@depup/launchdarkly-node-server-sdk 7.0.4-depup.0

package/CONTRIBUTING.md

@@ -0,0 +1,55 @@
+# Contributing to the LaunchDarkly Server-Side SDK for Node.js
+
+LaunchDarkly has published an [SDK contributor's guide](https://docs.launchdarkly.com/sdk/concepts/contributors-guide) that provides a detailed explanation of how our SDKs work. See below for additional information on how to contribute to this SDK.
+
+## Submitting bug reports and feature requests
+
+The LaunchDarkly SDK team monitors the [issue tracker](https://github.com/launchdarkly/node-server-sdk/issues) in the SDK repository. Bug reports and feature requests specific to this SDK should be filed in this issue tracker. The SDK team will respond to all newly filed issues within two business days.
+
+## Submitting pull requests
+
+We encourage pull requests and other contributions from the community. Before submitting pull requests, ensure that all temporary or unintended code is removed. Don't worry about adding reviewers to the pull request; the LaunchDarkly SDK team will add themselves. The SDK team will acknowledge all pull requests within two business days.
+
+## Build instructions
+
+### Prerequisites
+
+The project should be built and tested against the lowest compatible version, Node 12. It uses `npm`, which is bundled in all supported versions of Node.
+
+### Setup
+
+To install project dependencies, from the project root directory:
+
+```
+npm install
+```
+
+### Testing
+
+To run all unit tests:
+
+```
+npm test
+```
+
+To verify that the TypeScript declarations compile correctly (this involves compiling the file `test-types.ts`, so if you have changed any types or interfaces, you will want to update that code):
+
+```
+npm run check-typescript
+```
+
+To run the SDK contract test suite (see [`contract-tests/README.md`](./contract-tests/README.md)):
+
+```bash
+npm run contract-tests
+```
+
+### Auditing package dependencies
+
+The `npm audit` tool compares all dependencies and transitive dependencies to a database of package versions with known vulnerabilities. However, the output of this tool includes both runtime and development dependencies.
+
+Runtime dependencies can affect applications using the SDK; they can only be fixed by updating one of the explicit dependencies in `package.json`. Development dependencies cannot affect applications, but will still cause `npm audit` to flag the project; they can be fixed by running `npm audit fix` to add overrides for transitive dependencies in `package-lock.json`.
+
+It is important _not_ to run `npm audit fix` if there are any bad _runtime_ dependencies, because it will hide the problem in our own build, without actually fixing the vulnerability when an application uses the SDK.
+
+The script `scripts/better-audit.sh`, which is run in the CI build and can also be run manually, processes the output of `npm audit` to eliminate all duplicate entries and then determines whether each entry is coming from a runtime dependency or a development dependency. If there are any runtime ones, it terminates with an error code so the build will fail.

package/LICENSE.txt

@@ -0,0 +1,13 @@
+Copyright 2016 Catamorphic, Co.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,36 @@
+# @depup/launchdarkly-node-server-sdk
+
+> Dependency-bumped version of [launchdarkly-node-server-sdk](https://www.npmjs.com/package/launchdarkly-node-server-sdk)
+
+Generated by [DepUp](https://github.com/depup/npm) -- all production
+dependencies bumped to latest versions.
+
+## Installation
+
+```bash
+npm install @depup/launchdarkly-node-server-sdk
+```
+
+| Field | Value |
+|-------|-------|
+| Original | [launchdarkly-node-server-sdk](https://www.npmjs.com/package/launchdarkly-node-server-sdk) @ 7.0.4 |
+| Processed | 2026-03-17 |
+| Smoke test | passed |
+| Deps updated | 6 |
+
+## Dependency Changes
+
+| Dependency | From | To |
+|------------|------|-----|
+| async | ^3.2.4 | ^3.2.6 |
+| launchdarkly-eventsource | 1.4.4 | ^2.2.0 |
+| lru-cache | ^6.0.0 | ^11.2.7 |
+| node-cache | ^5.1.0 | ^5.1.2 |
+| semver | ^7.5.4 | ^7.7.4 |
+| uuid | ^8.3.2 | ^13.0.0 |
+
+---
+
+Source: https://github.com/depup/npm | Original: https://www.npmjs.com/package/launchdarkly-node-server-sdk
+
+License inherited from the original package.

