@contrast/route-coverage 1.53.0 → 1.53.2

package/LICENSE

@@ -1,4 +1,4 @@
-Copyright: 2025 Contrast Security, Inc
+Copyright: 2026 Contrast Security, Inc
 Contact: support@contrastsecurity.com
 License: Commercial
 

package/lib/index.d.ts

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -18,17 +18,20 @@ import { Config } from '@contrast/config';
 import { DepHooks } from '@contrast/dep-hooks';
 import { Logger } from '@contrast/logger';
 import { Patcher } from '@contrast/patcher';
+import { Rewriter } from '@contrast/rewriter';
 import { Scopes } from '@contrast/scopes';
 
 export { RouteInfo };
 
 export interface RouteCoverage extends Installable {
+  MAX_FILE_LENGTH: number,
   DISCOVERY_QUEUE_EMPTY_MS: number;
   discover(info: RouteInfo): void;
   discoveryFinished(): void;
   queue(info: RouteInfo): void;
   queuingFinished(): void;
   observe(info: RouteInfo): void;
+  formatHandlerSync(fn: Function, appDir?: string) : string;
 }
 
 export interface Core {
@@ -37,6 +40,7 @@ export interface Core {
   readonly logger: Logger;
   readonly messages: Messages;
   readonly patcher: Patcher;
+  readonly rewriter: Rewriter,
   readonly scopes: Scopes;
   initComponentSync(c: any): void;
 }

package/lib/index.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -19,6 +19,10 @@ const {
   callChildComponentMethodsSync,
   Event,
   RouteType,
+  primordials: {
+    StringPrototypeSubstring,
+    StringPrototypeReplace,
+  }
 } = require('@contrast/common');
 
 /**
@@ -41,6 +45,7 @@ module.exports = function init(core) {
   const routeIdentifier = (method, signature) => `${method}.${signature}`;
 
   const routeCoverage = core.routeCoverage = {
+    MAX_FILE_LENGTH: 40,
     DISCOVERY_QUEUE_EMPTY_MS: 10_000,
     discover(info) {
       const id = routeIdentifier(info.method, info.signature);
@@ -120,6 +125,24 @@ module.exports = function init(core) {
       callChildComponentMethodsSync(this, 'install');
       setInterval(() => recentlyObserved.clear(), 10000).unref();
     },
+
+    formatHandlerSync(handler, appDir) {
+      const info = core.rewriter.funcInfoSync(handler);
+      if (!info) return '[Function]';
+
+      let file = info.file ?
+        StringPrototypeReplace.call(info.file, appDir, '') :
+        '';
+
+      if (file.length > this.MAX_FILE_LENGTH) {
+        file = `...${StringPrototypeSubstring.call(file, file.length - this.MAX_FILE_LENGTH)}`;
+      }
+      const handlerName = info.method || handler.name || 'anonymous';
+      const formattedHandler = (file && Number.isFinite(info.lineNumber) && Number.isFinite(info.column)) ?
+        `[${handlerName} ${file} ${info.lineNumber}:${info.column}]` :
+        `[Function: ${handlerName}]`; // what util.inspect(handler) would return
+      return formattedHandler;
+    }
   };
 
   core.initComponentSync(require('./install/express'));

package/lib/install/express.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -30,7 +30,6 @@ const {
   }
 } = require('@contrast/common');
 const Core = require('@contrast/core/lib/ioc/core');
-const { formatHandler } = require('../utils/route-info');
 
 const METHODS = [
   'all',
@@ -88,7 +87,6 @@ class ExpressInstrumentation {
 
         core.messages.on(Event.SERVER_LISTENING, () => {
           let router;
-
           self.listenFlag = true;
 
           try {
@@ -482,7 +480,7 @@ class ExpressInstrumentation {
     }
     let template = ArrayPrototypeJoin.call(templates, '');
     if (template == '') template = '/';
-    const signature = `${type}.${method}(${template}, ${formatHandler(handler)})`;
+    const signature = `${type}.${method}(${template}, ${core.routeCoverage.formatHandlerSync(handler)})`;
 
