npm - @tracehound/express - Versions diffs - 1.3.0 → 1.4.1 - Mend

@tracehound/express 1.3.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -13,18 +13,19 @@ npm install @tracehound/express @tracehound/core
 ```ts
 import express from 'express'
 import { tracehound } from '@tracehound/express'
-import { createAgent, createQuarantine, createRateLimiter } from '@tracehound/core'
+import { createTracehound } from '@tracehound/core'
 const app = express()
-// Create Tracehound components
-const quarantine = createQuarantine({ maxCount: 10000, maxBytes: 100_000_000 })
-const rateLimiter = createRateLimiter({ windowMs: 60_000, maxRequests: 100 })
-const agent = createAgent({ quarantine, rateLimiter })
+// Create Tracehound instance
+const th = createTracehound({
+  quarantine: { maxCount: 10000, maxBytes: 100_000_000 },
+  rateLimit: { windowMs: 60_000, maxRequests: 100 },
+})
 // Apply middleware
 app.use(express.json())
-app.use(tracehound({ agent }))
+app.use(tracehound({ agent: th.agent }))
 app.get('/', (req, res) => {
   res.json({ message: 'Protected by Tracehound' })
@@ -35,11 +36,12 @@ app.listen(3000)
 ## Options
-| Option         | Type                         | Required | Description               |
-| -------------- | ---------------------------- | -------- | ------------------------- |
-| `agent`        | `IAgent`                     | Yes      | Tracehound Agent instance |
-| `extractScent` | `(req) => Scent`             | No       | Custom scent extraction   |
-| `onIntercept`  | `(result, req, res) => void` | No       | Custom response handler   |
+| Option                    | Type                         | Required | Description                                        |
+| ------------------------- | ---------------------------- | -------- | -------------------------------------------------- |
+| `agent`                   | `IAgent`                     | Yes      | Tracehound Agent instance                          |
+| `emitSignatureInResponse` | `boolean`                    | No       | If true, returns signature in 403 (default: false) |
+| `extractScent`            | `(req) => Scent`             | No       | Custom scent extraction                            |
+| `onIntercept`             | `(result, req, res) => void` | No       | Custom response handler                            |
 ## Response Codes

package/dist/index.d.ts CHANGED Viewed

@@ -14,9 +14,14 @@ export interface TracehoundMiddlewareOptions {
      * Required - must be created via createAgent() from @tracehound/core.
      */
     agent: IAgent;
+    /**
+     * If true, includes the Tracehound `signature` in the HTTP 403 Forbidden body
+     * for quarantined requests. This is false by default to prevent correlation attacks.
+     */
+    emitSignatureInResponse?: boolean;
     /**
      * Custom scent extraction function.
-     * Default extracts IP, path, method, and headers.
+     * Default extracts IP, path, method, and headers safely.
      */
     extractScent?: (req: Request) => Scent;
     /**
@@ -32,12 +37,12 @@ export interface TracehoundMiddlewareOptions {
  * ```ts
  * import express from 'express'
  * import { tracehound } from '@tracehound/express'
- * import { createAgent } from '@tracehound/core'
+ * import { createTracehound } from '@tracehound/core'
  *
  * const app = express()
- * const agent = createAgent({ ... })
+ * const th = createTracehound({ }) // options here
  *
- * app.use(tracehound({ agent }))
+ * app.use(tracehound({ agent: th.agent }))
  * ```
  */
 export declare function tracehound(options: TracehoundMiddlewareOptions): RequestHandler;

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAoB,KAAK,MAAM,EAAE,KAAK,eAAe,EAAE,KAAK,KAAK,EAAE,MAAM,kBAAkB,CAAA;AAClG,OAAO,KAAK,EAAgB,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAE9E;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAA;IAEb;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,KAAK,CAAA;IAEtC;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,KAAK,IAAI,CAAA;CAC7E;~~AAgED~~;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,2BAA2B,GAAG,cAAc,~~CAc~~/E;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,mBAAa,CAAA;AAG1C,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAoB,KAAK,MAAM,EAAE,KAAK,eAAe,EAAE,KAAK,KAAK,EAAE,MAAM,kBAAkB,CAAA;AAClG,OAAO,KAAK,EAAgB,OAAO,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAE9E;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC1C;;;OAGG;IACH,KAAK,EAAE,MAAM,CAAA;IAEb;;;OAGG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAA;IAEjC;;;OAGG;IACH,YAAY,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,KAAK,CAAA;IAEtC;;;OAGG;IACH,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,eAAe,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,KAAK,IAAI,CAAA;CAC7E;AAkFD;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,UAAU,CAAC,OAAO,EAAE,2BAA2B,GAAG,cAAc,CA0B/E;AAED;;GAEG;AACH,eAAO,MAAM,gBAAgB,mBAAa,CAAA;AAG1C,YAAY,EAAE,eAAe,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA"}

package/dist/index.js CHANGED Viewed

@@ -4,6 +4,20 @@
  * Express middleware for Tracehound security buffer.
