@depup/launchdarkly-node-server-sdk 7.0.4-depup.0

package/operators.js

@@ -0,0 +1,106 @@
+const semver = require('semver');
+
+// Our reference SDK, Go, parses date/time strings with the time.RFC3339Nano format. This regex should match
+// strings that are valid in that format, and no others.
+// Acceptable: 2019-10-31T23:59:59Z, 2019-10-31T23:59:59.100Z, 2019-10-31T23:59:59-07, 2019-10-31T23:59:59-07:00, etc.
+// Unacceptable: no "T", no time zone designation
+const dateRegex = new RegExp('^\\d\\d\\d\\d-\\d\\d-\\d\\dT\\d\\d:\\d\\d:\\d\\d(\\.\\d\\d*)?(Z|[-+]\\d\\d(:\\d\\d)?)');
+
+function stringOperator(f) {
+  return (userValue, clauseValue) =>
+    typeof userValue === 'string' && typeof clauseValue === 'string' && f(userValue, clauseValue);
+}
+
+function numericOperator(f) {
+  return (userValue, clauseValue) =>
+    typeof userValue === 'number' && typeof clauseValue === 'number' && f(userValue, clauseValue);
+}
+
+function dateOperator(f) {
+  return (userValue, clauseValue) => {
+    const userValueNum = parseDate(userValue);
+    const clauseValueNum = parseDate(clauseValue);
+    return userValueNum !== null && clauseValueNum !== null && f(userValueNum, clauseValueNum);
+  };
+}
+
+function parseDate(input) {
+  switch (typeof input) {
+    case 'number':
+      return input;
+    case 'string':
+      return dateRegex.test(input) ? Date.parse(input) : null;
+    default:
+      return null;
+  }
+}
+
+function semVerOperator(fn) {
+  return (a, b) => {
+    const av = parseSemVer(a),
+      bv = parseSemVer(b);
+    return av && bv ? fn(av, bv) : false;
+  };
+}
+
+function parseSemVer(input) {
+  if (typeof input !== 'string') {
+    return null;
+  }
+  if (input.startsWith('v')) {
+    // the semver library tolerates a leading "v", but the standard does not.
+    return null;
+  }
+  let ret = semver.parse(input);
+  if (!ret) {
+    const versionNumericComponents = new RegExp('^\\d+(\\.\\d+)?(\\.\\d+)?').exec(input);
+    if (versionNumericComponents) {
+      let transformed = versionNumericComponents[0];
+      for (let i = 1; i < versionNumericComponents.length; i++) {
+        if (versionNumericComponents[i] === undefined) {
+          transformed = transformed + '.0';
+        }
+      }
+      transformed = transformed + input.substring(versionNumericComponents[0].length);
+      ret = semver.parse(transformed);
+    }
+  }
+  return ret;
+}
+
+function safeRegexMatch(pattern, value) {
+  try {
+    return new RegExp(pattern).test(value);
+  } catch (e) {
+    // do not propagate this exception, just treat a bad regex as a non-match for consistency with other SDKs
+    return false;
+  }
+}
+
+const operators = {
+  in: (a, b) => a === b,
+  endsWith: stringOperator((a, b) => a.endsWith(b)),
+  startsWith: stringOperator((a, b) => a.startsWith(b)),
+  matches: stringOperator((a, b) => safeRegexMatch(b, a)),
+  contains: stringOperator((a, b) => a.indexOf(b) > -1),
+  lessThan: numericOperator((a, b) => a < b),
+  lessThanOrEqual: numericOperator((a, b) => a <= b),
+  greaterThan: numericOperator((a, b) => a > b),
+  greaterThanOrEqual: numericOperator((a, b) => a >= b),
+  before: dateOperator((a, b) => a < b),
+  after: dateOperator((a, b) => a > b),
+  semVerEqual: semVerOperator((a, b) => a.compare(b) === 0),
+  semVerLessThan: semVerOperator((a, b) => a.compare(b) < 0),
+  semVerGreaterThan: semVerOperator((a, b) => a.compare(b) > 0),
+};
+
+const operatorNone = () => false;
+
+function fn(op) {
+  return operators[op] || operatorNone;
+}
+
+module.exports = {
+  operators: operators,
+  fn: fn,
+};

