npm - securenow - Versions diffs - 5.6.1 → 5.7.0 - Mend

securenow 5.6.1 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/nextjs-webpack-config.js ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * Next.js webpack configuration for SecureNow
+ *
+ * Add this to your next.config.js to suppress OpenTelemetry instrumentation warnings
+ *
+ * Usage:
+ * const { getSecureNowWebpackConfig } = require('securenow/nextjs-webpack-config');
+ *
+ * module.exports = {
+ *   webpack: (config, options) => {
+ *     return getSecureNowWebpackConfig(config, options);
+ *   }
+ * };
+ */
+function getSecureNowWebpackConfig(config, options) {
+  const { isServer } = options;
+  // Only apply to server-side builds
+  if (isServer) {
+    // Suppress warnings for OpenTelemetry instrumentations
+    config.ignoreWarnings = config.ignoreWarnings || [];
+    config.ignoreWarnings.push(
+      // Ignore "Critical dependency" warnings from instrumentations
+      {
+        module: /@opentelemetry\/instrumentation/,
+        message: /Critical dependency: the request of a dependency is an expression/,
+      },
+      // Ignore missing optional peer dependencies
+      {
+        module: /@opentelemetry/,
+        message: /Module not found.*@opentelemetry\/winston-transport/,
+      },
+      {
+        module: /@opentelemetry/,
+        message: /Module not found.*@opentelemetry\/exporter-jaeger/,
+      }
+    );
+    // Externalize problematic packages (don't bundle them)
+    config.externals = config.externals || [];
+    // Add OpenTelemetry packages as externals
+    if (typeof config.externals === 'function') {
+      const originalExternals = config.externals;
+      config.externals = async (...args) => {
+        const result = await originalExternals(...args);
+        if (result) return result;
+        const [context, request] = args;
+        // Externalize OpenTelemetry instrumentation packages
+        if (request.startsWith('@opentelemetry/')) {
+          return `commonjs ${request}`;
+        }
+        return undefined;
+      };
+    } else if (Array.isArray(config.externals)) {
+      config.externals.push(/@opentelemetry\//);
+    } else {
+      config.externals = [/@opentelemetry\//];
+    }
+  }
+  return config;
+}
+module.exports = { getSecureNowWebpackConfig };

package/nuxt-server-plugin.mjs ADDED Viewed

@@ -0,0 +1,400 @@
+/**
+ * SecureNow Nitro Server Plugin
+ *
+ * Initialises the OpenTelemetry SDK and hooks into Nitro's request lifecycle
+ * to create spans, capture metadata, and forward logs.
+ *
+ * This file is registered by the Nuxt module (nuxt.mjs) via addServerPlugin.
+ */
+import { NodeSDK } from '@opentelemetry/sdk-node';
+import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
+import { Resource } from '@opentelemetry/resources';
+import { SemanticResourceAttributes } from '@opentelemetry/semantic-conventions';
+import { HttpInstrumentation } from '@opentelemetry/instrumentation-http';
+import {
+  context as otelContext,
+  trace as otelTrace,
+  SpanStatusCode,
+} from '@opentelemetry/api';
+import { v4 as uuidv4 } from 'uuid';
+// ── Helpers ──
+const env = (k) =>
+  process.env[k] ?? process.env[k.toUpperCase()] ?? process.env[k.toLowerCase()];
+const parseHeaders = (str) => {
+  const out = {};
+  if (!str) return out;
+  for (const raw of String(str).split(',')) {
+    const s = raw.trim();
+    if (!s) continue;
+    const i = s.indexOf('=');
+    if (i === -1) continue;
+    out[s.slice(0, i).trim().toLowerCase()] = s.slice(i + 1).trim();
+  }
+  return out;
+};
+const DEFAULT_SENSITIVE_FIELDS = [
+  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
+  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
+  'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin',
+];
+function redactSensitiveData(obj, fields = DEFAULT_SENSITIVE_FIELDS) {
+  if (!obj || typeof obj !== 'object') return obj;
+  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
+  for (const key in redacted) {
+    const lower = key.toLowerCase();
+    if (fields.some((f) => lower.includes(f.toLowerCase()))) {
+      redacted[key] = '[REDACTED]';
+    } else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
+      redacted[key] = redactSensitiveData(redacted[key], fields);
+    }
+  }
+  return redacted;
+}
+// ── Runtime config helpers ──
+function getRuntimeOptions() {
+  try {
+    const cfg = useRuntimeConfig();
+    return cfg.securenow || {};
+  } catch {
+    return {};
+  }
+}
+// ── Plugin ──
+export default defineNitroPlugin((nitroApp) => {
+  const opts = getRuntimeOptions();
+  // ── Naming ──
+  const rawBase = (
+    opts.serviceName ||
+    env('OTEL_SERVICE_NAME') ||
+    env('SECURENOW_APPID') ||
+    ''
+  ).trim().replace(/^['"]|['"]$/g, '');
+  const baseName = rawBase || null;
+  const noUuid =
+    opts.noUuid ??
