npm - securenow - Versions diffs - 6.0.2 → 6.1.0 - Mend

securenow 6.0.2 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (87) hide show

package/CONSUMING-APPS-GUIDE.md +455 -0
package/NPM_README.md +2029 -0
package/README.md +297 -40
package/SKILL-API.md +634 -0
package/SKILL-CLI.md +454 -0
package/cidr.js +83 -0
package/cli/apps.js +585 -0
package/cli/auth.js +280 -0
package/cli/client.js +115 -0
package/cli/config.js +173 -0
package/cli/diagnostics.js +387 -0
package/cli/firewall.js +100 -0
package/cli/fp.js +638 -0
package/cli/init.js +201 -0
package/cli/monitor.js +440 -0
package/cli/run.js +148 -0
package/cli/security.js +980 -0
package/cli/ui.js +386 -0
package/cli/utils.js +127 -0
package/cli.js +466 -455
package/console-instrumentation.js +147 -136
package/docs/ALL-FRAMEWORKS-QUICKSTART.md +1377 -455
package/docs/API-KEYS-GUIDE.md +233 -0
package/docs/ARCHITECTURE.md +3 -3
package/docs/AUTO-BODY-CAPTURE.md +1 -1
package/docs/AUTO-SETUP-SUMMARY.md +331 -0
package/docs/AUTO-SETUP.md +4 -4
package/docs/AUTOMATIC-IP-CAPTURE.md +5 -5
package/docs/BODY-CAPTURE-FIX.md +261 -0
package/docs/BODY-CAPTURE-QUICKSTART.md +2 -2
package/docs/CHANGELOG-NEXTJS.md +1 -35
package/docs/COMPLETION-REPORT.md +408 -0
package/docs/CUSTOMER-GUIDE.md +16 -16
package/docs/EASIEST-SETUP.md +5 -5
package/docs/ENVIRONMENT-VARIABLES.md +880 -652
package/docs/EXPRESS-BODY-CAPTURE.md +13 -12
package/docs/EXPRESS-SETUP-GUIDE.md +719 -720
package/docs/FINAL-SOLUTION.md +335 -0
package/docs/FIREWALL-GUIDE.md +426 -0
package/docs/IMPLEMENTATION-SUMMARY.md +410 -0
package/docs/INDEX.md +22 -4
package/docs/LOGGING-GUIDE.md +701 -708
package/docs/LOGGING-QUICKSTART.md +234 -255
package/docs/NEXTJS-BODY-CAPTURE-COMPARISON.md +323 -0
package/docs/NEXTJS-BODY-CAPTURE.md +2 -2
package/docs/NEXTJS-GUIDE.md +14 -14
package/docs/NEXTJS-QUICKSTART.md +1 -1
package/docs/NEXTJS-SETUP-COMPLETE.md +795 -0
package/docs/NEXTJS-WRAPPER-APPROACH.md +1 -1
package/docs/NUXT-GUIDE.md +166 -0
package/docs/QUICKSTART-BODY-CAPTURE.md +2 -2
package/docs/REDACTION-EXAMPLES.md +1 -1
package/docs/REQUEST-BODY-CAPTURE.md +19 -10
package/docs/SOLUTION-SUMMARY.md +312 -0
package/docs/VERCEL-OTEL-MIGRATION.md +3 -3
package/examples/README.md +6 -6
package/examples/instrumentation-with-auto-capture.ts +1 -1
package/examples/nextjs-env-example.txt +2 -2
package/examples/nextjs-instrumentation.js +1 -1
package/examples/nextjs-instrumentation.ts +1 -1
package/examples/nextjs-with-logging-example.md +6 -6
package/examples/nextjs-with-options.ts +1 -1
package/examples/test-nextjs-setup.js +1 -1
package/firewall-cloud.js +212 -0
package/firewall-iptables.js +139 -0
package/firewall-only.js +38 -0
package/firewall-tcp.js +74 -0
package/firewall.js +720 -0
package/free-trial-banner.js +174 -0
package/nextjs-auto-capture.js +199 -207
package/nextjs-middleware.js +186 -181
package/nextjs-webpack-config.js +88 -53
package/nextjs-wrapper.js +158 -158
package/nextjs.d.ts +1 -1
package/nextjs.js +639 -647
package/nuxt-server-plugin.mjs +423 -0
package/nuxt.d.ts +60 -0
package/nuxt.mjs +75 -0
package/package.json +186 -164
package/postinstall.js +6 -6
package/register.d.ts +1 -1
package/register.js +39 -4
package/resolve-ip.js +77 -0
package/tracing.d.ts +2 -1
package/tracing.js +295 -34
package/web-vite.mjs +239 -156
package/LICENSE +0 -15

package/nextjs-wrapper.js CHANGED Viewed

@@ -1,158 +1,158 @@
-/**
- * SecureNow Next.js API Route Wrapper for Body Capture
- *
- * This approach is NON-INVASIVE and runs INSIDE your handler,
- * so it never blocks or interferes with middleware or routing.
