npm - securenow - Versions diffs - 4.0.5 → 4.0.9 - Mend

securenow 4.0.5 → 4.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

package/README.md +4 -3
package/cli.js +4 -1
package/docs/ARCHITECTURE.md +408 -0
package/{AUTO-BODY-CAPTURE.md → docs/AUTO-BODY-CAPTURE.md} +3 -0
package/docs/AUTO-SETUP-SUMMARY.md +331 -0
package/{AUTO-SETUP.md → docs/AUTO-SETUP.md} +3 -0
package/{AUTOMATIC-IP-CAPTURE.md → docs/AUTOMATIC-IP-CAPTURE.md} +3 -0
package/{BODY-CAPTURE-FIX.md → docs/BODY-CAPTURE-FIX.md} +3 -0
package/{BODY-CAPTURE-QUICKSTART.md → docs/BODY-CAPTURE-QUICKSTART.md} +147 -147
package/docs/CHANGELOG-NEXTJS.md +235 -0
package/docs/COMPLETION-REPORT.md +408 -0
package/{EASIEST-SETUP.md → docs/EASIEST-SETUP.md} +3 -0
package/docs/EXPRESS-BODY-CAPTURE.md +1027 -0
package/{FINAL-SOLUTION.md → docs/FINAL-SOLUTION.md} +3 -0
package/docs/IMPLEMENTATION-SUMMARY.md +410 -0
package/docs/INDEX.md +129 -0
package/{NEXTJS-BODY-CAPTURE-COMPARISON.md → docs/NEXTJS-BODY-CAPTURE-COMPARISON.md} +3 -0
package/docs/NEXTJS-WEBPACK-WARNINGS.md +267 -0
package/{NEXTJS-WRAPPER-APPROACH.md → docs/NEXTJS-WRAPPER-APPROACH.md} +3 -0
package/{QUICKSTART-BODY-CAPTURE.md → docs/QUICKSTART-BODY-CAPTURE.md} +3 -0
package/{REDACTION-EXAMPLES.md → docs/REDACTION-EXAMPLES.md} +3 -0
package/{REQUEST-BODY-CAPTURE.md → docs/REQUEST-BODY-CAPTURE.md} +575 -575
package/{SOLUTION-SUMMARY.md → docs/SOLUTION-SUMMARY.md} +3 -0
package/docs/VERCEL-OTEL-MIGRATION.md +255 -0
package/examples/README.md +3 -0
package/examples/instrumentation-with-auto-capture.ts +3 -0
package/examples/next.config.js +3 -0
package/examples/nextjs-api-route-with-body-capture.ts +3 -0
package/examples/nextjs-env-example.txt +3 -0
package/examples/nextjs-instrumentation.js +3 -0
package/examples/nextjs-instrumentation.ts +3 -0
package/examples/nextjs-middleware.js +3 -0
package/examples/nextjs-middleware.ts +3 -0
package/examples/nextjs-with-options.ts +3 -0
package/examples/test-nextjs-setup.js +3 -0
package/nextjs-auto-capture.js +3 -0
package/nextjs-middleware.js +3 -0
package/nextjs-wrapper.js +3 -0
package/nextjs.js +174 -72
package/package.json +3 -19
package/postinstall.js +310 -310
package/tracing.js +287 -287
/package/{CUSTOMER-GUIDE.md → docs/CUSTOMER-GUIDE.md} +0 -0
/package/{NEXTJS-BODY-CAPTURE.md → docs/NEXTJS-BODY-CAPTURE.md} +0 -0
/package/{NEXTJS-GUIDE.md → docs/NEXTJS-GUIDE.md} +0 -0
/package/{NEXTJS-QUICKSTART.md → docs/NEXTJS-QUICKSTART.md} +0 -0

package/postinstall.js CHANGED Viewed

@@ -1,310 +1,310 @@
-#!/usr/bin/env node
-'use strict';
-/**
- * SecureNow Post-Install Script
- *
- * Automatically detects Next.js projects and offers to create instrumentation file
- */
-const fs = require('fs');
-const path = require('path');
-const readline = require('readline');
-// Check if we're in a Next.js project
-function isNextJsProject() {
-  try {
-    const packageJsonPath = path.join(process.cwd(), 'package.json');
-    if (!fs.existsSync(packageJsonPath)) return false;