package/package.json

@@ -0,0 +1,105 @@
+{
+  "name": "@depup/launchdarkly-node-server-sdk",
+  "version": "7.0.4-depup.0",
+  "description": "[DepUp] LaunchDarkly Server-Side SDK for Node.js",
+  "main": "index.js",
+  "scripts": {
+    "test": "jest --ci --coverage --runInBand",
+    "check-typescript": "node_modules/typescript/bin/tsc",
+    "lint": "eslint --format 'node_modules/eslint-formatter-pretty' --ignore-path .eslintignore .",
+    "lint-fix": "eslint --fix --format 'node_modules/eslint-formatter-pretty' --ignore-path .eslintignore .",
+    "contract-test-service": "npm --prefix contract-tests install && npm --prefix contract-tests start",
+    "contract-test-harness": "curl -s https://raw.githubusercontent.com/launchdarkly/sdk-test-harness/master/downloader/run.sh \\ | VERSION=v2 PARAMS=\"-url http://localhost:8000 -debug -stop-service-at-end $TEST_HARNESS_PARAMS\" sh",
+    "contract-tests": "npm run contract-test-service & npm run contract-test-harness"
+  },
+  "types": "./index.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/launchdarkly/node-server-sdk.git"
+  },
+  "keywords": [
+    "depup",
+    "dependency-bumped",
+    "updated-deps",
+    "launchdarkly-node-server-sdk",
+    "launchdarkly",
+    "analytics",
+    "client"
+  ],
+  "license": "Apache-2.0",
+  "bugs": {
+    "url": "https://github.com/launchdarkly/node-server-sdk/issues"
+  },
+  "homepage": "https://github.com/launchdarkly/node-server-sdk",
+  "dependencies": {
+    "async": "^3.2.6",
+    "launchdarkly-eventsource": "^2.2.0",
+    "lru-cache": "^11.2.7",
+    "node-cache": "^5.1.2",
+    "semver": "^7.7.4",
+    "tunnel": "0.0.6",
+    "uuid": "^13.0.0"
+  },
+  "engines": {
+    "node": ">= 12.0.0"
+  },
+  "devDependencies": {
+    "@babel/core": "^7.14.6",
+    "@babel/preset-env": "^7.14.5",
+    "@types/jest": "^27.4.0",
+    "@types/node": "^15.12.2",
+    "babel-jest": "^27.0.2",
+    "eslint": "^7.28.0",
+    "eslint-config-prettier": "^8.3.0",
+    "eslint-formatter-pretty": "^4.1.0",
+    "eslint-plugin-prettier": "^3.4.0",
+    "jest": "^27.0.4",
+    "jest-junit": "^12.2.0",
+    "launchdarkly-js-test-helpers": "^2.2.0",
+    "prettier": "^2.3.1",
+    "tmp": "^0.2.1",
+    "typescript": "~4.4.4",
+    "yaml": "^1.10.2"
+  },
+  "jest": {
+    "rootDir": ".",
+    "testEnvironment": "node",
+    "testMatch": [
+      "**/*-test.js"
+    ],
+    "testResultsProcessor": "jest-junit"
+  },
+  "depup": {
+    "changes": {
+      "async": {
+        "from": "^3.2.4",
+        "to": "^3.2.6"
+      },
+      "launchdarkly-eventsource": {
+        "from": "1.4.4",
+        "to": "^2.2.0"
+      },
+      "lru-cache": {
+        "from": "^6.0.0",
+        "to": "^11.2.7"
+      },
+      "node-cache": {
+        "from": "^5.1.0",
+        "to": "^5.1.2"
+      },
+      "semver": {
+        "from": "^7.5.4",
+        "to": "^7.7.4"
+      },
+      "uuid": {
+        "from": "^8.3.2",
+        "to": "^13.0.0"
+      }
+    },
+    "depsUpdated": 6,
+    "originalPackage": "launchdarkly-node-server-sdk",
+    "originalVersion": "7.0.4",
+    "processedAt": "2026-03-17T22:56:56.202Z",
+    "smokeTest": "passed"
+  }
+}