package/SECURITY.md

@@ -0,0 +1,5 @@
+# Reporting and Fixing Security Issues
+
+Please report all security issues to the LaunchDarkly security team by submitting a bug bounty report to our [HackerOne program](https://hackerone.com/launchdarkly?type=team). LaunchDarkly will triage and address all valid security issues following the response targets defined in our program policy. Valid security issues may be eligible for a bounty.
+
+Please do not open issues or pull requests for security issues. This makes the problem immediately visible to everyone, including potentially malicious actors.

package/attribute_reference.js

@@ -0,0 +1,217 @@
+/**
+ * Take a key string and escape the characters to allow it to be used as a reference.
+ * @param {string} key
+ * @returns {string} The processed key.
+ */
+function processEscapeCharacters(key) {
+  return key.replace(/~/g, '~0').replace(/\//g, '~1');
+}
+
+/**
+ * @param {string} reference The reference to get the components of.
+ * @returns {string[]} The components of the reference. Escape characters will be converted to their representative values.
+ */
+function getComponents(reference) {
+  const referenceWithoutPrefix = reference.startsWith('/') ? reference.substring(1) : reference;
+  return referenceWithoutPrefix
+    .split('/')
+    .map(component => (component.indexOf('~') >= 0 ? component.replace(/~1/g, '/').replace(/~0/g, '~') : component));
+}
+
+/**
+ * @param {string} reference The reference to check if it is a literal.
+ * @returns true if the reference is a literal.
+ */
+function isLiteral(reference) {
+  return !reference.startsWith('/');
+}
+
+/**
+ * Get an attribute value from a literal.
+ * @param {Object} target
+ * @param {string} literal
+ */
+function getFromLiteral(target, literal) {
+  if (target !== null && target !== undefined && Object.prototype.hasOwnProperty.call(target, literal)) {
+    return target[literal];
+  }
+}
+
+/**
+ * Gets the `target` object's value at the `reference`'s location.
+ *
+ * This method method follows the rules for accessing attributes for use
+ * in evaluating clauses.
+ *
+ * Accessing the root of the target will always result in undefined.
+ *
+ * @param {Object} target
+ * @param {string} reference
+ * @returns The `target` object's value at the `reference`'s location.
+ * Undefined if the field does not exist or if the reference is not valid.
+ */
+function get(target, reference) {
+  if (reference === '' || reference === '/') {
+    return undefined;
+  }
+
+  if (isLiteral(reference)) {
+    return getFromLiteral(target, reference);
+  }
+
+  const components = getComponents(reference);
+  let current = target;
+  for (const component of components) {
+    if (
+      current !== null &&
+      current !== undefined &&
+      typeof current === 'object' &&
+      // We do not want to allow indexing into an array.
+      !Array.isArray(current) &&
+      // For arrays and strings, in addition to objects, a hasOwnProperty check
+      // will be true for indexes (as strings or numbers), which are present
+      // in the object/string/array.
+      Object.prototype.hasOwnProperty.call(current, component)
+    ) {
+      current = current[component];
+    } else {
+      return undefined;
+    }
+  }
+
+  return current;
+}
+
+/**
+ * Compare two references and determine if they are equivalent.
+ * @param {string} a
+ * @param {string} b
+ */
+function compare(a, b) {
+  const aIsLiteral = isLiteral(a);
+  const bIsLiteral = isLiteral(b);
+  if (aIsLiteral && bIsLiteral) {
+    return a === b;
