npm - securenow - Versions diffs - 5.18.0 → 5.19.0 - Mend

securenow 5.18.0 → 5.19.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/cli/security.js CHANGED Viewed

@@ -861,88 +861,6 @@ async function ipTraces(args, flags) {
   }
 }
-// ── API Map ──
-async function apiMapList(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching API map');
-  try {
-    const data = await api.get('/api-map');
-    const apiMap = data.apiMap;
-    s.stop('API map loaded');
-    if (flags.json) { ui.json(data); return; }
-    if (!apiMap) {
-      console.log('');
-      ui.info(data.message || 'No API map discovered yet. Run discovery from the dashboard.');
-      console.log('');
-      return;
-    }
-    console.log('');
-    if (apiMap.apps && typeof apiMap.apps === 'object') {
-      for (const [appName, appData] of Object.entries(apiMap.apps)) {
-        ui.subheading(appName);
-        console.log('');
-        const endpoints = appData.endpoints || [];
-        if (endpoints.length) {
-          const rows = endpoints.map(e => [
-            e.method || '—',
-            e.path || e.route || '—',
-            e.requestCount != null ? String(e.requestCount) : '—',
-            e.description || ui.c.dim('—'),
-          ]);
-          ui.table(['Method', 'Path', 'Requests', 'Description'], rows);
-        } else {
-          ui.info('No endpoints discovered for this app.');
-        }
-        console.log('');
-      }
-    } else {
-      ui.json(apiMap);
-    }
-  } catch (err) {
-    s.fail('Failed to fetch API map');
-    throw err;
-  }
-}
-async function apiMapStats(args, flags) {
-  requireAuth();
-  const s = ui.spinner('Fetching API map stats');
-  try {
-    const data = await api.get('/api-map/stats');
-    const stats = data.stats;
-    s.stop('Stats loaded');
-    if (flags.json) { ui.json(stats); return; }
-    if (!stats) {
-      console.log('');
-      ui.info('No API map stats available.');
-      console.log('');
-      return;
-    }
-    console.log('');
-    ui.heading('API Map Statistics');
-    console.log('');
-    ui.keyValue([
-      ['Total Apps', String(stats.totalApps ?? '—')],
-      ['Total Endpoints', String(stats.totalEndpoints ?? '—')],
-      ['Total Requests', String(stats.totalRequests ?? '—')],
-      ['Discovery Status', stats.discoveryStatus || '—'],
-      ['Last Discovered', stats.lastDiscoveredAt ? new Date(stats.lastDiscoveredAt).toLocaleString() : '—'],
-      ['Version', String(stats.version ?? '—')],
-    ]);
-    console.log('');
-  } catch (err) {
-    s.fail('Failed to fetch stats');
-    throw err;
-  }
-}
 // ── Instances ──
 async function instancesList(args, flags) {
@@ -1056,8 +974,6 @@ module.exports = {
   forensicsLibrary,
   ipLookup,
   ipTraces,
-  apiMapList,
-  apiMapStats,
   instancesList,
   instancesTest,
   analytics,

package/cli.js CHANGED Viewed

@@ -202,15 +202,6 @@ const COMMANDS = {
     },
     defaultAction: (a, f) => require('./cli/security').forensicsQuery(a, f),
   },
-  'api-map': {
-    desc: 'View API map',
-    usage: 'securenow api-map [stats]',
-    sub: {
-      list: { desc: 'List discovered API endpoints', run: (a, f) => require('./cli/security').apiMapList(a, f) },
-      stats: { desc: 'API map statistics', run: (a, f) => require('./cli/security').apiMapStats(a, f) },
-    },
-    defaultSub: 'list',
-  },
   instances: {
     desc: 'Manage ClickHouse instances',
     usage: 'securenow instances <subcommand> [options]',
@@ -353,7 +344,7 @@ function showHelp(commandName) {
     'Applications': ['apps', 'init', 'status'],
     'Observe': ['traces', 'logs', 'analytics'],
     'Detect & Respond': ['notifications', 'alerts', 'fp'],
-    'Investigate': ['ip', 'forensics', 'api-map'],
+    'Investigate': ['ip', 'forensics'],
     'Firewall': ['firewall'],
     'Remediation': ['blocklist', 'allowlist', 'trusted'],
     'Settings': ['instances', 'config', 'version'],