+    (String(env('SECURENOW_NO_UUID')) === '1' ||
+      String(env('SECURENOW_NO_UUID')).toLowerCase() === 'true');
+  let serviceName;
+  if (baseName) {
+    serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
+  } else {
+    serviceName = `nuxt-app-${uuidv4()}`;
+    console.warn(
+      '[securenow] ⚠️  No SECURENOW_APPID set. Using fallback: %s',
+      serviceName,
+    );
+    console.warn(
+      '[securenow] 💡 Set SECURENOW_APPID=your-app-name in .env for better tracking',
+    );
+  }
+  const serviceInstanceId = `${baseName || 'securenow'}-${uuidv4()}`;
+  // ── Endpoints ──
+  const endpointBase = (
+    opts.endpoint ||
+    env('SECURENOW_INSTANCE') ||
+    env('OTEL_EXPORTER_OTLP_ENDPOINT') ||
+    'https://freetrial.securenow.ai:4318'
+  ).replace(/\/$/, '');
+  const tracesUrl =
+    env('OTEL_EXPORTER_OTLP_TRACES_ENDPOINT') || `${endpointBase}/v1/traces`;
+  const logsUrl =
+    env('OTEL_EXPORTER_OTLP_LOGS_ENDPOINT') || `${endpointBase}/v1/logs`;
+  const headers = parseHeaders(env('OTEL_EXPORTER_OTLP_HEADERS'));
+  // ── Resource ──
+  const resource = new Resource({
+    [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
+    [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: serviceInstanceId,
+    [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]:
+      env('NODE_ENV') || 'production',
+    [SemanticResourceAttributes.SERVICE_VERSION]:
+      process.env.npm_package_version || undefined,
+    'framework': 'nuxt',
+  });
+  // ── Body capture config ──
+  const captureBody =
+    opts.captureBody ??
+    (String(env('SECURENOW_CAPTURE_BODY')) === '1' ||
+      String(env('SECURENOW_CAPTURE_BODY')).toLowerCase() === 'true');
+  const maxBodySize = parseInt(env('SECURENOW_MAX_BODY_SIZE') || '10240');
+  const customSensitiveFields = (env('SECURENOW_SENSITIVE_FIELDS') || '')
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
+  const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
+  // ── HTTP instrumentation ──
+  const httpInstrumentation = new HttpInstrumentation({
+    requestHook: (span, request) => {
+      try {
+        const hdrs = request.headers || {};
+        const fwd = hdrs['x-forwarded-for'];
+        const clientIp =
+          (fwd ? String(fwd).split(',')[0].trim() : null) ||
+          hdrs['x-real-ip'] ||
+          hdrs['cf-connecting-ip'] ||
+          hdrs['x-client-ip'] ||
+          request.socket?.remoteAddress ||
+          'unknown';
+        span.setAttributes({
+          'http.client_ip': clientIp,
+          'http.user_agent': hdrs['user-agent'] || '',
+          'http.host': hdrs['x-forwarded-host'] || hdrs['host'] || '',
+          'http.scheme':
+            hdrs['x-forwarded-proto'] ||
+            (request.socket?.encrypted ? 'https' : 'http'),
+          'http.referer': hdrs['referer'] || '',
+          'http.origin': hdrs['origin'] || '',
+          'http.request_id':
+            hdrs['x-request-id'] || hdrs['x-trace-id'] || '',
+        });
+        if (hdrs['authorization']) {
+          span.setAttribute('http.security.auth_present', 'true');
+        }
+        if (hdrs['cookie']) {
+          span.setAttribute('http.security.cookies_present', 'true');
+        }
+        // Body capture via stream listener (same approach as tracing.js)
+        if (
+          captureBody &&
+          request.method &&
+          ['POST', 'PUT', 'PATCH'].includes(request.method)
+        ) {
+          const ct = hdrs['content-type'] || '';
+          if (
+            ct.includes('application/json') ||
+            ct.includes('application/graphql') ||
+            ct.includes('application/x-www-form-urlencoded')
+          ) {
+            const chunks = [];
+            let size = 0;
