securenow 6.0.2 → 6.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CONSUMING-APPS-GUIDE.md +455 -0
- package/NPM_README.md +2029 -0
- package/README.md +297 -40
- package/SKILL-API.md +634 -0
- package/SKILL-CLI.md +454 -0
- package/cidr.js +83 -0
- package/cli/apps.js +585 -0
- package/cli/auth.js +280 -0
- package/cli/client.js +115 -0
- package/cli/config.js +173 -0
- package/cli/diagnostics.js +387 -0
- package/cli/firewall.js +100 -0
- package/cli/fp.js +638 -0
- package/cli/init.js +201 -0
- package/cli/monitor.js +440 -0
- package/cli/run.js +148 -0
- package/cli/security.js +980 -0
- package/cli/ui.js +386 -0
- package/cli/utils.js +127 -0
- package/cli.js +466 -455
- package/console-instrumentation.js +147 -136
- package/docs/ALL-FRAMEWORKS-QUICKSTART.md +1377 -455
- package/docs/API-KEYS-GUIDE.md +233 -0
- package/docs/ARCHITECTURE.md +3 -3
- package/docs/AUTO-BODY-CAPTURE.md +1 -1
- package/docs/AUTO-SETUP-SUMMARY.md +331 -0
- package/docs/AUTO-SETUP.md +4 -4
- package/docs/AUTOMATIC-IP-CAPTURE.md +5 -5
- package/docs/BODY-CAPTURE-FIX.md +261 -0
- package/docs/BODY-CAPTURE-QUICKSTART.md +2 -2
- package/docs/CHANGELOG-NEXTJS.md +1 -35
- package/docs/COMPLETION-REPORT.md +408 -0
- package/docs/CUSTOMER-GUIDE.md +16 -16
- package/docs/EASIEST-SETUP.md +5 -5
- package/docs/ENVIRONMENT-VARIABLES.md +880 -652
- package/docs/EXPRESS-BODY-CAPTURE.md +13 -12
- package/docs/EXPRESS-SETUP-GUIDE.md +719 -720
- package/docs/FINAL-SOLUTION.md +335 -0
- package/docs/FIREWALL-GUIDE.md +426 -0
- package/docs/IMPLEMENTATION-SUMMARY.md +410 -0
- package/docs/INDEX.md +22 -4
- package/docs/LOGGING-GUIDE.md +701 -708
- package/docs/LOGGING-QUICKSTART.md +234 -255
- package/docs/NEXTJS-BODY-CAPTURE-COMPARISON.md +323 -0
- package/docs/NEXTJS-BODY-CAPTURE.md +2 -2
- package/docs/NEXTJS-GUIDE.md +14 -14
- package/docs/NEXTJS-QUICKSTART.md +1 -1
- package/docs/NEXTJS-SETUP-COMPLETE.md +795 -0
- package/docs/NEXTJS-WRAPPER-APPROACH.md +1 -1
- package/docs/NUXT-GUIDE.md +166 -0
- package/docs/QUICKSTART-BODY-CAPTURE.md +2 -2
- package/docs/REDACTION-EXAMPLES.md +1 -1
- package/docs/REQUEST-BODY-CAPTURE.md +19 -10
- package/docs/SOLUTION-SUMMARY.md +312 -0
- package/docs/VERCEL-OTEL-MIGRATION.md +3 -3
- package/examples/README.md +6 -6
- package/examples/instrumentation-with-auto-capture.ts +1 -1
- package/examples/nextjs-env-example.txt +2 -2
- package/examples/nextjs-instrumentation.js +1 -1
- package/examples/nextjs-instrumentation.ts +1 -1
- package/examples/nextjs-with-logging-example.md +6 -6
- package/examples/nextjs-with-options.ts +1 -1
- package/examples/test-nextjs-setup.js +1 -1
- package/firewall-cloud.js +212 -0
- package/firewall-iptables.js +139 -0
- package/firewall-only.js +38 -0
- package/firewall-tcp.js +74 -0
- package/firewall.js +720 -0
- package/free-trial-banner.js +174 -0
- package/nextjs-auto-capture.js +199 -207
- package/nextjs-middleware.js +186 -181
- package/nextjs-webpack-config.js +88 -53
- package/nextjs-wrapper.js +158 -158
- package/nextjs.d.ts +1 -1
- package/nextjs.js +639 -647