-    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
-    const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
-    return !!deps.next;
-  } catch (error) {
-    return false;
-  }
-}
-// Check if instrumentation file already exists
-function hasInstrumentationFile() {
-  const files = [
-    'instrumentation.ts',
-    'instrumentation.js',
-    'src/instrumentation.ts',
-    'src/instrumentation.js'
-  ];
-  return files.some(file => fs.existsSync(path.join(process.cwd(), file)));
-}
-// Create TypeScript instrumentation file
-function createTsInstrumentation(targetPath) {
-  const content = `import { registerSecureNow } from 'securenow/nextjs';
-export function register() {
-  registerSecureNow();
-}
-/**
- * Configuration via .env.local:
- *
- * Required:
- *   SECURENOW_APPID=my-nextjs-app
- *
- * Optional:
- *   SECURENOW_INSTANCE=http://your-signoz-server:4318
- *   OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
- *   OTEL_LOG_LEVEL=info
- */
-`;
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-// Create JavaScript instrumentation file
-function createJsInstrumentation(targetPath) {
-  const content = `const { registerSecureNow } = require('securenow/nextjs');
-export function register() {
-  registerSecureNow();
-}
-/**
- * Configuration via .env.local:
- *
- * Required:
- *   SECURENOW_APPID=my-nextjs-app
- *
- * Optional:
- *   SECURENOW_INSTANCE=http://your-signoz-server:4318
- *   OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
- *   OTEL_LOG_LEVEL=info
- *
- * Optional: Enable request body capture
- *   SECURENOW_CAPTURE_BODY=1
- *   (Also create middleware.ts to activate - run: npx securenow init)
- */
-`;
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-// Create TypeScript middleware file
-function createTsMiddleware(targetPath) {
-  const content = `// SecureNow Middleware - Automatic Request Body Capture
-// This enables capturing JSON, GraphQL, and Form request bodies
-// with automatic sensitive field redaction
-export { middleware } from 'securenow/nextjs-middleware';
-export const config = {
-  matcher: '/api/:path*',  // Apply to all API routes
-};
-/**
- * Bodies are captured with:
- * - Automatic redaction of passwords, tokens, cards, etc.
- * - Size limits (configurable via SECURENOW_MAX_BODY_SIZE)
- * - JSON, GraphQL, Form data support
- *
- * Configure in .env.local:
- *   SECURENOW_MAX_BODY_SIZE=20480
- *   SECURENOW_SENSITIVE_FIELDS=email,phone
- */
-`;
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-// Create JavaScript middleware file
-function createJsMiddleware(targetPath) {
-  const content = `// SecureNow Middleware - Automatic Request Body Capture
-// This enables capturing JSON, GraphQL, and Form request bodies
-// with automatic sensitive field redaction
-export { middleware } from 'securenow/nextjs-middleware';
-export const config = {
-  matcher: '/api/:path*',  // Apply to all API routes
-};
-/**
- * Bodies are captured with:
- * - Automatic redaction of passwords, tokens, cards, etc.
