npm - securenow - Versions diffs - 5.6.1 → 5.7.0 - Mend

securenow 5.6.1 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/NPM_README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # SecureNow - Complete OpenTelemetry Observability for Node.js
-OpenTelemetry instrumentation library for Node.js applications. Send distributed traces and logs to any OTLP-compatible observability backend.
+OpenTelemetry instrumentation library for Node.js, Next.js, and Nuxt applications. Send distributed traces and logs to any OTLP-compatible observability backend.
 **Features:**
 - 🚀 Zero-config automatic instrumentation
@@ -9,6 +9,8 @@ OpenTelemetry instrumentation library for Node.js applications. Send distributed
 - 🔐 Built-in sensitive data redaction
 - 🎯 Request body capture for debugging
 - 🔧 Fully configurable via environment variables
+- 🖥️ Single `-r securenow/register` flag — works for both CJS and ESM apps
+- 🟢 Native Nuxt 3 module (`securenow/nuxt`)
 ---
@@ -20,6 +22,7 @@ OpenTelemetry instrumentation library for Node.js applications. Send distributed
 - [Framework-Specific Setup](#framework-specific-setup)
   - [Express.js](#expressjs)
   - [Next.js](#nextjs)
+  - [Nuxt 3](#nuxt-3)
   - [Fastify](#fastify)
   - [NestJS](#nestjs)
   - [Koa](#koa)
@@ -62,32 +65,42 @@ export SECURENOW_INSTANCE=http://your-otlp-collector:4318
 export SECURENOW_LOGGING_ENABLED=1
 ```
-### 2. Initialize in Your Application
+### 2. Run Your Application
-**Option A: Using NODE_OPTIONS (Recommended)**
+Add `-r securenow/register` to your start command — that's the only change:
 ```bash
-NODE_OPTIONS="-r securenow/register" node app.js
+node -r securenow/register app.js
+```
+ESM and CJS apps are both handled automatically (Node >=20.6 auto-registers the ESM loader hook via `module.register()`).
+**package.json** example:
+```json
+"scripts": {
+  "start": "node -r securenow/register app.js",
+  "dev": "node -r securenow/register --watch app.js"
+}
+```
+**Alternative: Use NODE_OPTIONS** so your existing scripts stay unchanged:
+```bash
+NODE_OPTIONS="-r securenow/register" npm start
 ```
-**Option B: Code-based initialization**
+**CJS only: Code-based initialization**
 ```javascript
-// At the very top of your main file
+// At the very top of your main file, before any other require
 require('securenow/register');
-// Your application code
 const express = require('express');
 const app = express();
 // ...
 ```
-### 3. Run Your Application
-```bash
-node app.js
-```
 You'll see confirmation in the console:
 ```
@@ -702,7 +715,7 @@ http.createServer(handler).listen(3000, () => console.log('HTTP running on port
 npm install securenow hono @hono/node-server
 ```
-Hono uses ESM — securenow must be preloaded via `-r` flag:
+Hono uses ESM — preload via `-r` flag (the ESM hook is auto-registered on Node >=20.6):
 ```javascript
 // app.mjs
@@ -794,6 +807,42 @@ SECURENOW_NO_UUID=1
 ---
+### Nuxt 3
+```bash
+npm install securenow
+```
+Add the module to `nuxt.config.ts`:
+```typescript
+export default defineNuxtConfig({
+  modules: ['securenow/nuxt'],
+});
+```
+`.env`:
+```env
+SECURENOW_APPID=my-nuxt-app
+SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
+```
+That's it — the Nuxt module handles OTel SDK initialization, Nitro externalization, and request tracing automatically. Optional config:
+```typescript
+export default defineNuxtConfig({
+  modules: ['securenow/nuxt'],
+  securenow: {
+    captureBody: true,
+    logging: true,
+    noUuid: true,
+  },
+});
+```
+---
 ### Compatibility Matrix
 | Framework | Traces | Logs | Body Capture | Notes |
@@ -809,6 +858,7 @@ SECURENOW_NO_UUID=1
 | Hono | Yes | Yes | **No** | `SECURENOW_CAPTURE_BODY=0`; ESM `-r` flag |
 | Feathers | Yes | Yes | Yes | Uses Express transport |
 | Next.js | Yes | Yes | Yes | Use `instrumentation.ts` |
+| Nuxt 3 | Yes | Yes | Yes | Use `securenow/nuxt` module |
 ---
@@ -1424,7 +1474,7 @@ SECURENOW_CAPTURE_BODY=0
 ## Supported Runtimes
 - **Node.js:** 18+
-- **Frameworks:** Express, Next.js, Fastify, NestJS, Koa, Hapi, and more
+- **Frameworks:** Express, Next.js, Nuxt 3, Fastify, NestJS, Koa, Hapi, and more
 - **Databases:** PostgreSQL, MySQL, MongoDB, Redis
 - **HTTP Clients:** axios, fetch, node-fetch, got, request
 - **GraphQL:** Apollo Server, GraphQL.js

package/README.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # SecureNow
-OpenTelemetry instrumentation for Node.js and Next.js applications - send **traces and logs** to any OTLP-compatible backend (including SecureNow).
+OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt applications - send **traces and logs** to any OTLP-compatible backend (including SecureNow).
 **Official npm package:** [securenow](http://securenow.ai/)
@@ -8,6 +8,39 @@ OpenTelemetry instrumentation for Node.js and Next.js applications - send **trac
 ## 🚀 Quick Start
+### For Any Node.js App (Express, Fastify, NestJS, Koa, Hapi, etc.)
+```bash
+# 1. Install
+npm install securenow
+# 2. Set env vars
+export SECURENOW_APPID=my-app
+export SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
+# 3. Add -r securenow/register to your start command
+node -r securenow/register src/app.js
+```
+That's it. One `-r` flag is all you need — ESM and CJS apps are handled automatically (Node >=20.6 auto-registers the ESM loader hook).
+> **package.json** example:
+> ```json
+> "scripts": {
+>   "start": "node -r securenow/register src/index.js",
+>   "dev": "node -r securenow/register --watch src/index.js"
+> }
+> ```
+You can also use `NODE_OPTIONS` so your existing scripts stay unchanged:
+```bash
+NODE_OPTIONS="-r securenow/register" npm start
+```
+See the [All Frameworks Quick Start](./docs/ALL-FRAMEWORKS-QUICKSTART.md) for tested setup guides.
+---
 ### For Next.js Applications
 **The easiest way to add observability to Next.js!**
@@ -40,6 +73,32 @@ npx securenow init
 ---
+### For Nuxt 3 Applications
+```bash
+# 1. Install
+npm install securenow
+```
+Add the module to your `nuxt.config.ts`:
+```ts
+export default defineNuxtConfig({
+  modules: ['securenow/nuxt'],
+});
+```
+Set environment variables in `.env`:
+```bash
+SECURENOW_APPID=my-nuxt-app
+SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
+```
+**Done!** All server-side requests are now traced automatically. See the [Nuxt 3 Complete Guide](./docs/NUXT-GUIDE.md) for details.
+---
 ### CLI — Manage Everything from the Terminal
 ```bash
@@ -70,29 +129,6 @@ Run `npx securenow help` for all commands. See the [CLI Reference](#cli-referenc
 ---
-### For Node.js Applications (Express, Fastify, NestJS, Koa, Hapi, h3, Polka, Hono, Feathers, etc.)
-```bash
-# 1. Install
-npm install securenow
-# 2. Set environment variables
-export SECURENOW_APPID=my-app
-export SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
-export SECURENOW_LOGGING_ENABLED=1
-export SECURENOW_NO_UUID=1
-# 3. Run with preload
-NODE_OPTIONS="-r securenow/register" node app.js
-```
-That's it. Traces are captured automatically via OpenTelemetry HTTP instrumentation.
-Since **v5.6.0**, when `SECURENOW_LOGGING_ENABLED=1`, all `console.log`/`warn`/`error` calls are
-**automatically** forwarded as OTLP log records — no extra require needed.