- package/nuxt-server-plugin.mjs +423 -0
- package/nuxt.d.ts +60 -0
- package/nuxt.mjs +75 -0
- package/package.json +186 -164
- package/postinstall.js +6 -6
- package/register.d.ts +1 -1
- package/register.js +39 -4
- package/resolve-ip.js +77 -0
- package/tracing.d.ts +2 -1
- package/tracing.js +295 -34
- package/web-vite.mjs +239 -156
- package/LICENSE +0 -15
package/cli/run.js
ADDED
|
@@ -0,0 +1,148 @@
|
|
|
1
|
+
'use strict';
|
|
2
|
+
|
|
3
|
+
const { spawn } = require('child_process');
|
|
4
|
+
const path = require('path');
|
|
5
|
+
const fs = require('fs');
|
|
6
|
+
const ui = require('./ui');
|
|
7
|
+
|
|
8
|
+
function isESM(scriptPath) {
|
|
9
|
+
if (scriptPath.endsWith('.mjs')) return true;
|
|
10
|
+
if (scriptPath.endsWith('.cjs')) return false;
|
|
11
|
+
|
|
12
|
+
let dir = path.resolve(path.dirname(scriptPath));
|
|
13
|
+
while (true) {
|
|
14
|
+
const pkgPath = path.join(dir, 'package.json');
|
|
15
|
+
if (fs.existsSync(pkgPath)) {
|
|
16
|
+
try {
|
|
17
|
+
const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
|
|
18
|
+
return pkg.type === 'module';
|
|
19
|
+
} catch { return false; }
|
|
20
|
+
}
|
|
21
|
+
const parent = path.dirname(dir);
|
|
22
|
+
if (parent === dir) break;
|
|
23
|
+
dir = parent;
|
|
24
|
+
}
|
|
25
|
+
return false;
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
function resolveSecurenowRegister() {
|
|
29
|
+
// When running from the published package, securenow/register resolves to our own register.js.
|
|
30
|
+
// When running from the monorepo, resolve relative to this file.
|
|
31
|
+
try {
|
|
32
|
+
return require.resolve('securenow/register');
|
|
33
|
+
} catch {
|
|
34
|
+
return path.resolve(__dirname, '..', 'register.js');
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
function resolveFirewallOnly() {
|
|
39
|
+
try {
|
|
40
|
+
return require.resolve('securenow/firewall-only');
|
|
41
|
+
} catch {
|
|
42
|
+
return path.resolve(__dirname, '..', 'firewall-only.js');
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
function resolveESMHook() {
|
|
47
|
+
// --import uses ESM resolution which requires file:// URLs for absolute paths
|
|
48
|
+
// on Windows. Using the bare specifier lets Node's own resolver handle it.
|
|
49
|
+
try {
|
|
50
|
+
const resolved = require.resolve('@opentelemetry/instrumentation/hook.mjs');
|
|
51
|
+
const { pathToFileURL } = require('url');
|
|
52
|
+
return pathToFileURL(resolved).href;
|
|
53
|
+
} catch {
|
|
54
|
+
return '@opentelemetry/instrumentation/hook.mjs';
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
/**
|
|
59
|
+
* securenow run [node-flags...] <script> [app-args...]
|
|
60
|
+
*
|
|
61
|
+
* Spawns node with the correct OTel preload flags.
|
|
62
|
+
* Passes through Node flags (--watch, --inspect, etc.) and app arguments.
|
|
63
|
+
*
|
|
64
|
+
* We re-parse from process.argv directly so that flags like --watch and
|
|
65
|
+
* --inspect are forwarded to node verbatim (the CLI's own arg parser
|
|
66
|
+
* would otherwise consume them).