package/polling.js

@@ -0,0 +1,70 @@
+const errors = require('./errors');
+const messages = require('./messages');
+const dataKind = require('./versioned_data_kind');
+
+function PollingProcessor(config, requestor) {
+  const processor = {},
+    featureStore = config.featureStore,
+    intervalMs = config.pollInterval * 1000;
+
+  let stopped = false;
+
+  let pollTask;
+
+  function poll(maybeCallback) {
+    const cb = maybeCallback || function () {};
+
+    if (stopped) {
+      return;
+    }
+
+    config.logger.debug('Polling LaunchDarkly for feature flag updates');
+
+    requestor.requestAllData((err, respBody) => {
+      if (err) {
+        if (err.status && !errors.isHttpErrorRecoverable(err.status)) {
+          const message = messages.httpErrorMessage(err, 'polling request');
+          config.logger.error(message);
+          cb(new errors.LDPollingError(message));
+          processor.stop();
+        } else {
+          config.logger.warn(messages.httpErrorMessage(err, 'polling request', 'will retry'));
+        }
+      } else {
+        if (respBody) {
+          const allData = JSON.parse(respBody);
+          const initData = {};
+          initData[dataKind.features.namespace] = allData.flags;
+          initData[dataKind.segments.namespace] = allData.segments;
+          featureStore.init(initData, () => {
+            cb();
+          });
+        }
+        // There wasn't an error but there wasn't any new data either, so just keep polling
+      }
+    });
+  }
+
+  processor.start = cb => {
+    if (!pollTask && !stopped) {
+      pollTask = setInterval(() => poll(cb), intervalMs);
+      // setInterval always waits for the delay before firing the first time, but we want to do an initial poll right away
+      poll(cb);
+    }
+  };
+
+  processor.stop = () => {
+    stopped = true;
+    if (pollTask) {
+      clearInterval(pollTask);
+    }
+  };
+
+  processor.close = () => {
+    processor.stop();
+  };
+
+  return processor;
+}
+
+module.exports = PollingProcessor;

package/requestor.js

@@ -0,0 +1,62 @@
+const httpUtils = require('./utils/httpUtils');
+
+/**
+ * Creates a new Requestor object, which handles remote requests to fetch feature flags or segments for LaunchDarkly.
+ * This is never called synchronously when requesting a feature flag for a user (e.g. via the variation method).
+ *
+ * It will be called at the configured polling interval in polling mode. Older versions of the SDK also
+ * could use the Requestor to make a polling request even in streaming mode, for very large data sets,
+ * but the LD infrastructure no longer uses that behavior.
+ *
+ * @param {String} sdkKey the SDK key
+ * @param {Object} config the LaunchDarkly client configuration object
+ **/
+function Requestor(sdkKey, config) {
+  const requestor = {};
+
+  const headers = httpUtils.getDefaultHeaders(sdkKey, config);
+  const requestWithETagCaching = httpUtils.httpWithETagCache();
+
+  function makeRequest(resource) {
+    const url = config.baseUri + resource;
+    const requestParams = { method: 'GET', headers };
+    return (cb, errCb) => {
+      requestWithETagCaching(url, requestParams, null, config, (err, resp, body) => {
+        if (err) {
+          errCb(err);
+        } else {
+          cb(resp, body);
+        }
+      });
+    };
+  }
+
+  function processResponse(cb) {
+    return (response, body) => {
+      if (response.statusCode !== 200 && response.statusCode !== 304) {
+        const err = new Error('Unexpected status code: ' + response.statusCode);
+        err.status = response.statusCode;
+        cb(err, null);
+      } else {
+        cb(null, response.statusCode === 304 ? null : body);
+      }
+    };
+  }
+
+  function processErrorResponse(cb) {
+    return err => {
+      cb(err, null);
+    };
+  }
+
+  // Note that requestAllData will pass (null, null) rather than (null, body) if it gets a 304 response;
+  // this is deliberate so that we don't keep updating the data store unnecessarily if there are no changes.
+  requestor.requestAllData = cb => {
+    const req = makeRequest('/sdk/latest-all');
+    req(processResponse(cb), processErrorResponse(cb));
+  };
+
+  return requestor;
+}
+
+module.exports = Requestor;