-See the [All Frameworks Quick Start](./docs/ALL-FRAMEWORKS-QUICKSTART.md) for tested setup guides
-for Express, Fastify, Koa, NestJS, Hapi, h3, Polka, Micro, Hono, and Feathers.
 ---
 ## 📦 Installation
@@ -149,6 +185,7 @@ SecureNow automatically instruments:
 ### Web Frameworks
 - ✅ Next.js (App Router & Pages Router)
+- ✅ Nuxt 3 (Nitro server)
 - ✅ Express.js
 - ✅ Fastify
 - ✅ NestJS
@@ -179,10 +216,12 @@ SecureNow automatically instruments:
 ### Quick Starts
 - **[Next.js Quick Start](./docs/NEXTJS-QUICKSTART.md)** - Get started in 30 seconds
+- **[Nuxt 3 Guide](./docs/NUXT-GUIDE.md)** - One-line Nuxt module setup
 - **[Logging Quick Start](./docs/LOGGING-QUICKSTART.md)** - Add logging in 2 minutes
 ### Complete Guides
 - **[Next.js Complete Guide](./docs/NEXTJS-GUIDE.md)** - Full Next.js integration guide
+- **[Nuxt 3 Complete Guide](./docs/NUXT-GUIDE.md)** - Full Nuxt 3 integration guide
 - **[Logging Complete Guide](./docs/LOGGING-GUIDE.md)** - Full logging setup for all frameworks
 - **[📚 Complete Documentation](./docs/INDEX.md)** - All guides and references
@@ -195,6 +234,15 @@ SecureNow automatically instruments:
 After installing the package, the `securenow` CLI is available via `npx securenow` or globally after `npm install -g securenow`.
+### Run (convenience wrapper)
+| Command | Description |
+|---------|-------------|
+| `securenow run <script>` | Run a Node.js app with `-r securenow/register` injected |
+| `securenow run --watch <script>` | Same, with Node.js watch mode |
+Most users won't need this — just add `-r securenow/register` to your existing start script.
 ### Authentication
 | Command | Description |

package/cli/run.js ADDED Viewed

@@ -0,0 +1,133 @@
+'use strict';
+const { spawn } = require('child_process');
+const path = require('path');
+const fs = require('fs');
+const ui = require('./ui');
+function isESM(scriptPath) {
+  if (scriptPath.endsWith('.mjs')) return true;
+  if (scriptPath.endsWith('.cjs')) return false;
+  let dir = path.resolve(path.dirname(scriptPath));
+  while (true) {
+    const pkgPath = path.join(dir, 'package.json');
+    if (fs.existsSync(pkgPath)) {
+      try {
+        const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+        return pkg.type === 'module';
+      } catch { return false; }
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return false;
+}
+function resolveSecurenowRegister() {
+  // When running from the published package, securenow/register resolves to our own register.js.
+  // When running from the monorepo, resolve relative to this file.
+  try {
+    return require.resolve('securenow/register');
+  } catch {
+    return path.resolve(__dirname, '..', 'register.js');
+  }
+}
+function resolveESMHook() {
+  // --import uses ESM resolution which requires file:// URLs for absolute paths
+  // on Windows. Using the bare specifier lets Node's own resolver handle it.
+  try {
+    const resolved = require.resolve('@opentelemetry/instrumentation/hook.mjs');
+    const { pathToFileURL } = require('url');
+    return pathToFileURL(resolved).href;
+  } catch {
+    return '@opentelemetry/instrumentation/hook.mjs';
+  }
+}
+/**
+ * securenow run [node-flags...] <script> [app-args...]
+ *
+ * Spawns node with the correct OTel preload flags.
+ * Passes through Node flags (--watch, --inspect, etc.) and app arguments.
+ *
+ * We re-parse from process.argv directly so that flags like --watch and
+ * --inspect are forwarded to node verbatim (the CLI's own arg parser
+ * would otherwise consume them).