+            request.on('data', (chunk) => {
+              size += chunk.length;
+              if (size <= maxBodySize) chunks.push(chunk);
+            });
+            request.on('end', () => {
+              if (size > maxBodySize) {
+                span.setAttribute('http.request.body', `[TOO LARGE: ${size} bytes]`);
+                return;
+              }
+              if (chunks.length === 0) return;
+              const raw = Buffer.concat(chunks).toString('utf8');
+              try {
+                const parsed = JSON.parse(raw);
+                const redacted = redactSensitiveData(parsed, allSensitiveFields);
+                span.setAttributes({
+                  'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
+                  'http.request.body.type': ct.includes('graphql') ? 'graphql' : 'json',
+                  'http.request.body.size': size,
+                });
+              } catch {
+                span.setAttribute('http.request.body', raw.substring(0, 1000));
+                span.setAttribute('http.request.body.parse_error', true);
+              }
+            });
+          }
+        }
+      } catch {
+        // never break the request
+      }
+    },
+  });
+  // ── Trace exporter + SDK ──
+  const traceExporter = new OTLPTraceExporter({ url: tracesUrl, headers });
+  const sdk = new NodeSDK({
+    traceExporter,
+    resource,
+    instrumentations: [httpInstrumentation],
+  });
+  sdk.start();
+  console.log('[securenow] 🚀 Nuxt OTel SDK started → %s', tracesUrl);
+  console.log(
+    '[securenow] service.name=%s instance.id=%s',
+    serviceName,
+    serviceInstanceId,
+  );
+  // ── Logging ──
+  const loggingEnabled =
+    opts.logging ??
+    (String(env('SECURENOW_LOGGING_ENABLED')) === '1' ||
+      String(env('SECURENOW_LOGGING_ENABLED')).toLowerCase() === 'true');
+  let loggerProvider = null;
+  if (loggingEnabled) {
+    try {
+      const { OTLPLogExporter } = await import(
+        '@opentelemetry/exporter-logs-otlp-http'
+      );
+      const { LoggerProvider, BatchLogRecordProcessor } = await import(
+        '@opentelemetry/sdk-logs'
+      );
+      const logExporter = new OTLPLogExporter({ url: logsUrl, headers });
+      loggerProvider = new LoggerProvider({ resource });
+      loggerProvider.addLogRecordProcessor(
+        new BatchLogRecordProcessor(logExporter),
+      );
+      const logger = loggerProvider.getLogger('console', '1.0.0');
+      const SEV = { DEBUG: 5, INFO: 9, WARN: 13, ERROR: 17 };
+      const orig = {
+        log: console.log,
+        info: console.info,
+        warn: console.warn,
+        error: console.error,
+        debug: console.debug,
+      };
+      function emitLog(sn, st, args) {
+        try {
+          const ctx = otelContext.active();
+          const spanCtx = otelTrace.getSpanContext(ctx);
+          logger.emit({
+            severityNumber: sn,
+            severityText: st,
+            body: args
+              .map((a) =>
+                typeof a === 'object' && a !== null ? JSON.stringify(a) : String(a),
+              )
+              .join(' '),
+            attributes: { 'log.source': 'console', 'log.method': st.toLowerCase() },
+            ...(spanCtx && { context: ctx }),
+          });
+        } catch {
+          // swallow
+        }
+      }
+      console.log = (...a) => { emitLog(SEV.INFO, 'INFO', a); orig.log.apply(console, a); };
+      console.info = (...a) => { emitLog(SEV.INFO, 'INFO', a); orig.info.apply(console, a); };
+      console.warn = (...a) => { emitLog(SEV.WARN, 'WARN', a); orig.warn.apply(console, a); };
+      console.error = (...a) => { emitLog(SEV.ERROR, 'ERROR', a); orig.error.apply(console, a); };