- *
- * Usage:
- *
- * import { withSecureNow } from 'securenow/nextjs-wrapper';
- *
- * export const POST = withSecureNow(async (request) => {
- *   // Your handler code - request.body is available as parsed JSON
- *   const data = await request.json();
- *   return Response.json({ success: true });
- * });
- */
-const { trace } = require('@opentelemetry/api');
-// Default sensitive fields to redact
-const DEFAULT_SENSITIVE_FIELDS = [
-  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
-  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
-  'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin',
-];
-/**
- * Redact sensitive fields from an object
- */
-function redactSensitiveData(obj, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
-  if (!obj || typeof obj !== 'object') return obj;
-  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
-  for (const key in redacted) {
-    const lowerKey = key.toLowerCase();
-    if (sensitiveFields.some(field => lowerKey.includes(field.toLowerCase()))) {
-      redacted[key] = '[REDACTED]';
-    } else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
-      redacted[key] = redactSensitiveData(redacted[key], sensitiveFields);
-    }
-  }
-  return redacted;
-}
-/**
- * Capture body from Request object (clone to avoid consuming)
- */
-async function captureRequestBody(request) {
-  const captureBody = String(process.env.SECURENOW_CAPTURE_BODY) === '1' ||
-                      String(process.env.SECURENOW_CAPTURE_BODY).toLowerCase() === 'true';
-  if (!captureBody) return;
-  if (!['POST', 'PUT', 'PATCH'].includes(request.method)) return;
-  const span = trace.getActiveSpan();
-  if (!span) return;
-  try {
-    const contentType = request.headers.get('content-type') || '';
-    const maxBodySize = parseInt(process.env.SECURENOW_MAX_BODY_SIZE || '10240');
-    const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
-    const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
-    // Only for supported types
-    if (!contentType.includes('application/json') &&
-        !contentType.includes('application/graphql') &&
-        !contentType.includes('application/x-www-form-urlencoded')) {
-      return;
-    }
-    // Clone to avoid consuming the original
-    const cloned = request.clone();
-    const bodyText = await cloned.text();
-    if (bodyText.length > maxBodySize) {
-      span.setAttribute('http.request.body', `[TOO LARGE: ${bodyText.length} bytes]`);
-      span.setAttribute('http.request.body.size', bodyText.length);
-      return;
-    }
-    // Parse and redact based on type
-    let redacted;
-    if (contentType.includes('application/json') || contentType.includes('application/graphql')) {
-      try {
-        const parsed = JSON.parse(bodyText);
-        redacted = redactSensitiveData(parsed, allSensitiveFields);
-        span.setAttributes({
-          'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
-          'http.request.body.type': contentType.includes('graphql') ? 'graphql' : 'json',
-          'http.request.body.size': bodyText.length,
-        });
-      } catch (e) {
-        span.setAttribute('http.request.body', '[INVALID JSON]');
-      }
-    } else if (contentType.includes('application/x-www-form-urlencoded')) {
-      const params = new URLSearchParams(bodyText);
-      const parsed = Object.fromEntries(params);
-      redacted = redactSensitiveData(parsed, allSensitiveFields);
-      span.setAttributes({
-        'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
-        'http.request.body.type': 'form',
-        'http.request.body.size': bodyText.length,
-      });
-    }
-  } catch (error) {
-    // Silently fail - never block the request
-  }
-}
-/**
- * Wrap a Next.js API route handler to capture body
- * This is OPTIONAL and NON-INVASIVE - only use on routes where you want body capture
- */
-function withSecureNow(handler) {
-  return async function wrappedHandler(request, context) {
-    // Capture body asynchronously (doesn't block handler)
-    captureRequestBody(request).catch(() => {
-      // Ignore errors silently
-    });
-    // Call original handler immediately - no blocking!