     // this gets merged into meta.observables if same route handler is mounted at multiple paths
     return {

package/lib/install/fastify/fastify-express.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -15,57 +15,61 @@
 'use strict';
 
 const { RouteType } = require('@contrast/common');
-const { patchType, formatHandler } = require('./../../utils/route-info');
-const isArray = (arr) => Array.isArray(arr);
-module.exports = function init(core) {
-  const { patcher, depHooks, routeCoverage, scopes } = core;
+const { Core } = require('@contrast/core/lib/ioc/core');
+const { patchType } = require('./../../utils/route-info');
 
-  return core.routeCoverage.fastifyExpress = {
-    install() {
-      const name = 'fastifyExpress';
-      depHooks.resolve({ name: '@fastify/express', version: '*' }, (_xport) => patcher.patch(_xport, {
-        name,
-        patchType,
-        post(data) {
-          const store = { lock: true, name };
-          patcher.patch(data.args[0], 'use', {
-            name: 'use',
-            patchType,
-            around(next, data) {
-              const [url, fn] = data.args;
-              if (!url || !fn || !core.config.getEffectiveValue('assess.report_middleware_routes')) return next();
+module.exports = Core.makeComponent({
+  name: 'core.routeCoverage.fastifyExpress',
+  factory: function init(core) {
+    const { patcher, depHooks, routeCoverage, scopes } = core;
 
-              const middleware = isArray(fn) ? fn : [fn];
-              const formattedPath = isArray(url) ? `[${url.join(', ')}]` : url;
-              const patchedMiddleware = middleware.map((f) => {
-                const formattedHandler = formatHandler(f);
-                const signature = `fastify.use(${formattedPath}, ${formattedHandler})`;
+    return core.routeCoverage.fastifyExpress = {
+      install() {
+        const name = 'fastifyExpress';
+        depHooks.resolve({ name: '@fastify/express', version: '*' }, (_xport) => patcher.patch(_xport, {
+          name,
+          patchType,
+          post(data) {
+            const store = { lock: true, name };
+            patcher.patch(data.args[0], 'use', {
+              name: 'use',
+              patchType,
+              around(next, data) {
+                const [url, fn] = data.args;
+                if (!url || !fn || !core.config.getEffectiveValue('assess.report_middleware_routes')) return next();
 
-                const routeInfo = {
-                  signature,
-                  url: formattedPath,
-                  method: 'use',
-                  normalizedUrl: formattedPath,
-                  type: RouteType.MIDDLEWARE,
-                  framework: 'fastify'
-                };
-                routeCoverage.discover(routeInfo);
+                const middleware = Array.isArray(fn) ? fn : [fn];
+                const formattedPath = Array.isArray(url) ? `[${url.join(', ')}]` : url;
+                const patchedMiddleware = middleware.map((f) => {
+                  const formattedHandler = core.routeCoverage.formatHandlerSync(f);
+                  const signature = `fastify.use(${formattedPath}, ${formattedHandler})`;
 
-                return patcher.patch(f, {
-                  name: 'middleware',
-                  patchType,
-                  post() {
-                    routeCoverage.observe(routeInfo);
-                  }
+                  const routeInfo = {
+                    signature,
+                    url: formattedPath,
+                    method: 'use',
+                    normalizedUrl: formattedPath,
+                    type: RouteType.MIDDLEWARE,
+                    framework: 'fastify'
+                  };
+                  routeCoverage.discover(routeInfo);
+
+                  return patcher.patch(f, {
+                    name: 'middleware',
+                    patchType,
+                    post() {
+                      routeCoverage.observe(routeInfo);
+                    }
+                  });
                 });
-              });
-              data.args[1] = patchedMiddleware;
+                data.args[1] = patchedMiddleware;
 
-              return !scopes.instrumentation.isLocked() ? scopes.instrumentation.run(store, next) : next();
-            }
-          });
-        }
-      }));
-    }
-  };
-};
+                return !scopes.instrumentation.isLocked() ? scopes.instrumentation.run(store, next) : next();
+              }
+            });
+          }
+        }));
+      }
+    };
+  }
+});

package/lib/install/fastify/fastify-middie.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -15,8 +15,8 @@
 'use strict';
 
 const { RouteType } = require('@contrast/common');
-const { patchType, formatHandler } = require('./../../utils/route-info');
-const isArray = (arr) => Array.isArray(arr);
+const { patchType } = require('./../../utils/route-info');
+
 module.exports = function init(core) {
   const { patcher, depHooks, routeCoverage } = core;
 