- * - Size limits (configurable via SECURENOW_MAX_BODY_SIZE)
- * - JSON, GraphQL, Form data support
- *
- * Configure in .env.local:
- *   SECURENOW_MAX_BODY_SIZE=20480
- *   SECURENOW_SENSITIVE_FIELDS=email,phone
- */
-`;
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-// Create .env.local template
-function createEnvTemplate(targetPath) {
-  const content = `# SecureNow Configuration
-# Required: Your application identifier
-SECURENOW_APPID=my-nextjs-app
-# Optional: Your SigNoz/OpenTelemetry collector endpoint
-# Default: http://46.62.173.237:4318
-SECURENOW_INSTANCE=http://your-signoz-server:4318
-# Optional: API key or authentication headers
-# OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"
-# Optional: Log level (debug|info|warn|error)
-# OTEL_LOG_LEVEL=info
-# Optional: Enable request body capture (requires middleware.ts)
-# SECURENOW_CAPTURE_BODY=1
-# SECURENOW_MAX_BODY_SIZE=10240
-# SECURENOW_SENSITIVE_FIELDS=email,phone
-`;
-  fs.writeFileSync(targetPath, content, 'utf8');
-}
-// Check if TypeScript is used
-function isTypeScriptProject() {
-  return fs.existsSync(path.join(process.cwd(), 'tsconfig.json'));
-}
-// Main setup function
-async function setup() {
-  // Skip if not in Next.js project
-  if (!isNextJsProject()) {
-    console.log('[securenow] Not a Next.js project, skipping auto-setup');
-    return;
-  }
-  // Skip if instrumentation file already exists
-  if (hasInstrumentationFile()) {
-    console.log('[securenow] ✅ Instrumentation file already exists');
-    return;
-  }
-  console.log('\n┌─────────────────────────────────────────────────┐');
-  console.log('│  🎉 SecureNow installed successfully!          │');
-  console.log('│  Next.js project detected                       │');
-  console.log('└─────────────────────────────────────────────────┘\n');
-  // Check if we're in CI/non-interactive environment
-  if (process.env.CI || !process.stdin.isTTY) {
-    console.log('[securenow] ℹ️  Non-interactive environment detected');
-    console.log('[securenow] 💡 To complete setup, run: npx securenow init');
-    return;
-  }
-  // Ask user if they want to auto-setup
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout
-  });
-  rl.question('Would you like to automatically create instrumentation file? (Y/n) ', (answer) => {
-    const shouldCreate = !answer || answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
-    if (!shouldCreate) {
-      console.log('\n[securenow] No problem! To setup later, run: npx securenow init');
-      rl.close();
-      return;
-    }
-    try {
-      const useTypeScript = isTypeScriptProject();
-      const srcExists = fs.existsSync(path.join(process.cwd(), 'src'));
-      // Determine file path
-      const fileName = useTypeScript ? 'instrumentation.ts' : 'instrumentation.js';
-      const filePath = srcExists
-        ? path.join(process.cwd(), 'src', fileName)
-        : path.join(process.cwd(), fileName);
-      // Create instrumentation file
-      if (useTypeScript) {
-        createTsInstrumentation(filePath);
-      } else {
-        createJsInstrumentation(filePath);
-      }
-      console.log(`\n✅ Created ${srcExists ? 'src/' : ''}${fileName}`);
-      // Ask about middleware for body capture
-      rl.question('\nWould you like to enable request body capture? (y/N) ', (middlewareAnswer) => {
-        const shouldCreateMiddleware = middlewareAnswer && (middlewareAnswer.toLowerCase() === 'y' || middlewareAnswer.toLowerCase() === 'yes');
-        if (shouldCreateMiddleware) {
-          try {
-            const middlewareName = useTypeScript ? 'middleware.ts' : 'middleware.js';
-            const middlewarePath = srcExists
-              ? path.join(process.cwd(), 'src', middlewareName)
-              : path.join(process.cwd(), middlewareName);
-            if (useTypeScript) {
-              createTsMiddleware(middlewarePath);
-            } else {
-              createJsMiddleware(middlewarePath);
-            }
-            console.log(`✅ Created ${srcExists ? 'src/' : ''}${middlewareName}`);
-            console.log('   → Captures JSON, GraphQL, Form bodies with auto-redaction');
-          } catch (error) {
-            console.warn(`⚠️  Could not create middleware: ${error.message}`);
-          }
-        }
-        // Create .env.local if it doesn't exist
-        const envPath = path.join(process.cwd(), '.env.local');
-        if (!fs.existsSync(envPath)) {
-          createEnvTemplate(envPath);
-          console.log('✅ Created .env.local template');
-        }