+  }
+  if (aIsLiteral) {
+    const bComponents = getComponents(b);
+    if (bComponents.length !== 1) {
+      return false;
+    }
+    return a === bComponents[0];
+  }
+  if (bIsLiteral) {
+    const aComponents = getComponents(a);
+    if (aComponents.length !== 1) {
+      return false;
+    }
+    return b === aComponents[0];
+  }
+  return a === b;
+}
+
+/**
+ * @param {string} a
+ * @param {string} b
+ * @returns The two strings joined by '/'.
+ */
+function join(a, b) {
+  return `${a}/${b}`;
+}
+
+/**
+ * There are cases where a field could have been named with a preceeding '/'.
+ * If that attribute was private, then the literal would appear to be a reference.
+ * This method can be used to convert a literal to a reference in such situations.
+ * @param {string} literal The literal to convert to a reference.
+ * @returns A literal which has been converted to a reference.
+ */
+function literalToReference(literal) {
+  return `/${processEscapeCharacters(literal)}`;
+}
+
+/**
+ * Clone an object excluding the values referenced by a list of references.
+ * @param {Object} target The object to clone.
+ * @param {string[]} references A list of references from the cloned object.
+ * @returns {{cloned: Object, excluded: string[]}} The cloned object and a list of excluded values.
+ */
+function cloneExcluding(target, references) {
+  const stack = [];
+  const cloned = {};
+  const excluded = [];
+
+  stack.push(
+    ...Object.keys(target).map(key => ({
+      key,
+      ptr: literalToReference(key),
+      source: target,
+      parent: cloned,
+      visited: [target],
+    }))
+  );
+
+  while (stack.length) {
+    const item = stack.pop();
+    if (!references.some(ptr => compare(ptr, item.ptr))) {
+      const value = item.source[item.key];
+
+      // Handle null because it overlaps with object, which we will want to handle later.
+      if (value === null) {
+        item.parent[item.key] = value;
+      } else if (Array.isArray(value)) {
+        item.parent[item.key] = [...value];
+      } else if (typeof value === 'object') {
+        //Arrays and null must already be handled.
+
+        //Prevent cycles by not visiting the same object
+        //with in the same branch. Parallel branches
+        //may contain the same object.
+        if (item.visited.includes(value)) {
+          continue;
+        }
+
+        item.parent[item.key] = {};
+
+        stack.push(
+          ...Object.keys(value).map(key => ({
+            key,
+            ptr: join(item.ptr, processEscapeCharacters(key)),
+            source: value,
+            parent: item.parent[item.key],
+            visited: [...item.visited, value],
+          }))
+        );
+      } else {
+        item.parent[item.key] = value;
+      }
+    } else {
+      excluded.push(item.ptr);
+    }
+  }
+  return { cloned, excluded: excluded.sort() };
+}
+
+function isValidReference(reference) {
+  return !reference.match(/\/\/|(^\/.*~[^0|^1])|~$/);
+}
+
+/**
+ * Check if the given attribute reference is for the "kind" attribute.
+ * @param {string} reference String containing an attribute reference.
+ */
+function isKind(reference) {
+  // There are only 2 valid ways to specify the kind attribute,
+  // so this just checks them. Given the current flow of evaluation
+  // this is much less intense a process than doing full validation and parsing.
+  return reference === 'kind' || reference === '/kind';
+}
+
+module.exports = {
+  cloneExcluding,
+  compare,
+  get,
+  isValidReference,
+  literalToReference,
+  isKind,
+};