  */
 import { generateSecureId } from '@tracehound/core';
+/**
+ * Defensive clone for safely copying deeply nested or cyclical external payloads
+ * without crashing the process.
+ */
+function safeClone(obj) {
+    if (obj === undefined)
+        return undefined;
+    try {
+        return JSON.parse(JSON.stringify(obj));
+    }
+    catch {
+        return undefined; // Unsafe to clone or cyclical, omit silently
+    }
+}
 /**
  * Default scent extraction from Express request.
  */
@@ -16,19 +30,19 @@ function defaultExtractScent(req) {
         payload: {
             method: req.method,
             path: req.path,
-            query: JSON.parse(JSON.stringify(req.query)),
+            query: safeClone(req.query) ?? {},
             headers: {
                 'user-agent': req.get('user-agent') || '',
                 'content-type': req.get('content-type') || '',
             },
-            body: req.body,
+            body: safeClone(req.body),
         },
     };
 }
 /**
  * Default intercept result handler.
  */
-function defaultOnIntercept(result, _req, res) {
+function defaultOnIntercept(result, _req, res, options) {
     switch (result.status) {
         case 'rate_limited':
             res.set('Retry-After', String(Math.ceil(result.retryAfter / 1000)));
@@ -46,7 +60,7 @@ function defaultOnIntercept(result, _req, res) {
         case 'quarantined':
             res.status(403).json({
                 error: 'Forbidden',
-                signature: result.handle.signature,
+                ...(options?.emitSignatureInResponse ? { signature: result.handle.signature } : {}),
             });
             break;
         case 'error':
@@ -66,16 +80,20 @@ function defaultOnIntercept(result, _req, res) {
  * ```ts
  * import express from 'express'
  * import { tracehound } from '@tracehound/express'
- * import { createAgent } from '@tracehound/core'
+ * import { createTracehound } from '@tracehound/core'
  *
  * const app = express()
- * const agent = createAgent({ ... })
+ * const th = createTracehound({ }) // options here
  *
- * app.use(tracehound({ agent }))
+ * app.use(tracehound({ agent: th.agent }))
  * ```
  */
 export function tracehound(options) {
-    const { agent, extractScent = defaultExtractScent, onIntercept = defaultOnIntercept } = options;
+    const { agent, extractScent = defaultExtractScent, onIntercept } = options;
+    const interceptHandler = onIntercept ||
+        ((res, req, resp) => defaultOnIntercept(res, req, resp, options.emitSignatureInResponse !== undefined
+            ? { emitSignatureInResponse: options.emitSignatureInResponse }
+            : {}));
     return (req, res, next) => {
         const scent = extractScent(req);
         const result = agent.intercept(scent);
@@ -83,7 +101,7 @@ export function tracehound(options) {
             next();
             return;
         }
-        onIntercept(result, req, res);
+        interceptHandler(result, req, res);
     };
 }
 /**

package/dist/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAiD,MAAM,kBAAkB,CAAA;~~AA0BlG~~;;GAEG;AACH,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAA;IAE1D,OAAO;QACL,EAAE,EAAE,gBAAgB,EAAE;QACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,KAAK,EAAE,~~IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,~~SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,~~CAAC~~;~~YAC5C~~,OAAO,EAAE;gBACP,YAAY,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE;gBACzC,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE;aAC9C;YACD,IAAI,EAAE,GAAG,CAAC,IAAI;~~SACf~~;KACF,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,~~CAAC~~,MAAuB,~~EAAE~~,IAAa,~~EAAE~~,GAAa;~~IAC/E~~,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,cAAc;YACjB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;YACnE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAA;YACF,MAAK;QAEP,KAAK,mBAAmB;YACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAA;YACF,MAAK;QAEP,KAAK,aAAa;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,WAAW;gBAClB,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS;~~aACnC~~,CAAC,CAAA;YACF,MAAK;QAEP,KAAK,OAAO;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,uBAAuB;aAC/B,CAAC,CAAA;YACF,MAAK;QAEP;YACE,yCAAyC;YACzC,MAAK;IACT,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,UAAU,CAAC,OAAoC;IAC7D,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,mBAAmB,EAAE,WAAW,GAAG,~~kBAAkB~~,EAAE,GAAG,OAAO,CAAA;~~IAE/F~~,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;QAC/B,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAErC,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7D,IAAI,EAAE,CAAA;YACN,OAAM;QACR,CAAC;QAED,~~WAAW~~,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;~~IAC/B~~,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,UAAU,CAAA"}
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,gBAAgB,EAAiD,MAAM,kBAAkB,CAAA;AAgClG;;;GAGG;AACH,SAAS,SAAS,CAAC,GAAQ;IACzB,IAAI,GAAG,KAAK,SAAS;QAAE,OAAO,SAAS,CAAA;IACvC,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAA;IACxC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAA,CAAC,6CAA6C;IAChE,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,GAAY;IACvC,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAA;IAE1D,OAAO;QACL,EAAE,EAAE,gBAAgB,EAAE;QACtB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,MAAM,EAAE,EAAE;QACV,OAAO,EAAE;YACP,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,KAAK,EAAE,SAAS,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE;YACjC,OAAO,EAAE;gBACP,YAAY,EAAE,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,EAAE;gBACzC,cAAc,EAAE,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE;aAC9C;YACD,IAAI,EAAE,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC;SAC1B;KACF,CAAA;AACH,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CACzB,MAAuB,EACvB,IAAa,EACb,GAAa,EACb,OAAsE;IAEtE,QAAQ,MAAM,CAAC,MAAM,EAAE,CAAC;QACtB,KAAK,cAAc;YACjB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;YACnE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,UAAU,EAAE,MAAM,CAAC,UAAU;aAC9B,CAAC,CAAA;YACF,MAAK;QAEP,KAAK,mBAAmB;YACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC,CAAA;YACF,MAAK;QAEP,KAAK,aAAa;YAChB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,WAAW;gBAClB,GAAG,CAAC,OAAO,EAAE,uBAAuB,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpF,CAAC,CAAA;YACF,MAAK;QAEP,KAAK,OAAO;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,uBAAuB;aAC/B,CAAC,CAAA;YACF,MAAK;QAEP;YACE,yCAAyC;YACzC,MAAK;IACT,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,UAAU,CAAC,OAAoC;IAC7D,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,mBAAmB,EAAE,WAAW,EAAE,GAAG,OAAO,CAAA;IAE1E,MAAM,gBAAgB,GACpB,WAAW;QACX,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,CAClB,kBAAkB,CAChB,GAAG,EACH,GAAG,EACH,IAAI,EACJ,OAAO,CAAC,uBAAuB,KAAK,SAAS;YAC3C,CAAC,CAAC,EAAE,uBAAuB,EAAE,OAAO,CAAC,uBAAuB,EAAE;YAC9D,CAAC,CAAC,EAAE,CACP,CAAC,CAAA;IAEN,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAC/D,MAAM,KAAK,GAAG,YAAY,CAAC,GAAG,CAAC,CAAA;QAC/B,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;QAErC,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YAC7D,IAAI,EAAE,CAAA;YACN,OAAM;QACR,CAAC;QAED,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,CAAC,CAAA;IACpC,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,gBAAgB,GAAG,UAAU,CAAA"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@tracehound/express",
-  "version": "1.3.0",
+  "version": "1.4.1",
   "description": "Express middleware for Tracehound security buffer",
   "license": "Apache-2.0",
   "author": "Erdem Arslan <me@erdem.work>",
@@ -32,7 +32,7 @@
     "dist"
   ],
   "dependencies": {
-    "@tracehound/core": "1.3.0"
+    "@tracehound/core": "1.4.3"
   },
   "devDependencies": {
     "@types/express": "^4.17.21",