-        console.log('\n┌─────────────────────────────────────────────────┐');
-        console.log('│  🚀 Next Steps:                                 │');
-        console.log('│                                                 │');
-        console.log('│  1. Edit .env.local and set:                   │');
-        console.log('│     SECURENOW_APPID=your-app-name              │');
-        console.log('│     SECURENOW_INSTANCE=http://signoz:4318      │');
-        if (shouldCreateMiddleware) {
-          console.log('│     SECURENOW_CAPTURE_BODY=1                   │');
-        }
-        console.log('│                                                 │');
-        console.log('│  2. Run your app: npm run dev                  │');
-        console.log('│                                                 │');
-        console.log('│  3. Check SigNoz for traces!                   │');
-        console.log('│                                                 │');
-        if (shouldCreateMiddleware) {
-          console.log('│  📝 Body capture enabled with auto-redaction   │');
-        }
-        console.log('│  📚 Full guide: npm docs securenow              │');
-        console.log('└─────────────────────────────────────────────────┘\n');
-        rl.close();
-      });
-    } catch (error) {
-      console.error('\n❌ Failed to create instrumentation file:', error.message);
-      console.log('💡 You can create it manually or run: npx securenow init');
-      rl.close();
-    }
-  });
-}
-// Run setup if this is a new installation (not being installed as a dependency of another package)
-if (require.main === module || process.env.npm_config_global !== 'true') {
-  setup().catch(err => {
-    console.error('[securenow] Setup error:', err);
-  });
-}
-module.exports = { setup };
+#!/usr/bin/env node
+'use strict';
+/**
+ * SecureNow Post-Install Script
+ *
+ * Automatically detects Next.js projects and offers to create instrumentation file
+ */
+const fs = require('fs');
+const path = require('path');
+const readline = require('readline');
+// Check if we're in a Next.js project
+function isNextJsProject() {
+  try {
+    const packageJsonPath = path.join(process.cwd(), 'package.json');
+    if (!fs.existsSync(packageJsonPath)) return false;
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, 'utf8'));
+    const deps = { ...packageJson.dependencies, ...packageJson.devDependencies };
+    return !!deps.next;
+  } catch (error) {
+    return false;
+  }
+}
+// Check if instrumentation file already exists
+function hasInstrumentationFile() {
+  const files = [
+    'instrumentation.ts',
+    'instrumentation.js',
+    'src/instrumentation.ts',
+    'src/instrumentation.js'
+  ];
+  return files.some(file => fs.existsSync(path.join(process.cwd(), file)));
+}
+// Create TypeScript instrumentation file
+function createTsInstrumentation(targetPath) {
+  const content = `import { registerSecureNow } from 'securenow/nextjs';
+export function register() {
+  registerSecureNow();
+}
+/**
+ * Configuration via .env.local:
+ *
+ * Required:
+ *   SECURENOW_APPID=my-nextjs-app
+ *
+ * Optional:
+ *   SECURENOW_INSTANCE=http://your-signoz-server:4318
+ *   OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
+ *   OTEL_LOG_LEVEL=info
+ */
+`;
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+// Create JavaScript instrumentation file
+function createJsInstrumentation(targetPath) {
+  const content = `const { registerSecureNow } = require('securenow/nextjs');
+export function register() {
+  registerSecureNow();
+}
+/**
+ * Configuration via .env.local:
+ *
+ * Required:
+ *   SECURENOW_APPID=my-nextjs-app
+ *
+ * Optional:
+ *   SECURENOW_INSTANCE=http://your-signoz-server:4318
+ *   OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-key"
+ *   OTEL_LOG_LEVEL=info
+ *
+ * Optional: Enable request body capture
+ *   SECURENOW_CAPTURE_BODY=1
+ *   (Also create middleware.ts to activate - run: npx securenow init)
+ */
+`;
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+// Create TypeScript middleware file
+function createTsMiddleware(targetPath) {
+  const content = `// SecureNow Middleware - Automatic Request Body Capture
+// This enables capturing JSON, GraphQL, and Form request bodies
+// with automatic sensitive field redaction
+export { middleware } from 'securenow/nextjs-middleware';
+export const config = {
+  matcher: '/api/:path*',  // Apply to all API routes
+};
+/**
+ * Bodies are captured with:
+ * - Automatic redaction of passwords, tokens, cards, etc.