package/big_segments.js

@@ -0,0 +1,117 @@
+const { createHash } = require('crypto');
+const { EventEmitter } = require('events');
+const LRUCache = require('lru-cache');
+
+const defaultStaleAfter = 120;
+const defaultStatusPollInterval = 5;
+const defaultUserCacheSize = 1000;
+const defaultUserCacheTime = 5;
+const emptyMembership = {};
+
+function BigSegmentStoreManager(store, config, logger) {
+  const staleTimeMs = (config.staleAfter > 0 ? config.staleAfter : defaultStaleAfter) * 1000;
+  const pollIntervalMs = (config.statusPollInterval > 0 ? config.statusPollInterval : defaultStatusPollInterval) * 1000;
+  const pollTask = store ? setInterval(() => pollStoreAndUpdateStatus(), pollIntervalMs) : null;
+  const cache = store
+    ? new LRUCache({
+        max: config.userCacheSize || defaultUserCacheSize,
+        maxAge: (config.userCacheTime || defaultUserCacheTime) * 1000,
+      })
+    : null;
+  let lastStatus;
+
+  const ret = {};
+
+  ret.close = () => {
+    clearInterval(pollTask);
+    store && store.close && store.close();
+  };
+
+  const statusProvider = new EventEmitter();
+  ret.statusProvider = statusProvider;
+  statusProvider.getStatus = () => lastStatus;
+  statusProvider.requireStatus = async () => {
+    if (!lastStatus) {
+      await pollStoreAndUpdateStatus();
+    }
+    return lastStatus;
+  };
+
+  // Called by the evaluator when it needs to get the Big Segment membership state for a user.
+  //
+  // If there is a cached membership state for the user, it returns the cached state. Otherwise,
+  // it converts the user key into the hash string used by the BigSegmentStore, queries the store,
+  // and caches the result.
+  //
+  // The return value is a two-element array where the first element is the membership object,
+  // and the second element is a status value ("HEALTHY", "STALE", or "STORE_ERROR"). An undefined
+  // return value is equivalent to [ null, "NOT_CONFIGURED" ];
+  ret.getUserMembership = async userKey => {
+    if (!store) {
+      return undefined;
+    }
+    let membership = cache.get(userKey);
+    if (!membership) {
+      try {
+        membership = await store.getUserMembership(hashForUserKey(userKey));
+        if (membership === null || membership === undefined) {
+          membership = emptyMembership;
+        }
+        cache.set(userKey, membership);
+      } catch (e) {
+        logger.error('Big Segment store membership query returned error: ' + e);
+        return [null, 'STORE_ERROR'];
+      }
+      cache.set(userKey, membership);
+    }
+    if (!lastStatus) {
+      await pollStoreAndUpdateStatus();
+    }
+    if (!lastStatus.available) {
+      return [membership, 'STORE_ERROR'];
+    }
+    return [membership, lastStatus.stale ? 'STALE' : 'HEALTHY'];
+  };
+
+  async function pollStoreAndUpdateStatus() {
+    if (!store) {
+      lastStatus = { available: false, stale: false };
+      return;
+    }
+    logger.debug('Querying Big Segment store status');
+    let newStatus;
+    try {
+      const metadata = await store.getMetadata();
+      newStatus = { available: true, stale: !metadata || !metadata.lastUpToDate || isStale(metadata.lastUpToDate) };
+    } catch (e) {
+      logger.error('Big Segment store status query returned error: ' + e);
+      newStatus = { available: false, stale: false };
+    }
+    if (!lastStatus || lastStatus.available !== newStatus.available || lastStatus.stale !== newStatus.stale) {
+      logger.debug(
+        'Big Segment store status changed from %s to %s',
+        JSON.stringify(lastStatus),
+        JSON.stringify(newStatus)
+      );
+      lastStatus = newStatus;
+      statusProvider.emit('change', newStatus);
+    }
+  }
+
+  function isStale(timestamp) {
+    return new Date().getTime() - timestamp >= staleTimeMs;
+  }
+
+  return ret;
+}
+
+function hashForUserKey(userKey) {
+  const hasher = createHash('sha256');
+  hasher.update(userKey);
+  return hasher.digest('base64');
+}
+
+module.exports = {
+  BigSegmentStoreManager,
+  hashForUserKey,
+};

