securenow 5.10.0 → 5.10.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/nextjs-auto-capture.js +1 -1
  2. package/nextjs-middleware.js +2 -2
  3. package/nextjs-wrapper.js +1 -1
  4. package/nuxt-server-plugin.mjs +3 -3
  5. package/package.json +1 -1
package/nextjs-auto-capture.js CHANGED
@@ -54,7 +54,7 @@ async function safeBodyCapture(request, span) {
54
54
 
55
55
  try {
56
56
  const contentType = request.headers.get('content-type') || '';
57
- const maxBodySize = parseInt(process.env.SECURENOW_MAX_BODY_SIZE || '10240');
57
+ const maxBodySize = Math.max(1024, parseInt(process.env.SECURENOW_MAX_BODY_SIZE, 10) || 10240);
58
58
  const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
59
59
  const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
60
60
 
package/nextjs-middleware.js CHANGED
@@ -99,7 +99,7 @@ async function middleware(request) {
99
99
 
100
100
  try {
101
101
  const contentType = request.headers.get('content-type') || '';
102
- const maxBodySize = parseInt(process.env.SECURENOW_MAX_BODY_SIZE || '10240');
102
+ const maxBodySize = Math.max(1024, parseInt(process.env.SECURENOW_MAX_BODY_SIZE, 10) || 10240);
103
103
  const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
104
104
  const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
105
105
 
@@ -124,7 +124,7 @@ async function middleware(request) {
124
124
  const redacted = redactSensitiveData(parsed, allSensitiveFields);
125
125
  redactedBody = JSON.stringify(redacted);
126
126
  } catch (e) {
127
- redactedBody = bodyText; // Keep as-is if parse fails
127
+ redactedBody = '[UNPARSEABLE - REDACTED FOR SAFETY]';
128
128
  }
129
129
  }
130
130
 
package/nextjs-wrapper.js CHANGED
@@ -60,7 +60,7 @@ async function captureRequestBody(request) {
60
60
 
61
61
  try {
62
62
  const contentType = request.headers.get('content-type') || '';
63
- const maxBodySize = parseInt(process.env.SECURENOW_MAX_BODY_SIZE || '10240');
63
+ const maxBodySize = Math.max(1024, parseInt(process.env.SECURENOW_MAX_BODY_SIZE, 10) || 10240);
64
64
  const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
65
65
  const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
66
66
 
package/nuxt-server-plugin.mjs CHANGED
@@ -46,7 +46,7 @@ const DEFAULT_SENSITIVE_FIELDS = [
46
46
  function redactSensitiveData(obj, fields = DEFAULT_SENSITIVE_FIELDS) {
47
47
  if (!obj || typeof obj !== 'object') return obj;
48
48
  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
49
- for (const key in redacted) {
49
+ for (const key of Object.keys(redacted)) {
50
50
  const lower = key.toLowerCase();
51
51
  if (fields.some((f) => lower.includes(f.toLowerCase()))) {
52
52
  redacted[key] = '[REDACTED]';
@@ -133,7 +133,7 @@ export default defineNitroPlugin((nitroApp) => {
133
133
  opts.captureBody ??
134
134
  (String(env('SECURENOW_CAPTURE_BODY')) === '1' ||
135
135
  String(env('SECURENOW_CAPTURE_BODY')).toLowerCase() === 'true');
136
- const maxBodySize = parseInt(env('SECURENOW_MAX_BODY_SIZE') || '10240');
136
+ const maxBodySize = Math.max(1024, parseInt(env('SECURENOW_MAX_BODY_SIZE'), 10) || 10240);
137
137
  const customSensitiveFields = (env('SECURENOW_SENSITIVE_FIELDS') || '')
138
138
  .split(',')
139
139
  .map((s) => s.trim())
@@ -208,7 +208,7 @@ export default defineNitroPlugin((nitroApp) => {
208
208
  'http.request.body.size': size,
209
209
  });
210
210
  } catch {
211
- span.setAttribute('http.request.body', raw.substring(0, 1000));
211
+ span.setAttribute('http.request.body', '[UNPARSEABLE - REDACTED FOR SAFETY]');
212
212
  span.setAttribute('http.request.body.parse_error', true);
213
213
  }
214
214
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "securenow",
3
- "version": "5.10.0",
3
+ "version": "5.10.2",
4
4
  "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
5
5
  "type": "commonjs",
6
6
  "main": "register.js",