/system-info/utils.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/core",
-  "version": "1.60.0",
+  "version": "1.61.0",
   "description": "Preconfigured Contrast agent core services and models",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -19,12 +19,12 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.39.0",
-    "@contrast/config": "1.55.0",
+    "@contrast/common": "1.40.0",
+    "@contrast/config": "1.56.0",
     "@contrast/find-package-json": "^1.1.0",
     "@contrast/fn-inspect": "^5.0.2",
-    "@contrast/logger": "1.33.0",
-    "@contrast/patcher": "1.32.0",
+    "@contrast/logger": "1.34.0",
+    "@contrast/patcher": "1.33.0",
     "@contrast/perf": "1.4.0",
     "@tsxper/crc32": "^2.1.3",
     "axios": "^1.12.2",

package/lib/capture-stacktrace.js

@@ -1,256 +0,0 @@
-/*
- * Copyright: 2025 Contrast Security, Inc
- * Contact: support@contrastsecurity.com
- * License: Commercial
-
- * NOTICE: This Software and the patented inventions embodied within may only be
- * used as part of Contrast Security’s commercial offerings. Even though it is
- * made available through public repositories, use of this Software is subject to
- * the applicable End User Licensing Agreement found at
- * https://www.contrastsecurity.com/enduser-terms-0317a or as otherwise agreed
- * between Contrast Security and the End User. The Software may not be reverse
- * engineered, modified, repackaged, sold, redistributed or otherwise used in a
- * way not consistent with the End User License Agreement.
- */
-// @ts-check
-'use strict';
-
-const process = require('process');
-const fnInspect = require('@contrast/fn-inspect');
-const { primordials: { StringPrototypeReplace, RegExpPrototypeExec } } = require('@contrast/common');
-
-/** @typedef {import('.').Frame} Frame */
-/** @typedef {import('.').CreateSnapshotOpts} CreateSnapshotOpts */
-
-const EVAL_ORIGIN_REGEX = /\((.*?):(\d+):\d+\)/;
-
-module.exports = function(core) {
-  const { config, isAgentPath } = core;
-
-  const stacktraceFactory = new StacktraceFactory({
-    stackTraceLimit: config.agent.stack_trace_limit,
-    isAgentPath
-  });
-
-  /** @type {StacktraceFactory['captureStacktrace']} */
-  core.captureStacktrace = function (obj, opts, key) {
-    return stacktraceFactory.captureStacktrace(obj, opts, key);
-  };
-
-  /** @type {StacktraceFactory['createSnapshot']} */
-  core.createSnapshot = function (opts) {
-    return stacktraceFactory.createSnapshot(opts);
-  };
-
-  return core.captureStacktrace;
-};
-
-class StacktraceFactory {
-  /**
-   * The factory will set stacktrace limit for stackframe lists created by it.
-   * @param {Object} opts
-   * @param {number} opts.stackTraceLimit set the stack trace limit
-   * @param {(path: string) => boolean} opts.isAgentPath function indicating if path is agent code
-   */
-  constructor({ stackTraceLimit, isAgentPath }) {
-    this.stackTraceLimit = stackTraceLimit;
-    this.isAgentPath = isAgentPath;
-  }
-
-  /**
-   * @template T
-   * @param {T} obj
-   * @param {CreateSnapshotOpts} opts
-   * @param {string} key
-   * @returns {T}
-   */
-  captureStacktrace(obj, opts, key = 'stack') {
-    let stack;
-    const snapshot = this.createSnapshot(opts);
-    Object.defineProperty(obj, key, {
-      enumerable: true,
-      configurable: true,
-      get() {
-        if (!stack) {
-          Object.defineProperty(obj, key, {
-            configurable: true,
-            writable: true,
-            enumerable: true,
-            value: snapshot()
-          });
-        }
-        return obj[key];
-      }
-    });
-    return obj;
-  }
-
-  /**
-   * @param {Frame} frame
-   * @returns {boolean}
-   */
-  shouldAppendFrame(frame) {
-    return (
-      !!frame.file &&
-      !this.isAgentPath(frame.file) &&
-      !`${frame.type}${frame.method}`.includes('ContrastMethods')
-    );
-  }
-
-  /**
-   * Creates a function that will build a stacktrace when invoked. It will keep
-   * an error in a closure whose stack will be generated and processed when the
-   * returned function executes. The result will be cached.