+ */
+function run(rawArgs) {
+  // rawArgs comes directly from process.argv, everything after `run` (or the file path)
+  if (!rawArgs || rawArgs.length === 0) {
+    ui.error('Missing script path.');
+    console.log('');
+    console.log(`  ${ui.c.bold('Usage:')} securenow run [node-flags] <script> [app-args]`);
+    console.log('');
+    console.log(`  ${ui.c.bold('Examples:')}`);
+    console.log(`    securenow run src/index.js`);
+    console.log(`    securenow run --watch src/index.js`);
+    console.log(`    securenow run --inspect src/server.js --port 3000`);
+    console.log('');
+    process.exit(1);
+  }
+  const args = rawArgs;
+  // Split into: node flags (before the script), script path, and app args (after)
+  const nodeFlags = [];
+  let scriptIdx = -1;
+  for (let i = 0; i < args.length; i++) {
+    if (args[i].startsWith('-')) {
+      nodeFlags.push(args[i]);
+    } else {
+      scriptIdx = i;
+      break;
+    }
+  }
+  if (scriptIdx === -1) {
+    ui.error('No script path found. Provide a .js/.mjs/.ts file to run.');
+    process.exit(1);
+  }
+  const scriptPath = args[scriptIdx];
+  const appArgs = args.slice(scriptIdx + 1);
+  const esm = isESM(scriptPath);
+  const registerPath = resolveSecurenowRegister();
+  const otelFlags = [];
+  if (esm) {
+    otelFlags.push('--import', resolveESMHook());
+  }
+  otelFlags.push('--require', registerPath);
+  const finalArgs = [...otelFlags, ...nodeFlags, scriptPath, ...appArgs];
+  const nodeExe = process.execPath;
+  if (process.env.SECURENOW_DEBUG) {
+    console.log(`[securenow] ${ui.c.dim('exec:')} ${nodeExe} ${finalArgs.join(' ')}`);
+  }
+  const child = spawn(nodeExe, finalArgs, {
+    stdio: 'inherit',
+    env: process.env,
+    cwd: process.cwd(),
+  });
+  child.on('close', (code) => process.exit(code ?? 1));
+  child.on('error', (err) => {
+    ui.error(`Failed to start: ${err.message}`);
+    process.exit(1);
+  });
+  // Forward termination signals to the child
+  for (const sig of ['SIGINT', 'SIGTERM', 'SIGHUP']) {
+    process.on(sig, () => child.kill(sig));
+  }
+}
+module.exports = { run };

package/cli.js CHANGED Viewed

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 'use strict';
 const ui = require('./cli/ui');
@@ -235,6 +235,13 @@ const COMMANDS = {
     flags: { typescript: 'Force TypeScript', javascript: 'Force JavaScript', src: 'Create in src/', root: 'Create in root', force: 'Overwrite existing' },
     run: (a, f) => require('./cli/init').init(a, f),
   },
+  run: {
+    desc: 'Run a Node.js app with automatic OTel instrumentation',
+    usage: 'securenow run [node-flags] <script> [app-args]',
+    flags: { watch: 'Enable Node.js watch mode', inspect: 'Enable Node.js inspector' },
+    rawArgv: true,
+    run: (rawArgs) => require('./cli/run').run(rawArgs),
+  },
   version: {
     desc: 'Show CLI version',
     run: () => {
@@ -293,6 +300,7 @@ function showHelp(commandName) {
   showBanner();
   const groups = {
+    'Run': ['run'],
     'Authentication': ['login', 'logout', 'whoami'],
     'Applications': ['apps', 'init', 'status'],
     'Observe': ['traces', 'logs', 'analytics'],
@@ -334,11 +342,24 @@ async function main() {
   const cmd = COMMANDS[cmdName];
   if (!cmd) {
+    // Auto-detect: if the first arg looks like a file path, treat it as `securenow run <file>`
+    if (/\.(m?[jt]sx?|cjs)$/.test(cmdName) || cmdName.includes('/') || cmdName.includes('\\')) {
+      return COMMANDS.run.run(process.argv.slice(2));
+    }
     ui.error(`Unknown command: ${cmdName}`);
     ui.info('Run `securenow help` for a list of commands.');
     process.exit(1);
   }
+  if (cmd.rawArgv) {
+    // Pass raw argv (everything after the command name) so the command can
+    // forward flags like --watch, --inspect verbatim to child processes.