+ * - Size limits (configurable via SECURENOW_MAX_BODY_SIZE)
+ * - JSON, GraphQL, Form data support
+ *
+ * Configure in .env.local:
+ *   SECURENOW_MAX_BODY_SIZE=20480
+ *   SECURENOW_SENSITIVE_FIELDS=email,phone
+ */
+`;
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+// Create JavaScript middleware file
+function createJsMiddleware(targetPath) {
+  const content = `// SecureNow Middleware - Automatic Request Body Capture
+// This enables capturing JSON, GraphQL, and Form request bodies
+// with automatic sensitive field redaction
+export { middleware } from 'securenow/nextjs-middleware';
+export const config = {
+  matcher: '/api/:path*',  // Apply to all API routes
+};
+/**
+ * Bodies are captured with:
+ * - Automatic redaction of passwords, tokens, cards, etc.
+ * - Size limits (configurable via SECURENOW_MAX_BODY_SIZE)
+ * - JSON, GraphQL, Form data support
+ *
+ * Configure in .env.local:
+ *   SECURENOW_MAX_BODY_SIZE=20480
+ *   SECURENOW_SENSITIVE_FIELDS=email,phone
+ */
+`;
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+// Create .env.local template
+function createEnvTemplate(targetPath) {
+  const content = `# SecureNow Configuration
+# Required: Your application identifier
+SECURENOW_APPID=my-nextjs-app
+# Optional: Your SigNoz/OpenTelemetry collector endpoint
+# Default: http://46.62.173.237:4318
+SECURENOW_INSTANCE=http://your-signoz-server:4318
+# Optional: API key or authentication headers
+# OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key-here"
+# Optional: Log level (debug|info|warn|error)
+# OTEL_LOG_LEVEL=info
+# Optional: Enable request body capture (requires middleware.ts)
+# SECURENOW_CAPTURE_BODY=1
+# SECURENOW_MAX_BODY_SIZE=10240
+# SECURENOW_SENSITIVE_FIELDS=email,phone
+`;
+  fs.writeFileSync(targetPath, content, 'utf8');
+}
+// Check if TypeScript is used
+function isTypeScriptProject() {
+  return fs.existsSync(path.join(process.cwd(), 'tsconfig.json'));
+}
+// Main setup function
+async function setup() {
+  // Skip if not in Next.js project
+  if (!isNextJsProject()) {
+    console.log('[securenow] Not a Next.js project, skipping auto-setup');
+    return;
+  }
+  // Skip if instrumentation file already exists
+  if (hasInstrumentationFile()) {
+    console.log('[securenow] ✅ Instrumentation file already exists');
+    return;
+  }
+  console.log('\n┌─────────────────────────────────────────────────┐');
+  console.log('│  🎉 SecureNow installed successfully!          │');
+  console.log('│  Next.js project detected                       │');
+  console.log('└─────────────────────────────────────────────────┘\n');
+  // Check if we're in CI/non-interactive environment
+  if (process.env.CI || !process.stdin.isTTY) {
+    console.log('[securenow] ℹ️  Non-interactive environment detected');
+    console.log('[securenow] 💡 To complete setup, run: npx securenow init');
+    return;
+  }
+  // Ask user if they want to auto-setup
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout
+  });
+  rl.question('Would you like to automatically create instrumentation file? (Y/n) ', (answer) => {
+    const shouldCreate = !answer || answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes';
+    if (!shouldCreate) {
+      console.log('\n[securenow] No problem! To setup later, run: npx securenow init');
+      rl.close();
+      return;
+    }
+    try {
+      const useTypeScript = isTypeScriptProject();
+      const srcExists = fs.existsSync(path.join(process.cwd(), 'src'));
+      // Determine file path
+      const fileName = useTypeScript ? 'instrumentation.ts' : 'instrumentation.js';