package/caching_store_wrapper.js

@@ -0,0 +1,240 @@
+const NodeCache = require('node-cache'),
+  dataKind = require('./versioned_data_kind'),
+  UpdateQueue = require('./update_queue');
+
+function cacheKey(kind, key) {
+  return kind.namespace + ':' + key;
+}
+
+function allCacheKey(kind) {
+  return '$all:' + kind.namespace;
+}
+
+const initializedKey = '$checkedInit';
+
+/*
+  CachingStoreWrapper provides commonly needed functionality for implementations of an
+  SDK feature store. The underlyingStore must implement a simplified interface for
+  querying and updating the data store, while CachingStoreWrapper adds optional caching of
+  stored items and of the initialized state, and ensures that asynchronous operations are
+  serialized correctly.
+
+  The underlyingStore object must have the following methods:
+
+  - getInternal(kind, key, callback): Queries a single item from the data store. The kind
+  parameter is an object with a "namespace" property that uniquely identifies the
+  category of data (features, segments), and the key is the unique key within that
+  category. It calls the callback with the resulting item as a parameter, or, if no such
+  item exists, null/undefined. It should not attempt to filter out any items, nor to
+  cache any items.
+
+  - getAllInternal(kind, callback): Queries all items in a given category from the data
+  store, calling the callback with an object where each key is the item's key and each
+  value is the item. It should not attempt to filter out any items, nor to cache any items.
+
+  - upsertInternal(kind, newItem, callback): Adds or updates a single item. If an item with
+  the same key already exists (in the category specified by "kind"), it should update it
+  only if the new item's "version" property is greater than the old one. On completion, it
+  should call the callback with the final state of the item, i.e. if the update succeeded
+  then it passes the item that was passed in, and if the update failed due to the version
+  check then it passes the item that is currently in the data store (this ensures that
+  caching works correctly). Note that deletions are implemented by upserting a placeholder
+  item with the property "deleted: true".
+
+  - initializedInternal(callback): Tests whether the data store contains a complete data
+  set, meaning that initInternal() or initOrdereInternal() has been called at least once.
+  In a shared data store, it should be able to detect this even if the store was
+  initialized by a different process, i.e. the test should be based on looking at what is
+  in the data store. The method does not need to worry about caching this value;
+  CachingStoreWrapper will only call it when necessary. Call callback with true or false.
+
+  - initInternal(allData, callback): Replaces the entire contents of the data store. This
+  should be done atomically (i.e. within a transaction); if that isn't possible, use
+  initOrderedInternal() instead. The allData parameter is an object where each key is one
+  of the "kind" objects, and each value is an object with the keys and values of all
+  items of that kind. Call callback with no parameters when done.
+    OR:
+  - initOrderedInternal(collections, callback): Replaces the entire contents of the data
+  store. The collections parameter is an array of objects, each of which has "kind" and
+  "items" properties; "items" is an array of data items. Each array should be processed
+  in the specified order. The store should delete any obsolete items only after writing
+  all of the items provided.
+*/
+function CachingStoreWrapper(underlyingStore, ttl, description) {
+  const cache = ttl ? new NodeCache({ stdTTL: ttl }) : null;
+  const queue = new UpdateQueue();
+  let initialized = false;
+
+  this.underlyingStore = underlyingStore;
+  this.description = description;
+
+  this.init = (allData, cb) => {
+    queue.enqueue(
+      cb => {
+        // The underlying store can either implement initInternal, which receives unordered  data,
+        // or initOrderedInternal, which receives ordered data (for implementations that cannot do
+        // an atomic update and therefore need to be told what order to do the operations in).
+        const afterInit = () => {
+          initialized = true;
+
+          if (cache) {
+            cache.del(initializedKey);
+            cache.flushAll();
+
+            // populate cache with initial data