-   * @param {CreateSnapshotOpts} params
-   * @returns {() => Frame[]}
-   */
-  createSnapshot({ constructorOpt, prependFrames } = {}) {
-    const target = {};
-    this.appendStackGetter(target, constructorOpt);
-
-    let frames;
-
-    /**
-     * Generates array of frames from `target`'s `stack` getter
-     * @returns {Frame[]}
-     */
-    const snapshot = () => {
-      if (!frames) {
-        // @ts-expect-error target has had a stack getter appended above.
-        const callsites = StacktraceFactory.generateCallsites(target) ?? [];
-        frames = callsites.reduce(
-          /**
-           * @param {Frame[]} acc
-           * @param {NodeJS.CallSite} callsite
-           */
-          (acc, callsite) => {
-            if (StacktraceFactory.isCallsiteValid(callsite)) {
-              const frame = StacktraceFactory.makeFrame(callsite);
-              if (this.shouldAppendFrame(frame)) {
-                acc.push(frame);
-              }
-            }
-
-            return acc;
-          },
-          [],
-        );
-      }
-
-      if (!prependFrames) return frames;
-
-      return [
-        ...prependFrames.map((f) => (typeof f == 'function' ? fnInspect.funcInfo(f) : f)),
-        ...frames,
-      ];
-    };
-
-    return snapshot;
-  }
-
-  /**
-   * Based on stacktrace limit and constructor opt, will append a stack getter
-   * @param {any} obj
-   * @param {Function=} constructorOpt
-   */
-  appendStackGetter(obj, constructorOpt) {
-    const { stackTraceLimit } = Error;
-    Error.stackTraceLimit = this.stackTraceLimit;
-    Error.captureStackTrace(obj, constructorOpt);
-    Error.stackTraceLimit = stackTraceLimit;
-  }
-
-  /**
-   * @param {any} callsite
-   * @returns {boolean}
-   */
-  static isCallsiteValid(callsite) {
-    return callsite instanceof Callsite;
-  }
-
-  /**
-   * Creates an array frame objects from an array of Callsite instances
-   * @param {NodeJS.CallSite} callsite
-   * @returns {Frame}
-   */
-  static makeFrame(callsite) {
-    /** @type {string | undefined} */
-    let evalOrigin;
-    /** @type {string | undefined} */
-    let file;
-    /** @type {number | null} */
-    let lineNumber = null;
-    /** @type {string | null} */
-    let method = null;
-    /** @type {string | null} */
-    let type;
-
-    if (callsite.isEval()) {
-      evalOrigin = StacktraceFactory.formatFileName(callsite.getEvalOrigin());
-      const matches = RegExpPrototypeExec.call(EVAL_ORIGIN_REGEX, evalOrigin);
-      if (matches) {
-        file = matches[1];
-        lineNumber = parseInt(matches[2]);
-      }
-    }
-
-    file = file ?? callsite.getFileName();
-    lineNumber = lineNumber ?? callsite.getLineNumber();
-    method = callsite.getFunctionName();
-    type = callsite.getTypeName();
-
-    if (method === null && type === 'Object') {
-      method = '<anonymous>';
-      type = null;
-    }
-
-    return { eval: evalOrigin, file, lineNumber, method, type };
-  }
-
-  /**
-   * @param {string} fileName
-   * @returns {string}
-   */
-  static formatFileName(fileName = '') {
-    const cwd = `${process.cwd()}/`;
-    const idx = fileName.indexOf(cwd);
-
-    if (idx > -1) {
-      return StringPrototypeReplace.call(fileName, cwd, ''); // + 1 to remove /
-    }
-    return fileName;
-  }
-
-  /**
-   * Will access `stack` getter propery on the provided error to generate
-   * a stacktrace. We capture the callsite instances passed to `prepareStacktrace`
-   * using an ephemeral monkey patch.
-   * @param {Error} error object with a `stack` getter property
-   * @returns {NodeJS.CallSite[]}
-   */
-  static generateCallsites(error) {
-    let callsites = [];
-
-    const { prepareStackTrace } = Error;
-
-    Error.prepareStackTrace = function contrastPrepareStackTrace(_, _callsites) {
-      callsites = _callsites;
-      return _callsites;
-    };
-
-    // accessing the getter will call `Error.prepareStacktrace`
-    error.stack;
-
-    // restore original method
-    Error.prepareStackTrace = prepareStackTrace;
-
-    return callsites;
-  }
-}
-
-module.exports.StacktraceFactory = StacktraceFactory;
-module.exports.generateCallsites = StacktraceFactory.generateCallsites;
-
-const Callsite = (module.exports.Callsite = StacktraceFactory.generateCallsites(
-  new Error()
-)[0].constructor);