package/nextjs.js CHANGED Viewed

@@ -367,6 +367,44 @@ function registerSecureNow(options = {}) {
       },
     });
+    // -------- Guard against OTLP exporter socket errors --------
+    // The OTLP HTTP exporter uses keep-alive connections that can be reset by
+    // the remote end (ECONNRESET / "socket hang up"). These transient errors
+    // sometimes escape as unhandled exceptions or rejections. We catch them
+    // here and log at debug level instead of crashing the host app.
+    const _TRANSIENT_CODES = new Set(['ECONNRESET', 'ECONNREFUSED', 'ETIMEDOUT', 'EPIPE', 'EAI_AGAIN']);
+    function _isOtlpTransientError(err) {
+      if (!err) return false;
+      if (_TRANSIENT_CODES.has(err.code)) return true;
+      if (typeof err.message === 'string' && /socket hang up|ECONNRESET/.test(err.message)) return true;
+      return false;
+    }
+    function _looksLikeOtlpStack(err) {
+      const s = err && err.stack;
+      if (!s) return false;
+      return /OTLPTraceExporter|OTLPLogExporter|otlp|exporter.*http|BatchSpanProcessor|BatchLogRecordProcessor/i.test(s)
+        || /node:_http_client|ClientRequest|TLSSocket/i.test(s);
+    }
+    const _diagDebug = (env('OTEL_LOG_LEVEL') || '').toLowerCase() === 'debug';
+    process.on('uncaughtException', (err, origin) => {
+      if (_isOtlpTransientError(err) && _looksLikeOtlpStack(err)) {
+        if (_diagDebug) {
+          console.debug('[securenow] Suppressed transient OTLP exporter error (%s): %s', origin, err.message);
+        }
+        return;
+      }
+      throw err;
+    });
+    process.on('unhandledRejection', (reason) => {
+      if (_isOtlpTransientError(reason) && _looksLikeOtlpStack(reason)) {
+        if (_diagDebug) {
+          console.debug('[securenow] Suppressed transient OTLP exporter rejection: %s', reason && reason.message);
+        }
+        return;
+      }
+      throw reason;
+    });
     if (isVercel) {
       // -------- Vercel Environment: Use @vercel/otel --------
       const { registerOTel } = require('@vercel/otel');

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "5.18.0",
+  "version": "5.19.0",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",

package/tracing.js CHANGED Viewed

@@ -258,12 +258,12 @@ function collectMultipartMeta(request, contentType, sensitiveFields, maxTextFiel
 })();
 // -------- diagnostics --------
+const diagLevel = (env('OTEL_LOG_LEVEL') || '').toLowerCase();
 (() => {
-  const L = (env('OTEL_LOG_LEVEL') || '').toLowerCase();
-  const level = L === 'debug' ? DiagLogLevel.DEBUG :
-                L === 'info'  ? DiagLogLevel.INFO  :
-                L === 'warn'  ? DiagLogLevel.WARN  :
-                L === 'error' ? DiagLogLevel.ERROR : DiagLogLevel.NONE;
+  const level = diagLevel === 'debug' ? DiagLogLevel.DEBUG :
+                diagLevel === 'info'  ? DiagLogLevel.INFO  :
+                diagLevel === 'warn'  ? DiagLogLevel.WARN  :
+                diagLevel === 'error' ? DiagLogLevel.ERROR : DiagLogLevel.NONE;
   diag.setLogger(new DiagConsoleLogger(), level);
   console.log('[securenow] preload loaded pid=%d', process.pid);
 })();
@@ -506,6 +506,48 @@ if (loggingEnabled) {
   console.__securenow_patched = true;
 }
+// -------- Guard against OTLP exporter socket errors --------
+// The OTLP HTTP exporter uses keep-alive connections that can be reset by the
+// remote end (ECONNRESET / "socket hang up"). These transient errors sometimes
+// escape as unhandled exceptions or rejections because the underlying HTTP
+// request's error path isn't fully covered by the OTel library. We install
+// targeted process-level handlers to catch them and log at debug level instead
+// of crashing the host app.
+const _TRANSIENT_CODES = new Set(['ECONNRESET', 'ECONNREFUSED', 'ETIMEDOUT', 'EPIPE', 'EAI_AGAIN']);
+function _isOtlpTransientError(err) {
+  if (!err) return false;
+  if (_TRANSIENT_CODES.has(err.code)) return true;
+  if (typeof err.message === 'string' && /socket hang up|ECONNRESET/.test(err.message)) return true;
+  return false;
+}
+function _looksLikeOtlpStack(err) {
+  const s = err && err.stack;
+  if (!s) return false;
+  return /OTLPTraceExporter|OTLPLogExporter|otlp|exporter.*http|BatchSpanProcessor|BatchLogRecordProcessor/i.test(s)
+    || /node:_http_client|ClientRequest|TLSSocket/i.test(s);
+}
+process.on('uncaughtException', (err, origin) => {
+  if (_isOtlpTransientError(err) && _looksLikeOtlpStack(err)) {
+    if (diagLevel === 'debug') {
+      console.debug('[securenow] Suppressed transient OTLP exporter error (%s): %s', origin, err.message);
+    }
+    return; // swallow — do not crash
+  }
+  // Not ours — re-throw so the default handler (or the app's own handler) fires
+  throw err;
+});
+process.on('unhandledRejection', (reason) => {
+  if (_isOtlpTransientError(reason) && _looksLikeOtlpStack(reason)) {
+    if (diagLevel === 'debug') {
+      console.debug('[securenow] Suppressed transient OTLP exporter rejection: %s', reason && reason.message);
+    }
+    return; // swallow
+  }
+  // Not ours — re-throw as unhandled so Node's default behaviour applies
+  throw reason;
+});
 // -------- SDK --------
 const traceExporter = new OTLPTraceExporter({ url: tracesUrl, headers });
 const sdk = new NodeSDK({