+            Object.keys(allData).forEach(kindNamespace => {
+              const kind = dataKind[kindNamespace];
+              const items = allData[kindNamespace];
+              cache.set(allCacheKey(kind), items);
+              Object.keys(items).forEach(key => {
+                cache.set(cacheKey(kind, key), items[key]);
+              });
+            });
+          }
+
+          cb();
+        };
+
+        if (underlyingStore.initOrderedInternal) {
+          const orderedData = sortAllCollections(allData);
+          underlyingStore.initOrderedInternal(orderedData, afterInit);
+        } else {
+          underlyingStore.initInternal(allData, afterInit);
+        }
+      },
+      [],
+      cb
+    );
+  };
+
+  this.initialized = cb => {
+    if (initialized) {
+      cb(true);
+    } else if (cache && cache.get(initializedKey)) {
+      cb(false);
+    } else {
+      underlyingStore.initializedInternal(inited => {
+        initialized = inited;
+        if (!initialized) {
+          cache && cache.set(initializedKey, true);
+        }
+        cb(initialized);
+      });
+    }
+  };
+
+  this.all = (kind, cb) => {
+    const items = cache && cache.get(allCacheKey(kind));
+    if (items) {
+      cb(items);
+      return;
+    }
+
+    underlyingStore.getAllInternal(kind, items => {
+      if (items === null || items === undefined) {
+        cb(items);
+        return;
+      }
+      const filteredItems = {};
+      Object.keys(items).forEach(key => {
+        const item = items[key];
+        if (item && !item.deleted) {
+          filteredItems[key] = item;
+        }
+      });
+      cache && cache.set(allCacheKey(kind), filteredItems);
+      cb(filteredItems);
+    });
+  };
+
+  this.get = (kind, key, cb) => {
+    if (cache) {
+      const item = cache.get(cacheKey(kind, key));
+      if (item !== undefined) {
+        cb(itemOnlyIfNotDeleted(item));
+        return;
+      }
+    }
+
+    underlyingStore.getInternal(kind, key, item => {
+      cache && cache.set(cacheKey(kind, key), item);
+      cb(itemOnlyIfNotDeleted(item));
+    });
+  };
+
+  function itemOnlyIfNotDeleted(item) {
+    return !item || item.deleted ? null : item;
+  }
+
+  this.upsert = (kind, newItem, cb) => {
+    queue.enqueue(
+      cb => {
+        flushAllCaches();
+        underlyingStore.upsertInternal(kind, newItem, (err, updatedItem) => {
+          if (!err) {
+            cache && cache.set(cacheKey(kind, newItem.key), updatedItem);
+          }
+          cb();
+        });
+      },
+      [],
+      cb
+    );
+  };
+
+  this.delete = (kind, key, version, cb) => {
+    this.upsert(kind, { key: key, version: version, deleted: true }, cb);
+  };
+
+  this.close = () => {
+    cache && cache.close();
+    underlyingStore.close();
+  };
+
+  function flushAllCaches() {
+    if (!cache) {
+      return;
+    }
+    for (const eachKind of Object.values(dataKind)) {
+      cache.del(allCacheKey(eachKind));
+    }
+  }
+
+  // This and the next function are used by init() to provide the best ordering of items
+  // to write the underlying store, if the store supports the initOrderedInternal method.
+  function sortAllCollections(dataMap) {
+    const result = [];
+    Object.keys(dataMap).forEach(kindNamespace => {
+      const kind = dataKind[kindNamespace];
+      result.push({ kind: kind, items: sortCollection(kind, dataMap[kindNamespace]) });
+    });
+    const kindPriority = kind => (kind.priority === undefined ? kind.namespace.length : kind.priority);
+    result.sort((i1, i2) => kindPriority(i1.kind) - kindPriority(i2.kind));
+    return result;
+  }
+
+  function sortCollection(kind, itemsMap) {
+    const itemsOut = [];
+    const remainingItems = new Set(Object.keys(itemsMap));
+    const addWithDependenciesFirst = key => {
+      if (remainingItems.has(key)) {
+        remainingItems.delete(key);
+        const item = itemsMap[key];
+        if (kind.getDependencyKeys) {
+          kind.getDependencyKeys(item).forEach(prereqKey => {
+            addWithDependenciesFirst(prereqKey);
+          });
+        }
+        itemsOut.push(item);
+      }
+    };
+    while (remainingItems.size > 0) {
+      // pick a random item that hasn't been updated yet
+      const key = remainingItems.values().next().value;
+      addWithDependenciesFirst(key);
+    }
+    return itemsOut;
+  }
+}
+
+module.exports = CachingStoreWrapper;