npm - securenow - Versions diffs - 5.6.1 → 5.7.1 - Mend

securenow 5.6.1 → 5.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/register.js CHANGED Viewed

@@ -1,14 +1,49 @@
-// securenow/preload.js
+// securenow/register.js — the only preload customers need:
+//   node --require securenow/register app.js
+//
+// For ESM apps ("type": "module"), this file auto-registers the
+// OpenTelemetry ESM loader hook via module.register() (Node >=20.6).
+// On older Node versions it falls back to a warning.
 'use strict';
-// load .env into process.env before anything else
+// 1. load .env before anything else
 try {
   require('dotenv').config();
   console.log('[securenow] dotenv loaded from', process.env.DOTENV_CONFIG_PATH || '.env');
 } catch (e) {
-  // dotenv is optional — only warn if it’s missing
   console.warn('[securenow] dotenv not found or failed to load');
 }
-// then run the real tracer preload
+// 2. Auto-register the ESM loader hook so customers never need --import
+(() => {
+  try {
+    const fs = require('fs');
+    const path = require('path');
+    const pkgPath = path.resolve(process.cwd(), 'package.json');
+    if (!fs.existsSync(pkgPath)) return;
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+    if (pkg.type !== 'module') return;
+    // Already registered via --import?
+    const execArgv = process.execArgv.join(' ');
+    if (execArgv.includes('hook.mjs') || execArgv.includes('import-in-the-middle')) return;
+    // Node >=20.6 exposes module.register() for programmatic ESM hooks
+    const mod = require('node:module');
+    if (typeof mod.register !== 'function') {
+      console.warn('[securenow] ESM app detected but Node %s lacks module.register().', process.version);
+      console.warn('[securenow]    Upgrade to Node >=20.6 or add: --import @opentelemetry/instrumentation/hook.mjs');
+      return;
+    }
+    const { pathToFileURL } = require('node:url');
+    mod.register('@opentelemetry/instrumentation/hook.mjs', pathToFileURL(__filename));
+    console.log('[securenow] ESM loader hook auto-registered (module.register)');
+  } catch (_) {
+    // Non-fatal — tracing.js will show its own ESM warning if the hook is missing
+  }
+})();
+// 3. Run the OTel SDK setup
 require('./tracing');

package/tracing.js CHANGED Viewed

@@ -3,7 +3,9 @@
 /**
  * Preload with: node --require securenow/register app.js
  *
- * For ESM apps ("type": "module" in package.json), you MUST also add the ESM loader hook:
+ * Works for both CJS and ESM apps. On Node >=20.6 the ESM loader hook is
+ * auto-registered via module.register() — no --import flag needed.
+ * On Node 18 with "type": "module", add the hook manually:
  *   node --import @opentelemetry/instrumentation/hook.mjs --require securenow/register app.js
  *
  * Env:
@@ -29,6 +31,7 @@ const { LoggerProvider, BatchLogRecordProcessor } = require('@opentelemetry/sdk-
 const { Resource } = require('@opentelemetry/resources');
 const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
 const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
+const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
 const { v4: uuidv4 } = require('uuid');
 const env = k => process.env[k] ?? process.env[k.toUpperCase()] ?? process.env[k.toLowerCase()];
@@ -101,6 +104,9 @@ function redactGraphQLQuery(query, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
 }
 // -------- ESM detection --------
+// register.js auto-registers the hook via module.register() on Node >=20.6.
+// This warning only fires if BOTH --import AND module.register() were skipped
+// (e.g. Node 18, or require('securenow/tracing') called directly without register.js).
 (() => {
   try {
     const fs = require('fs');
@@ -110,11 +116,11 @@ function redactGraphQLQuery(query, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
       const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
       if (pkg.type === 'module') {
         const execArgv = process.execArgv.join(' ');
-        const hasEsmHook = execArgv.includes('hook.mjs') || execArgv.includes('import-in-the-middle');
-        if (!hasEsmHook) {
-          console.warn('[securenow] ⚠️  ESM app detected ("type": "module") but no ESM loader hook found.');
-          console.warn('[securenow]    Instrumentations will NOT work without the ESM hook.');
-          console.warn('[securenow]    Fix: node --import @opentelemetry/instrumentation/hook.mjs --require securenow/register app.js');
+        const hasCliHook = execArgv.includes('hook.mjs') || execArgv.includes('import-in-the-middle');
+        const hasModuleRegister = typeof require('node:module').register === 'function';
+        if (!hasCliHook && !hasModuleRegister) {
+          console.warn('[securenow] ⚠️  ESM app detected ("type": "module") but no ESM loader hook available.');
+          console.warn('[securenow]    Upgrade to Node >=20.6 (recommended) or add: --import @opentelemetry/instrumentation/hook.mjs');
         }
       }
     }
@@ -387,9 +393,11 @@ const sdk = new NodeSDK({
   traceExporter,
   instrumentations: [
     httpInstrumentation,
+    ...(disabledMap['@opentelemetry/instrumentation-mongodb'] ? [] : [new MongoDBInstrumentation()]),
     ...getNodeAutoInstrumentations({
       ...disabledMap,
-      '@opentelemetry/instrumentation-http': { enabled: false }, // We use our custom one above
+      '@opentelemetry/instrumentation-http': { enabled: false },
+      '@opentelemetry/instrumentation-mongodb': { enabled: false },
     }),
   ],
   resource: sharedResource,