+      const filePath = srcExists
+        ? path.join(process.cwd(), 'src', fileName)
+        : path.join(process.cwd(), fileName);
+      // Create instrumentation file
+      if (useTypeScript) {
+        createTsInstrumentation(filePath);
+      } else {
+        createJsInstrumentation(filePath);
+      }
+      console.log(`\n✅ Created ${srcExists ? 'src/' : ''}${fileName}`);
+      // Ask about middleware for body capture
+      rl.question('\nWould you like to enable request body capture? (y/N) ', (middlewareAnswer) => {
+        const shouldCreateMiddleware = middlewareAnswer && (middlewareAnswer.toLowerCase() === 'y' || middlewareAnswer.toLowerCase() === 'yes');
+        if (shouldCreateMiddleware) {
+          try {
+            const middlewareName = useTypeScript ? 'middleware.ts' : 'middleware.js';
+            const middlewarePath = srcExists
+              ? path.join(process.cwd(), 'src', middlewareName)
+              : path.join(process.cwd(), middlewareName);
+            if (useTypeScript) {
+              createTsMiddleware(middlewarePath);
+            } else {
+              createJsMiddleware(middlewarePath);
+            }
+            console.log(`✅ Created ${srcExists ? 'src/' : ''}${middlewareName}`);
+            console.log('   → Captures JSON, GraphQL, Form bodies with auto-redaction');
+          } catch (error) {
+            console.warn(`⚠️  Could not create middleware: ${error.message}`);
+          }
+        }
+        // Create .env.local if it doesn't exist
+        const envPath = path.join(process.cwd(), '.env.local');
+        if (!fs.existsSync(envPath)) {
+          createEnvTemplate(envPath);
+          console.log('✅ Created .env.local template');
+        }
+        console.log('\n┌─────────────────────────────────────────────────┐');
+        console.log('│  🚀 Next Steps:                                 │');
+        console.log('│                                                 │');
+        console.log('│  1. Edit .env.local and set:                   │');
+        console.log('│     SECURENOW_APPID=your-app-name              │');
+        console.log('│     SECURENOW_INSTANCE=http://signoz:4318      │');
+        if (shouldCreateMiddleware) {
+          console.log('│     SECURENOW_CAPTURE_BODY=1                   │');
+        }
+        console.log('│                                                 │');
+        console.log('│  2. Run your app: npm run dev                  │');
+        console.log('│                                                 │');
+        console.log('│  3. Check SigNoz for traces!                   │');
+        console.log('│                                                 │');
+        if (shouldCreateMiddleware) {
+          console.log('│  📝 Body capture enabled with auto-redaction   │');
+        }
+        console.log('│  📚 Full guide: npm docs securenow              │');
+        console.log('└─────────────────────────────────────────────────┘\n');
+        rl.close();
+      });
+    } catch (error) {
+      console.error('\n❌ Failed to create instrumentation file:', error.message);
+      console.log('💡 You can create it manually or run: npx securenow init');
+      rl.close();
+    }
+  });
+}
+// Run setup if this is a new installation (not being installed as a dependency of another package)
+if (require.main === module || process.env.npm_config_global !== 'true') {
+  setup().catch(err => {
+    console.error('[securenow] Setup error:', err);
+  });
+}
+module.exports = { setup };