+    const cmdIdx = process.argv.indexOf(cmdName);
+    const rawArgs = cmdIdx !== -1 ? process.argv.slice(cmdIdx + 1) : positional.slice(1);
+    await cmd.run(rawArgs);
+    return;
+  }
   if (cmd.run && !cmd.sub) {
     await cmd.run(positional.slice(1), flags);
     return;

package/docs/INDEX.md CHANGED Viewed

@@ -1,6 +1,6 @@
 # SecureNow Documentation
-Complete documentation for SecureNow - OpenTelemetry instrumentation for Node.js and Next.js with tracing and logging.
+Complete documentation for SecureNow - OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt with tracing and logging.
 ## 📚 Table of Contents
@@ -39,6 +39,12 @@ Complete documentation for SecureNow - OpenTelemetry instrumentation for Node.js
   - Server components
   - Middleware
   - Deployment guides
+- **[Nuxt 3 Complete Setup](NUXT-GUIDE.md)** - Step-by-step Nuxt 3 guide
+  - One-line module setup
+  - Nuxt config options
+  - Nitro server tracing
+  - Body capture & logging
+  - Deployment guides
 ### 📦 Next.js Integration
@@ -112,6 +118,10 @@ Complete documentation for SecureNow - OpenTelemetry instrumentation for Node.js
 2. Complete guide: [Next.js Setup Complete](NEXTJS-SETUP-COMPLETE.md)
 3. Legacy guide: [Next.js Quickstart](NEXTJS-QUICKSTART.md)
+### "I'm using Nuxt 3"
+1. Complete guide: [Nuxt 3 Guide](NUXT-GUIDE.md)
+2. Add `securenow/nuxt` to `modules` in `nuxt.config.ts` — that's it
 ### "I want to add logging to my app"
 1. Start with [Logging Quick Start](LOGGING-QUICKSTART.md)
 2. For complete guide: [Logging Complete Guide](LOGGING-GUIDE.md)
@@ -148,6 +158,7 @@ Complete documentation for SecureNow - OpenTelemetry instrumentation for Node.js
 ### Complete Framework Guides
 - **Express.js Setup Guide** - Complete Express.js reference
 - **Next.js Setup Complete** - Complete Next.js reference
+- **Nuxt 3 Guide** - Complete Nuxt 3 reference
 - **Logging Complete Guide** - Complete logging reference
 ### Quick Start Guides
@@ -202,5 +213,5 @@ Key documentation files included in the npm package:
 ---
-**Last Updated:** March 18, 2026
-**Package Version:** 4.0.12+
+**Last Updated:** April 2, 2026
+**Package Version:** 5.7.0+

package/docs/NUXT-GUIDE.md ADDED Viewed

@@ -0,0 +1,166 @@
+# SecureNow — Nuxt 3 Setup Guide
+## Quick Start (1 minute)
+### 1. Install
+```bash
+npm install securenow
+```
+### 2. Add the module to `nuxt.config.ts`
+```ts
+export default defineNuxtConfig({
+  modules: ['securenow/nuxt'],
+});
+```
+### 3. Set environment variables
+Create a `.env` file in your project root:
+```env
+SECURENOW_APPID=my-nuxt-app
+SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
+```
+### 4. Start your app
+```bash
+nuxt dev
+```
+You should see in the console:
+```
+[securenow] Nuxt module loaded — server plugin registered
+[securenow] 🚀 Nuxt OTel SDK started → https://freetrial.securenow.ai:4318/v1/traces
+[securenow] service.name=my-nuxt-app instance.id=my-nuxt-app-...
+```
+That's it — all server-side requests are now traced.