|
|
67
|
+
*/
|
|
68
|
+
function run(rawArgs) {
|
|
69
|
+
// rawArgs comes directly from process.argv, everything after `run` (or the file path)
|
|
70
|
+
if (!rawArgs || rawArgs.length === 0) {
|
|
71
|
+
ui.error('Missing script path.');
|
|
72
|
+
console.log('');
|
|
73
|
+
console.log(` ${ui.c.bold('Usage:')} securenow run [node-flags] <script> [app-args]`);
|
|
74
|
+
console.log('');
|
|
75
|
+
console.log(` ${ui.c.bold('Examples:')}`);
|
|
76
|
+
console.log(` securenow run src/index.js`);
|
|
77
|
+
console.log(` securenow run --watch src/index.js`);
|
|
78
|
+
console.log(` securenow run --inspect src/server.js --port 3000`);
|
|
79
|
+
console.log('');
|
|
80
|
+
process.exit(1);
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
const args = rawArgs;
|
|
84
|
+
|
|
85
|
+
// Split into: node flags (before the script), script path, and app args (after)
|
|
86
|
+
// --firewall-only is a securenow-specific flag, not a Node flag — consume it.
|
|
87
|
+
const nodeFlags = [];
|
|
88
|
+
let firewallOnly = false;
|
|
89
|
+
let scriptIdx = -1;
|
|
90
|
+
|
|
91
|
+
for (let i = 0; i < args.length; i++) {
|
|
92
|
+
if (args[i] === '--firewall-only') {
|
|
93
|
+
firewallOnly = true;
|
|
94
|
+
continue;
|
|
95
|
+
}
|
|
96
|
+
if (args[i].startsWith('-')) {
|
|
97
|
+
nodeFlags.push(args[i]);
|
|
98
|
+
} else {
|
|
99
|
+
scriptIdx = i;
|
|
100
|
+
break;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
if (scriptIdx === -1) {
|
|
105
|
+
ui.error('No script path found. Provide a .js/.mjs/.ts file to run.');
|
|
106
|
+
process.exit(1);
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
const scriptPath = args[scriptIdx];
|
|
110
|
+
const appArgs = args.slice(scriptIdx + 1);
|
|
111
|
+
|
|
112
|
+
const esm = isESM(scriptPath);
|
|
113
|
+
const preloadPath = firewallOnly ? resolveFirewallOnly() : resolveSecurenowRegister();
|
|
114
|
+
|
|
115
|
+
const otelFlags = [];
|
|
116
|
+
// ESM hook is only needed for full tracing; firewall-only skips OTel entirely.
|
|
117
|
+
if (esm && !firewallOnly) {
|
|
118
|
+
otelFlags.push('--import', resolveESMHook());
|
|
119
|
+
}
|
|
120
|
+
otelFlags.push('--require', preloadPath);
|
|
121
|
+
|
|
122
|
+
const finalArgs = [...otelFlags, ...nodeFlags, scriptPath, ...appArgs];
|
|
123
|
+
|
|
124
|
+
const nodeExe = process.execPath;
|
|
125
|
+
|
|
126
|
+
if (process.env.SECURENOW_DEBUG) {
|
|
127
|
+
console.log(`[securenow] ${ui.c.dim('exec:')} ${nodeExe} ${finalArgs.join(' ')}`);
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
const child = spawn(nodeExe, finalArgs, {
|
|
131
|
+
stdio: 'inherit',
|
|
132
|
+
env: process.env,
|
|
133
|
+
cwd: process.cwd(),
|
|
134
|
+
});
|
|
135
|
+
|
|
136
|
+
child.on('close', (code) => process.exit(code ?? 1));
|
|
137
|
+
child.on('error', (err) => {
|
|
138
|
+
ui.error(`Failed to start: ${err.message}`);
|
|
139
|
+
process.exit(1);
|
|
140
|
+
});
|
|
141
|
+
|
|
142
|
+
// Forward termination signals to the child
|
|
143
|
+
for (const sig of ['SIGINT', 'SIGTERM', 'SIGHUP']) {
|
|
144
|
+
process.on(sig, () => child.kill(sig));
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
|
|
148
|
+
module.exports = { run };
|