-    return handler(request, context);
-  };
-}
-/**
- * Alternative: Auto-capture wrapper that tries to capture AFTER handler runs
- * This is even safer as it never interferes with the handler logic
- */
-function withSecureNowAsync(handler) {
-  return async function wrappedHandler(request, context) {
-    // Try to capture body in background (non-blocking)
-    const capturePromise = captureRequestBody(request);
-    // Run handler
-    const response = await handler(request, context);
-    // Wait for capture to finish (but don't fail if it doesn't)
-    await capturePromise.catch(() => {});
-    return response;
-  };
-}
-module.exports = {
-  withSecureNow,
-  withSecureNowAsync,
-  captureRequestBody,
-  redactSensitiveData,
-  DEFAULT_SENSITIVE_FIELDS,
-};
+/**
+ * SecureNow Next.js API Route Wrapper for Body Capture
+ *
+ * This approach is NON-INVASIVE and runs INSIDE your handler,
+ * so it never blocks or interferes with middleware or routing.
+ *
+ * Usage:
+ *
+ * import { withSecureNow } from 'securenow/nextjs-wrapper';
+ *
+ * export const POST = withSecureNow(async (request) => {
+ *   // Your handler code - request.body is available as parsed JSON
+ *   const data = await request.json();
+ *   return Response.json({ success: true });
+ * });
+ */
+const { trace } = require('@opentelemetry/api');
+// Default sensitive fields to redact
+const DEFAULT_SENSITIVE_FIELDS = [
+  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
+  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
+  'card', 'cardnumber', 'ccv', 'cvc', 'cvv', 'ssn', 'pin',
+];
+/**
+ * Redact sensitive fields from an object
+ */
+function redactSensitiveData(obj, sensitiveFields = DEFAULT_SENSITIVE_FIELDS) {
+  if (!obj || typeof obj !== 'object') return obj;
+  const redacted = Array.isArray(obj) ? [...obj] : { ...obj };
+  for (const key of Object.keys(redacted)) {
+    const lowerKey = key.toLowerCase();
+    if (sensitiveFields.some(field => lowerKey.includes(field.toLowerCase()))) {
+      redacted[key] = '[REDACTED]';
+    } else if (typeof redacted[key] === 'object' && redacted[key] !== null) {
+      redacted[key] = redactSensitiveData(redacted[key], sensitiveFields);
+    }
+  }
+  return redacted;
+}
+/**
+ * Capture body from Request object (clone to avoid consuming)
+ */
+async function captureRequestBody(request) {
+  const captureBody = String(process.env.SECURENOW_CAPTURE_BODY) === '1' ||
+                      String(process.env.SECURENOW_CAPTURE_BODY).toLowerCase() === 'true';
+  if (!captureBody) return;
+  if (!['POST', 'PUT', 'PATCH'].includes(request.method)) return;
+  const span = trace.getActiveSpan();
+  if (!span) return;
+  try {
+    const contentType = request.headers.get('content-type') || '';
+    const maxBodySize = Math.max(1024, parseInt(process.env.SECURENOW_MAX_BODY_SIZE, 10) || 10240);
+    const customSensitiveFields = (process.env.SECURENOW_SENSITIVE_FIELDS || '').split(',').map(s => s.trim()).filter(Boolean);
+    const allSensitiveFields = [...DEFAULT_SENSITIVE_FIELDS, ...customSensitiveFields];
+    // Only for supported types
+    if (!contentType.includes('application/json') &&
+        !contentType.includes('application/graphql') &&