+---
+## Configuration
+### Module options in `nuxt.config.ts`
+```ts
+export default defineNuxtConfig({
+  modules: ['securenow/nuxt'],
+  securenow: {
+    serviceName: 'my-nuxt-app',     // overrides SECURENOW_APPID
+    endpoint: 'http://host:4318',   // overrides SECURENOW_INSTANCE
+    noUuid: true,                   // single service.name (no UUID suffix)
+    captureBody: true,              // capture POST/PUT/PATCH bodies
+    logging: true,                  // forward console.* as OTLP logs
+  },
+});
+```
+### Environment variables
+All standard SecureNow env vars are supported:
+| Variable | Description | Default |
+|----------|-------------|---------|
+| `SECURENOW_APPID` | Service name | `nuxt-app-<uuid>` |
+| `SECURENOW_INSTANCE` | OTLP base URL | `https://freetrial.securenow.ai:4318` |
+| `SECURENOW_NO_UUID` | Don't append UUID to service name | `false` |
+| `SECURENOW_LOGGING_ENABLED` | Forward console logs as OTLP | `false` |
+| `SECURENOW_CAPTURE_BODY` | Capture request bodies | `false` |
+| `SECURENOW_MAX_BODY_SIZE` | Max body size to capture (bytes) | `10240` |
+| `SECURENOW_SENSITIVE_FIELDS` | Extra fields to redact (CSV) | _(built-in list)_ |
+| `OTEL_EXPORTER_OTLP_ENDPOINT` | Alternative OTLP base URL | — |
+| `OTEL_EXPORTER_OTLP_HEADERS` | OTLP headers (k=v,k2=v2) | — |
+---
+## What gets traced
+### Automatic (out of the box)
+- All Nitro server handler requests (API routes, SSR pages, middleware)
+- HTTP method, path, status code, duration
+- Client IP address (with proxy-aware resolution)
+- User-Agent, Referer, Origin, Host
+- Security header presence (auth, cookies, CSRF)
+- Request IDs and correlation headers
+### With `captureBody: true`
+- POST/PUT/PATCH request bodies (JSON, form-urlencoded, GraphQL)
+- Sensitive fields auto-redacted (passwords, tokens, etc.)
+- Bodies larger than `SECURENOW_MAX_BODY_SIZE` are skipped
+### With `logging: true`
+- All `console.log/info/warn/error/debug` calls forwarded as OTLP log records
+- Logs correlated with active trace spans
+---
+## Comparison with Next.js integration
+| Feature | Nuxt (`securenow/nuxt`) | Next.js (`securenow/nextjs`) |
+|---------|-------------------------|------------------------------|
+| Setup | Add to `modules` array | Create `instrumentation.ts` |
+| Config | `nuxt.config.ts` | `.env.local` + `next.config.js` |
+| Server tracing | Nitro hooks | HTTP instrumentation |
+| Edge runtime | Not supported | Skipped gracefully |
+| Vercel support | Via env vars | `@vercel/otel` integration |
+| Body capture | HTTP instrumentation | Middleware + `Request.clone()` |
+| Logging | Console patching | Console patching |
+---
+## Deployment
+### Node.js server (PM2, Docker, etc.)
+Works out of the box with `nuxt build && node .output/server/index.mjs`.
+### Vercel / Netlify / Cloudflare
+Set env vars in the platform dashboard:
+```
+SECURENOW_APPID=my-nuxt-app
+SECURENOW_INSTANCE=https://your-otlp-backend:4318
+```
+> Note: On edge runtimes (Cloudflare Workers, Vercel Edge), some Node.js-specific
+> instrumentations may not be available. Server-handler tracing via Nitro hooks
+> still works.
+---
+## Troubleshooting
+### No traces appearing
+1. Check that `SECURENOW_APPID` and `SECURENOW_INSTANCE` are set
+2. Look for `[securenow] 🚀 Nuxt OTel SDK started` in the console
+3. Verify the OTLP endpoint is reachable from your server
+### Module not loading
+Make sure you're using Nuxt 3 (`nuxt: ">=3.0.0"`) and the module is listed
+in the `modules` array (not `buildModules`).
+### OpenTelemetry packages bundled by Nitro
+The module automatically externalizes OTel packages. If you see bundling errors,
+manually add to `nuxt.config.ts`:
+```ts
+export default defineNuxtConfig({
+  nitro: {
+    externals: {
+      external: ['securenow', '@opentelemetry/api', '@opentelemetry/sdk-node'],
+    },
+  },
+});
+```