npm - @scenarist/msw-adapter - Versions diffs - 0.4.3 → 0.4.5 - Mend

@scenarist/msw-adapter 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/handlers/dynamic-handler.d.ts.map +1 -1
package/dist/handlers/dynamic-handler.js +21 -7
package/package.json +2 -2

package/dist/handlers/dynamic-handler.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"dynamic-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/dynamic-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC;AACvC,OAAO,KAAK,EACV,cAAc,EACd,iBAAiB,EAIjB,gBAAgB,EAChB,cAAc,EACd,MAAM,EACP,MAAM,iBAAiB,CAAC;AAKzB,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC;IACjD,QAAQ,CAAC,iBAAiB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,cAAc,GAAG,SAAS,CAAC;IAC3E,QAAQ,CAAC,qBAAqB,EAAE,CAC9B,UAAU,EAAE,MAAM,KACf,iBAAiB,GAAG,SAAS,CAAC;IACnC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC;IACzC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAoIF,eAAO,MAAM,oBAAoB,GAC/B,SAAS,qBAAqB,KAC7B,~~WAiIF~~,CAAC"}
1	+ {"version":3,"file":"dynamic-handler.d.ts","sourceRoot":"","sources":["../../src/handlers/dynamic-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,KAAK,CAAC;AACvC,OAAO,KAAK,EACV,cAAc,EACd,iBAAiB,EAIjB,gBAAgB,EAChB,cAAc,EACd,MAAM,EACP,MAAM,iBAAiB,CAAC;AAKzB,MAAM,MAAM,qBAAqB,GAAG;IAClC,QAAQ,CAAC,SAAS,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC;IACjD,QAAQ,CAAC,iBAAiB,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,cAAc,GAAG,SAAS,CAAC;IAC3E,QAAQ,CAAC,qBAAqB,EAAE,CAC9B,UAAU,EAAE,MAAM,KACf,iBAAiB,GAAG,SAAS,CAAC;IACnC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC;IAC7B,QAAQ,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;IAC5C,QAAQ,CAAC,cAAc,CAAC,EAAE,cAAc,CAAC;IACzC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAoIF,eAAO,MAAM,oBAAoB,GAC/B,SAAS,qBAAqB,KAC7B,WA+IF,CAAC"}

package/dist/handlers/dynamic-handler.js CHANGED Viewed

@@ -173,23 +173,37 @@ export const createDynamicHandler = (options) => {
             // Log the error via Logger if available
             if (options.logger) {
                 const errorMessage = error instanceof Error ? error.message : String(error);
+                // Security: Only include stack traces in non-production environments
+                // to prevent information exposure through log aggregation systems.
+                // Stack traces can reveal internal file paths, dependency versions,
+                // and implementation details that could aid attackers.
+                const includeStack = process.env.NODE_ENV !== "production";
                 options.logger.error(LogCategories.REQUEST, `Handler error: ${errorMessage}`, {
                     testId,
                     requestUrl: request.url,
                     requestMethod: request.method,
                 }, {
                     errorName: error instanceof Error ? error.name : "Unknown",
-                    stack: error instanceof Error ? error.stack : undefined,
+                    stack: includeStack && error instanceof Error ? error.stack : undefined,
                 });
             }
             // Use specific error code from ScenaristError, or fallback to HANDLER_ERROR
             const errorCode = error instanceof ScenaristError ? error.code : "HANDLER_ERROR";
-            // Return a 500 error response with error details
-            return new Response(JSON.stringify({
-                error: "Internal mock server error",
-                message: error instanceof Error ? error.message : String(error),
-                code: errorCode,
-            }), {
+            // Return a 500 error response
+            // Security: Only include message for ScenaristErrors (intentional, safe messages)
+            // For unexpected errors (HANDLER_ERROR), do not expose internal error messages
+            // which may contain sensitive information like file paths, credentials, etc.
+            const responseBody = error instanceof ScenaristError
+                ? {
+                    error: "Internal mock server error",
+                    message: error.message,
+                    code: errorCode,
+                }
+                : {
+                    error: "Internal mock server error",
+                    code: errorCode,
+                };
+            return new Response(JSON.stringify(responseBody), {
                 status: 500,
                 headers: { "Content-Type": "application/json" },
             });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@scenarist/msw-adapter",
-  "version": "0.4.3",
+  "version": "0.4.5",
   "description": "Internal: MSW integration layer for Scenarist framework adapters",
   "author": "Paul Hammond (citypaul) <paul@packsoftware.co.uk>",
   "license": "MIT",
@@ -42,7 +42,7 @@
   ],
   "dependencies": {
     "path-to-regexp": "^6.3.0",
-    "@scenarist/core": "0.4.3"
+    "@scenarist/core": "0.4.5"
   },
   "peerDependencies": {
     "msw": "^2.0.0"