+        !contentType.includes('application/x-www-form-urlencoded')) {
+      return;
+    }
+    // Clone to avoid consuming the original
+    const cloned = request.clone();
+    const bodyText = await cloned.text();
+    if (bodyText.length > maxBodySize) {
+      span.setAttribute('http.request.body', `[TOO LARGE: ${bodyText.length} bytes]`);
+      span.setAttribute('http.request.body.size', bodyText.length);
+      return;
+    }
+    // Parse and redact based on type
+    let redacted;
+    if (contentType.includes('application/json') || contentType.includes('application/graphql')) {
+      try {
+        const parsed = JSON.parse(bodyText);
+        redacted = redactSensitiveData(parsed, allSensitiveFields);
+        span.setAttributes({
+          'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
+          'http.request.body.type': contentType.includes('graphql') ? 'graphql' : 'json',
+          'http.request.body.size': bodyText.length,
+        });
+      } catch (e) {
+        span.setAttribute('http.request.body', '[INVALID JSON]');
+      }
+    } else if (contentType.includes('application/x-www-form-urlencoded')) {
+      const params = new URLSearchParams(bodyText);
+      const parsed = Object.fromEntries(params);
+      redacted = redactSensitiveData(parsed, allSensitiveFields);
+      span.setAttributes({
+        'http.request.body': JSON.stringify(redacted).substring(0, maxBodySize),
+        'http.request.body.type': 'form',
+        'http.request.body.size': bodyText.length,
+      });
+    }
+  } catch (error) {
+    // Silently fail - never block the request
+  }
+}
+/**
+ * Wrap a Next.js API route handler to capture body
+ * This is OPTIONAL and NON-INVASIVE - only use on routes where you want body capture
+ */
+function withSecureNow(handler) {
+  return async function wrappedHandler(request, context) {
+    // Capture body asynchronously (doesn't block handler)
+    captureRequestBody(request).catch(() => {
+      // Ignore errors silently
+    });
+    // Call original handler immediately - no blocking!
+    return handler(request, context);
+  };
+}
+/**
+ * Alternative: Auto-capture wrapper that tries to capture AFTER handler runs
+ * This is even safer as it never interferes with the handler logic
+ */
+function withSecureNowAsync(handler) {
+  return async function wrappedHandler(request, context) {
+    // Try to capture body in background (non-blocking)
+    const capturePromise = captureRequestBody(request);
+    // Run handler
+    const response = await handler(request, context);
+    // Wait for capture to finish (but don't fail if it doesn't)
+    await capturePromise.catch(() => {});
+    return response;
+  };
+}
+module.exports = {
+  withSecureNow,
+  withSecureNowAsync,
+  captureRequestBody,
+  redactSensitiveData,
+  DEFAULT_SENSITIVE_FIELDS,
+};

package/nextjs.d.ts CHANGED Viewed

@@ -51,7 +51,7 @@ export interface RegisterOptions {
  * export function register() {
  *   registerSecureNow({
  *     serviceName: 'my-nextjs-app',
- *     endpoint: 'http://signoz.company.com:4318',
+ *     endpoint: 'http://your-otlp-backend.example.com:4318',
  *     noUuid: true,
  *   });
  * }