+      console.debug = (...a) => { emitLog(SEV.DEBUG, 'DEBUG', a); orig.debug.apply(console, a); };
+      console.log('[securenow] 📋 Logging: ENABLED → %s', logsUrl);
+    } catch (e) {
+      console.warn('[securenow] ⚠️  Logging setup failed:', e.message);
+    }
+  } else {
+    console.log(
+      '[securenow] 📋 Logging: DISABLED (set SECURENOW_LOGGING_ENABLED=1 to enable)',
+    );
+  }
+  if (captureBody) {
+    console.log(
+      '[securenow] 📝 Body capture: ENABLED (max %d bytes, redacting %d fields)',
+      maxBodySize,
+      allSensitiveFields.length,
+    );
+  }
+  // ── Free trial banner ──
+  try {
+    const { isFreeTrial, patchHttpForBanner } = await import('./free-trial-banner.js');
+    if (isFreeTrial(endpointBase) && String(env('SECURENOW_HIDE_BANNER')) !== '1') {
+      patchHttpForBanner();
+    }
+  } catch {
+    // not critical
+  }
+  // ── Graceful shutdown ──
+  const shutdown = async (sig) => {
+    try {
+      await sdk.shutdown?.();
+      if (loggerProvider) await loggerProvider.shutdown?.();
+      console.log(`[securenow] Shut down on ${sig}`);
+    } catch {
+      // swallow
+    }
+  };
+  process.on('SIGINT', () => shutdown('SIGINT'));
+  process.on('SIGTERM', () => shutdown('SIGTERM'));
+  // ── Nitro request hooks for span enrichment ──
+  const tracer = otelTrace.getTracer('securenow-nuxt', '1.0.0');
+  const spanMap = new WeakMap();
+  nitroApp.hooks.hook('request', (event) => {
+    try {
+      const req = event.node.req;
+      const method = event.method || req.method || 'GET';
+      const path = event.path || req.url || '/';
+      const span = tracer.startSpan(`${method} ${path}`, {
+        attributes: {
+          'http.method': method,
+          'http.target': path,
+          'http.url': `${req.headers?.['x-forwarded-proto'] || 'http'}://${req.headers?.host || 'localhost'}${path}`,
+          'component': 'nuxt-nitro',
+        },
+      });
+      spanMap.set(event, span);
+    } catch {
+      // never break the request
+    }
+  });
+  nitroApp.hooks.hook('afterResponse', (event) => {
+    try {
+      const span = spanMap.get(event);
+      if (!span) return;
+      const status = event.node.res.statusCode || 200;
+      span.setAttribute('http.status_code', status);
+      if (status >= 500) {
+        span.setStatus({ code: SpanStatusCode.ERROR, message: `HTTP ${status}` });
+      }
+      span.end();
+      spanMap.delete(event);
+    } catch {
+      // swallow
+    }
+  });
+  nitroApp.hooks.hook('error', (error, { event }) => {
+    try {
+      const span = event ? spanMap.get(event) : null;
+      if (span) {
+        span.recordException(error);
+        span.setStatus({
+          code: SpanStatusCode.ERROR,
+          message: error.message || 'Internal Server Error',
+        });
+        span.end();
+        spanMap.delete(event);
+      }
+    } catch {
+      // swallow
+    }
+  });
+});

package/nuxt.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * SecureNow Nuxt 3 Module TypeScript Declarations
+ */
+export interface SecureNowNuxtOptions {
+  /**
+   * Service name for OpenTelemetry traces.
+   * @default process.env.SECURENOW_APPID || process.env.OTEL_SERVICE_NAME
+   */
+  serviceName?: string;
+  /**
+   * OTLP endpoint base URL.
+   * @default process.env.SECURENOW_INSTANCE || 'https://freetrial.securenow.ai:4318'
+   */
+  endpoint?: string;
+  /**
+   * Don't append UUID to service name (useful when running a single instance).
+   * @default false
+   */
+  noUuid?: boolean;
+  /**
+   * Capture request bodies (POST/PUT/PATCH) on traced spans.
+   * Sensitive fields are automatically redacted.
+   * @default false
+   */
+  captureBody?: boolean;
+  /**
+   * Enable console log forwarding as OTLP log records.