@@ -33,10 +33,10 @@ module.exports = function init(core) {
               const [url, fn] = data.args;
               if (!url || !fn || !core.config.getEffectiveValue('assess.report_middleware_routes')) return;
 
-              const middleware = isArray(fn) ? fn : [fn];
-              const formattedPath = isArray(url) ? `[${url.join(', ')}]` : url;
+              const middleware = Array.isArray(fn) ? fn : [fn];
+              const formattedPath = Array.isArray(url) ? `[${url.join(', ')}]` : url;
               const patchedMiddleware = middleware.map((f) => {
-                const formattedHandler = formatHandler(f);
+                const formattedHandler = core.routeCoverage.formatHandlerSync(f);
                 const signature = `fastify.use(${formattedPath}, ${formattedHandler})`;
 
                 const routeInfo = {

package/lib/install/fastify/fastify.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -19,7 +19,7 @@ const {
   primordials: { StringPrototypeToLowerCase, StringPrototypeSplit },
   RouteType,
 } = require('@contrast/common');
-const { patchType, formatHandler } = require('./../../utils/route-info');
+const { patchType } = require('./../../utils/route-info');
 
 // Spec: https://contrast.atlassian.net/wiki/spaces/NOD/pages/3454861621/Node.js+Agent+Route+Signatures#Fastify
 module.exports = function init(core) {
@@ -41,9 +41,10 @@ module.exports = function init(core) {
   function createRouteInfo(method, url, fullyDeclared, type, handler) {
     method = StringPrototypeToLowerCase.call(method);
 
+    const formattedHandler = core.routeCoverage.formatHandlerSync(handler);
     const signature = fullyDeclared
-      ? `fastify.route({ method: ${method}, url: ${url}, handler: ${formatHandler(handler)} })`
-      : `fastify.${method}(${url}, ${formatHandler(handler)})`;
+      ? `fastify.route({ method: ${method}, url: ${url}, handler: ${formattedHandler} })`
+      : `fastify.${method}(${url}, ${formattedHandler})`;
 
     const routeInfo = {
       signature,

package/lib/install/fastify/index.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/install/graphql.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/install/hapi.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -18,7 +18,7 @@
 const { AsyncLocalStorage } = require('node:async_hooks');
 const { RouteType, set } = require('@contrast/common');
 const { Core } = require('@contrast/core/lib/ioc/core');
-const { formatHandler, patchType } = require('../utils/route-info');
+const { patchType } = require('../utils/route-info');
 
 /**
  * The hapi `Route` class from lib/route.js is not defined or exported.
@@ -63,7 +63,7 @@ class HapiRouteCoverage {
    * @param {Route} route
    */
   createSignature(route) {
-    const handler = formatHandler(this.patcher.unwrap(route.settings.handler));
+    const handler = this.core.routeCoverage.formatHandlerSync(this.patcher.unwrap(route.settings.handler));
     return `server.route({ method: '${route.method}', path: '${route.path}', handler: ${handler} })`;
   }
 
@@ -121,6 +121,7 @@ class HapiRouteCoverage {
       patchType,
       post({ result: route }) {
         if (route._special) return; // skip special internal routes
+
         const signature = self.createSignature(route);
         const type = self.registerScope.getStore()?.isMiddleware ? RouteType.MIDDLEWARE : RouteType.HTTP;
 

package/lib/install/koa.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -16,7 +16,7 @@
 
 const { METHODS } = require('./../utils/methods');
 const { isString, RouteType, primordials: { StringPrototypeToLowerCase, StringPrototypeSplit } } = require('@contrast/common');
-const { patchType, formatHandler } = require('./../utils/route-info');
+const { patchType } = require('./../utils/route-info');
 