package/scripts/better-audit.sh

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+# This script processes the output of "npm audit" to make it more useful, as follows:
+# - For each flagged vulnerability, it looks at the "path" field and extracts both the flagged
+#   package (the last element in the path) and the topmost dependency that led to it (the first
+#   element in the path).
+# - It sorts these and eliminates duplicates.
+# - It then compares each of the topmost dependencies to package.json to see if it is from
+#   "dependencies", "peerDependencies", or "devDependencies". If it is either of the first two
+#   then this is a real runtime vulnerability, and must be fixed by updating the topmost
+#   dependency. If it is from devDependencies, then it can be safely fixed with "npm audit fix".
+
+set -e
+
+function readPackages() {
+  inCategory=$1
+  jq -r ".${inCategory} | keys | .[]" package.json 2>/dev/null || true
+}
+
+function isInList() {
+  item=$1
+  shift
+  for x in $@; do
+    if [ "$item" == "$x" ]; then
+      true
+      return
+    fi
+  done
+  false
+}
+
+dependencies=$(readPackages dependencies)
+devDependencies=$(readPackages devDependencies)
+peerDependencies=$(readPackages peerDependencies)
+
+function processItems() {
+  flaggedRuntime=0
+  flaggedDev=0
+  while read -r badPackage topLevelDep; do
+    echo -n "flagged package \"$badPackage\", referenced via \"$topLevelDep\" "
+    for category in dependencies peerDependencies devDependencies; do
+      if isInList $topLevelDep ${!category}; then
+        if [ "$category" == "devDependencies" ]; then
+          echo "-- from \"$category\""
+          flaggedDev=1
+        else
+          echo "-- from \"$category\" (RUNTIME) ***"
+          flaggedRuntime=1
+        fi
+        break
+      fi
+    done
+  done
+  echo
+  if [ "$flaggedRuntime" == "1" ]; then
+    echo "*** At least one runtime dependency was flagged. These must be fixed by updating package.json."
+    echo "Do not use 'npm audit fix'."
+    exit 1  # return an error, causing the build to fail
+  elif [ "$flaggedDev" == "1" ]; then
+    echo "Only development dependencies were flagged. You may safely run 'npm audit fix', which will"
+    echo "fix these by adding overrides to package-lock.json."
+  else
+    echo "Congratulations! No dependencies were flagged by 'npm audit'."
+  fi
+}
+
+echo "Running npm audit..."
+echo
+
+npm audit --json \
+  | grep '"path":' \
+  | sort | uniq \
+  | sed -n -e 's#.*"path": "\([^"]*\)".*#\1#p' \
+  | awk -F '>' '{ print $NF,$1 }' \
+  | sort | uniq \
+  | processItems