+   * @default false
+   */
+  logging?: boolean;
+}
+declare module 'nuxt/schema' {
+  interface NuxtConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface NuxtOptions {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface RuntimeConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+}
+declare module '@nuxt/schema' {
+  interface NuxtConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface NuxtOptions {
+    securenow?: SecureNowNuxtOptions;
+  }
+  interface RuntimeConfig {
+    securenow?: SecureNowNuxtOptions;
+  }
+}

package/nuxt.mjs ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * SecureNow Nuxt 3 Module
+ *
+ * Usage in nuxt.config.ts:
+ *
+ *   export default defineNuxtConfig({
+ *     modules: ['securenow/nuxt'],
+ *     securenow: {            // optional overrides
+ *       serviceName: 'my-nuxt-app',
+ *     },
+ *   });
+ *
+ * Environment variables (same as all SecureNow integrations):
+ *   SECURENOW_APPID, SECURENOW_INSTANCE, SECURENOW_LOGGING_ENABLED, etc.
+ */
+import { defineNuxtModule, createResolver, addServerPlugin } from '@nuxt/kit';
+const OTEL_EXTERNALS = [
+  'securenow',
+  '@opentelemetry/api',
+  '@opentelemetry/api-logs',
+  '@opentelemetry/sdk-node',
+  '@opentelemetry/sdk-logs',
+  '@opentelemetry/auto-instrumentations-node',
+  '@opentelemetry/instrumentation',
+  '@opentelemetry/instrumentation-http',
+  '@opentelemetry/exporter-trace-otlp-http',
+  '@opentelemetry/exporter-logs-otlp-http',
+  '@opentelemetry/resources',
+  '@opentelemetry/semantic-conventions',
+];
+export default defineNuxtModule({
+  meta: {
+    name: 'securenow',
+    configKey: 'securenow',
+    compatibility: { nuxt: '>=3.0.0' },
+  },
+  defaults: {
+    serviceName: undefined,
+    endpoint: undefined,
+    noUuid: undefined,
+    captureBody: undefined,
+    logging: undefined,
+  },
+  setup(options, nuxt) {
+    const { resolve } = createResolver(import.meta.url);
+    // ── Externalize OTel packages so Nitro doesn't bundle them ──
+    nuxt.hook('nitro:config', (nitroConfig) => {
+      nitroConfig.externals = nitroConfig.externals || {};
+      nitroConfig.externals.external = [
+        ...(nitroConfig.externals.external || []),
+        ...OTEL_EXTERNALS,
+      ];
+    });
+    // ── Pass module options to the server plugin via runtimeConfig ──
+    nuxt.options.runtimeConfig.securenow = {
+      serviceName: options.serviceName,
+      endpoint: options.endpoint,
+      noUuid: options.noUuid,
+      captureBody: options.captureBody,
+      logging: options.logging,
+    };
+    // ── Register Nitro server plugin ──
+    addServerPlugin(resolve('./nuxt-server-plugin'));
+    console.log('[securenow] Nuxt module loaded — server plugin registered');
+  },
+});

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "securenow",
-  "version": "5.6.1",
-  "description": "OpenTelemetry instrumentation for Node.js and Next.js - Send traces and logs to any OTLP-compatible backend",
+  "version": "5.7.0",
+  "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",
   "types": "register.d.ts",
@@ -29,7 +29,11 @@
     "node",
     "express",
     "fastify",
-    "nestjs"
+    "nestjs",
+    "nuxt",
+    "nuxt3",
+    "nitro",
+    "vue"
   ],
   "exports": {
     ".": {
@@ -65,6 +69,11 @@
     },
     "./nextjs-webpack-config": "./nextjs-webpack-config.js",
     "./package.json": "./package.json",
+    "./nuxt": {
+      "types": "./nuxt.d.ts",
+      "import": "./nuxt.mjs",
+      "default": "./nuxt.mjs"
+    },
     "./register-vite": "./register-vite.js",
     "./web-vite": {
       "import": "./web-vite.mjs",
@@ -85,6 +94,10 @@
     "nextjs-middleware.d.ts",
     "nextjs-wrapper.js",
     "nextjs-wrapper.d.ts",
+    "nextjs-webpack-config.js",
+    "nuxt.mjs",
+    "nuxt.d.ts",
+    "nuxt-server-plugin.mjs",
     "cli.js",
     "cli/",
     "free-trial-banner.js",
@@ -119,11 +132,15 @@
     "uuid": "^9.0.0"
   },
   "peerDependencies": {
-    "next": ">=13.0.0"
+    "next": ">=13.0.0",
+    "nuxt": ">=3.0.0"
   },
   "peerDependenciesMeta": {
     "next": {
       "optional": true
+    },
+    "nuxt": {
+      "optional": true
     }
   },
   "overrides": {