 // Spec: https://contrast.atlassian.net/wiki/spaces/NOD/pages/3454861621/Node.js+Agent+Route+Signatures#Koa
 module.exports = function init(core) {
@@ -49,7 +49,7 @@ module.exports = function init(core) {
                 const method = methods.length === 0 ? 'use' : METHODS.every(m => methods.includes(m)) ? 'all' : StringPrototypeToLowerCase.call(methods[methods.length - 1]);
                 if (method === 'use' && !core.config.getEffectiveValue('assess.report_middleware_routes')) return;
                 const routeInfo = {
-                  signature: `Router.${method}(${path}, ${formatHandler(handler)})`,
+                  signature: `Router.${method}(${path}, ${core.routeCoverage.formatHandlerSync(handler)})`,
                   method,
                   url: path,
                   normalizedUrl: path,

package/lib/install/restify.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -26,7 +26,7 @@ const {
   RouteType,
 } = require('@contrast/common');
 const { Core } = require('@contrast/core/lib/ioc/core');
-const { formatHandler, patchType } = require('../utils/route-info');
+const { patchType } = require('../utils/route-info');
 
 const COMPONENT_NAME = 'routeCoverage.restify';
 const FRAMEWORK = 'restify';
@@ -45,7 +45,7 @@ class RestifyInstrumentation {
   }
 
   formatHandler(fn) {
-    return formatHandler(this.core.patcher.unwrap(fn));
+    return this.core.routeCoverage.formatHandlerSync(this.core.patcher.unwrap(fn));
   }
 
   install() {

package/lib/install/socket.io.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/utils/methods.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 

package/lib/utils/route-info.js

@@ -1,5 +1,5 @@
 /*
- * Copyright: 2025 Contrast Security, Inc
+ * Copyright: 2026 Contrast Security, Inc
  * Contact: support@contrastsecurity.com
  * License: Commercial
 
@@ -15,8 +15,6 @@
 'use strict';
 
 const patchType = 'route-coverage';
-const { funcInfo } = require('@contrast/fn-inspect');
-const { primordials: { StringPrototypeReplace, StringPrototypeSubstring } } = require('@contrast/common');
 
 /**
  * Creates a formatted "signature" for a route
@@ -30,27 +28,4 @@ function createSignature(path, method = '', obj = 'Router', handler = '[Function
   return `${obj}.${method}('${path}', ${handler})`;
 }
 
-/**
- * Creates a formatted handler signature for a route
- * @param {function} handler
- * @param {string=} appDir
- * @return {string} formatted handler
- */
-function formatHandler(handler, appDir) {
-  const info = funcInfo(handler);
-  if (!info) return '[Function]';
-
-  let file = info.file ?
-    StringPrototypeReplace.call(info.file, appDir, '') :
-    '';
-  if (file.length > 30) {
-    file = `...${StringPrototypeSubstring.call(file, file.length - 40)}`;
-  }
-  const handlerName = info.method || handler.name || 'anonymous';
-  const formattedHandler = (file && Number.isFinite(info.lineNumber) && Number.isFinite(info.column)) ?
-    `[${handlerName} ${file} ${info.lineNumber}:${info.column}]` :
-    `[Function: ${handlerName}]`; // what util.inspect(handler) would return
-  return formattedHandler;
-}
-
-module.exports = { createSignature, patchType, formatHandler };
+module.exports = { createSignature, patchType };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@contrast/route-coverage",
-  "version": "1.53.0",
+  "version": "1.53.2",
   "description": "Handles route discovery and observation",
   "license": "SEE LICENSE IN LICENSE",
   "author": "Contrast Security <nodejs@contrastsecurity.com> (https://www.contrastsecurity.com)",
@@ -20,14 +20,15 @@
     "test": "bash ../scripts/test.sh"
   },
   "dependencies": {
-    "@contrast/common": "1.39.0",
-    "@contrast/config": "1.55.0",
-    "@contrast/core": "1.60.0",
-    "@contrast/dep-hooks": "1.29.0",
+    "@contrast/common": "1.39.1",
+    "@contrast/config": "1.55.1",
+    "@contrast/core": "1.60.1",
+    "@contrast/dep-hooks": "1.29.1",
     "@contrast/fn-inspect": "^5.0.2",
-    "@contrast/logger": "1.33.0",
-    "@contrast/patcher": "1.32.0",
-    "@contrast/scopes": "1.30.0",
+    "@contrast/logger": "1.33.1",
+    "@contrast/patcher": "1.32.1",
+    "@contrast/rewriter": "1.37.2",
+    "@contrast/scopes": "1.30.1",
     "semver": "^7.6.0"
   }
 }