package/sharedtest/big_segment_store_tests.js

@@ -0,0 +1,86 @@
+const { nullLogger } = require('../loggers');
+
+const { withCloseable } = require('launchdarkly-js-test-helpers');
+
+// See index.d.ts for interface documentation
+
+const fakeUserHash = 'userhash';
+
+function runBigSegmentStoreTests(storeFactory, clearExistingData, setMetadata, setSegments) {
+  function doAllTestsWithPrefix(prefix) {
+    async function withStoreAndEmptyData(action) {
+      await clearExistingData(prefix);
+      await withCloseable(storeFactory(prefix, nullLogger()), action);
+    }
+
+    describe('getMetadata', () => {
+      it('valid value', async () => {
+        const expected = { lastUpToDate: 1234567890 };
+        await withStoreAndEmptyData(async store => {
+          await setMetadata(prefix, expected);
+
+          const meta = await store.getMetadata();
+          expect(meta).toEqual(expected);
+        });
+      });
+
+      it('no value', async () => {
+        await withStoreAndEmptyData(async store => {
+          const meta = await store.getMetadata();
+          expect(meta).toEqual({ lastUpToDate: undefined });
+        });
+      });
+    });
+
+    describe('getUserMembership', () => {
+      it('not found', async () => {
+        await withStoreAndEmptyData(async store => {
+          const membership = await store.getUserMembership(fakeUserHash);
+          if (membership) {
+            // either null/undefined or an empty membership would be acceptable
+            expect(membership).toEqual({});
+          }
+        });
+      });
+
+      it('includes only', async () => {
+        await withStoreAndEmptyData(async store => {
+          await setSegments(prefix, fakeUserHash, ['key1', 'key2'], []);
+
+          const membership = await store.getUserMembership(fakeUserHash);
+          expect(membership).toEqual({ key1: true, key2: true });
+        });
+      });
+
+      it('excludes only', async () => {
+        await withStoreAndEmptyData(async store => {
+          await setSegments(prefix, fakeUserHash, [], ['key1', 'key2']);
+
+          const membership = await store.getUserMembership(fakeUserHash);
+          expect(membership).toEqual({ key1: false, key2: false });
+        });
+      });
+
+      it('includes and excludes', async () => {
+        await withStoreAndEmptyData(async store => {
+          await setSegments(prefix, fakeUserHash, ['key1', 'key2'], ['key2', 'key3']);
+
+          const membership = await store.getUserMembership(fakeUserHash);
+          expect(membership).toEqual({ key1: true, key2: true, key3: false }); // include of key2 overrides exclude
+        });
+      });
+    });
+  }
+
+  describe('with non-empty prefix', () => {
+    doAllTestsWithPrefix('testprefix');
+  });
+
+  describe('with empty prefix', () => {
+    doAllTestsWithPrefix(undefined);
+  });
+}
+
+module.exports = {
+  runBigSegmentStoreTests,
+};

package/sharedtest/feature_store_tests.js

@@ -0,0 +1,177 @@
+const dataKind = require('../versioned_data_kind');
+
+const { promisifySingle, withCloseable, AsyncQueue } = require('launchdarkly-js-test-helpers');
+
+function runFeatureStoreTests(createStore, clearExistingData) {
+  const feature1 = { key: 'foo', version: 10 };
+  const feature2 = { key: 'bar', version: 10 };
+
+  async function withInitedStore(asyncAction) {
+    if (clearExistingData) {
+      await clearExistingData();
+    }
+    const store = createStore();
+    await withCloseable(store, async () => {
+      const initData = {
+        [dataKind.features.namespace]: {
+          foo: feature1,
+          bar: feature2,
+        },
+        [dataKind.segments.namespace]: {},
+      };
+      await promisifySingle(store.init)(initData);
+      await asyncAction(store);
+    });
+  }
+
+  it('is initialized after calling init()', async () => {
+    await withInitedStore(async store => {
+      const result = await promisifySingle(store.initialized)();
+      expect(result).toBe(true);
+    });
+  });
+
+  it('init() completely replaces previous data', async () => {
+    await withInitedStore(async store => {
+      const flags = {
+        first: { key: 'first', version: 1 },
+        second: { key: 'second', version: 1 },
+      };
+      const segments = { first: { key: 'first', version: 2 } };
+      const initData1 = {
+        [dataKind.features.namespace]: flags,
+        [dataKind.segments.namespace]: segments,
+      };
+
+      await promisifySingle(store.init)(initData1);
+      const items1 = await promisifySingle(store.all)(dataKind.features);
+      expect(items1).toEqual(flags);
+      const items2 = await promisifySingle(store.all)(dataKind.segments);
+      expect(items2).toEqual(segments);
+
+      const newFlags = { first: { key: 'first', version: 3 } };
+      const newSegments = { first: { key: 'first', version: 4 } };
+      const initData2 = {
+        [dataKind.features.namespace]: newFlags,
+        [dataKind.segments.namespace]: newSegments,
+      };
+
+      await promisifySingle(store.init)(initData2);
+      const items3 = await promisifySingle(store.all)(dataKind.features);
+      expect(items3).toEqual(newFlags);
+      const items4 = await promisifySingle(store.all)(dataKind.segments);
+      expect(items4).toEqual(newSegments);
+    });
+  });
+
+  it('gets existing feature', async () => {
+    await withInitedStore(async store => {
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).toEqual(feature1);
+    });
+  });
+
+  it('does not get nonexisting feature', async () => {
+    await withInitedStore(async store => {
+      const result = await promisifySingle(store.get)(dataKind.features, 'biz');
+      expect(result).toBe(null);
+    });
+  });
+
+  it('gets all features', async () => {
+    await withInitedStore(async store => {
+      const result = await promisifySingle(store.all)(dataKind.features);
+      expect(result).toEqual({
+        foo: feature1,
+        bar: feature2,
+      });
+    });
+  });
+
+  it('upserts with newer version', async () => {
+    const newVer = { key: feature1.key, version: feature1.version + 1 };
+    await withInitedStore(async store => {
+      await promisifySingle(store.upsert)(dataKind.features, newVer);
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).toEqual(newVer);
+    });
+  });
+
+  it('does not upsert with older version', async () => {
+    const oldVer = { key: feature1.key, version: feature1.version - 1 };
+    await withInitedStore(async store => {
+      await promisifySingle(store.upsert)(dataKind.features, oldVer);
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).toEqual(feature1);
+    });
+  });
+
+  it('upserts new feature', async () => {
+    const newFeature = { key: 'biz', version: 99 };
+    await withInitedStore(async store => {
+      await promisifySingle(store.upsert)(dataKind.features, newFeature);
+      const result = await promisifySingle(store.get)(dataKind.features, newFeature.key);
+      expect(result).toEqual(newFeature);
+    });
+  });
+
+  it('handles upsert race condition within same client correctly', async () => {
+    // Not sure if there is a way to do this one with async/await
+    const ver1 = { key: feature1.key, version: feature1.version + 1 };
+    const ver2 = { key: feature1.key, version: feature1.version + 2 };
+    const calls = new AsyncQueue();
+    await withInitedStore(async store => {
+      const callback = () => {
+        calls.add(null);
+      };
+
+      // Deliberately do not wait for the first upsert to complete before starting the second,
+      // so their transactions will be interleaved unless we're correctly serializing updates
+      store.upsert(dataKind.features, ver2, callback);
+      store.upsert(dataKind.features, ver1, callback);
+
+      // Now wait until both have completed
+      await calls.take();
+      await calls.take();
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).toEqual(ver2);
+    });
+  });
+
+  it('deletes with newer version', async () => {
+    await withInitedStore(async store => {
+      await promisifySingle(store.delete)(dataKind.features, feature1.key, feature1.version + 1);
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).toBe(null);
+    });
+  });
+
+  it('does not delete with older version', async () => {
+    await withInitedStore(async store => {
+      await promisifySingle(store.delete)(dataKind.features, feature1.key, feature1.version - 1);
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).not.toBe(null);
+    });
+  });
+
+  it('allows deleting unknown feature', async () => {
+    await withInitedStore(async store => {
+      await promisifySingle(store.delete)(dataKind.features, 'biz', 99);
+      const result = await promisifySingle(store.get)(dataKind.features, 'biz');
+      expect(result).toBe(null);
+    });
+  });
+
+  it('does not upsert older version after delete', async () => {
+    await withInitedStore(async store => {
+      await promisifySingle(store.delete)(dataKind.features, feature1.key, feature1.version + 1);
+      await promisifySingle(store.upsert)(dataKind.features, feature1);
+      const result = await promisifySingle(store.get)(dataKind.features, feature1.key);
+      expect(result).toBe(null);
+    });
+  });
+}
+
+module.exports = {
+  runFeatureStoreTests,
+};