npm - securenow - Versions diffs - 7.6.6 → 7.6.8 - Mend

securenow 7.6.6 → 7.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

package/NPM_README.md +13 -13
package/README.md +21 -37
package/app-config.js +5 -3
package/cli/config.js +4 -3
package/cli/diagnostics.js +54 -15
package/cli/run.js +40 -11
package/firewall-only.js +1 -1
package/firewall.js +88 -57
package/mcp/catalog.js +1 -1
package/nextjs-webpack-config.js +3 -15
package/nextjs.js +21 -23
package/nuxt-server-plugin.mjs +20 -10
package/package.json +33 -34
package/register.js +1 -1
package/tracing.js +17 -7
package/web-vite.mjs +23 -13
package/CONSUMING-APPS-GUIDE.md +0 -463
package/docs/ALL-FRAMEWORKS-QUICKSTART.md +0 -1388
package/docs/API-KEYS-GUIDE.md +0 -278
package/docs/ARCHITECTURE.md +0 -408
package/docs/AUTO-BODY-CAPTURE.md +0 -412
package/docs/AUTO-SETUP-SUMMARY.md +0 -331
package/docs/AUTO-SETUP.md +0 -419
package/docs/AUTOMATIC-IP-CAPTURE.md +0 -359
package/docs/BODY-CAPTURE-FIX.md +0 -261
package/docs/BODY-CAPTURE-QUICKSTART.md +0 -147
package/docs/CHANGELOG-NEXTJS.md +0 -235
package/docs/COMPLETION-REPORT.md +0 -408
package/docs/CUSTOMER-GUIDE.md +0 -364
package/docs/EASIEST-SETUP.md +0 -342
package/docs/ENVIRONMENT-VARIABLES.md +0 -166
package/docs/ENVIRONMENTS.md +0 -60
package/docs/EXPRESS-BODY-CAPTURE.md +0 -1028
package/docs/EXPRESS-SETUP-GUIDE.md +0 -722
package/docs/FINAL-SOLUTION.md +0 -335
package/docs/FIREWALL-GUIDE.md +0 -440
package/docs/IMPLEMENTATION-SUMMARY.md +0 -410
package/docs/INDEX.md +0 -222
package/docs/LOGGING-GUIDE.md +0 -704
package/docs/LOGGING-QUICKSTART.md +0 -221
package/docs/MCP-GUIDE.md +0 -58
package/docs/NEXTJS-BODY-CAPTURE-COMPARISON.md +0 -323
package/docs/NEXTJS-BODY-CAPTURE.md +0 -368
package/docs/NEXTJS-GUIDE.md +0 -392
package/docs/NEXTJS-QUICKSTART.md +0 -83
package/docs/NEXTJS-SETUP-COMPLETE.md +0 -795
package/docs/NEXTJS-WEBPACK-WARNINGS.md +0 -267
package/docs/NEXTJS-WRAPPER-APPROACH.md +0 -414
package/docs/NUXT-GUIDE.md +0 -173
package/docs/QUICKSTART-BODY-CAPTURE.md +0 -293
package/docs/REDACTION-EXAMPLES.md +0 -484
package/docs/REQUEST-BODY-CAPTURE.md +0 -587
package/docs/SOLUTION-SUMMARY.md +0 -312
package/docs/VERCEL-OTEL-MIGRATION.md +0 -255
package/examples/README.md +0 -265
package/examples/express-with-logging.js +0 -137
package/examples/instrumentation-with-auto-capture.ts +0 -41
package/examples/next.config.js +0 -37
package/examples/nextjs-api-route-with-body-capture.ts +0 -54
package/examples/nextjs-env-example.txt +0 -32
package/examples/nextjs-instrumentation.js +0 -36
package/examples/nextjs-instrumentation.ts +0 -36
package/examples/nextjs-middleware.js +0 -37
package/examples/nextjs-middleware.ts +0 -37
package/examples/nextjs-with-logging-example.md +0 -301
package/examples/nextjs-with-options.ts +0 -36
package/examples/test-nextjs-setup.js +0 -70
package/postinstall.js +0 -296

package/docs/BODY-CAPTURE-QUICKSTART.md DELETED Viewed

@@ -1,147 +0,0 @@
-# 📝 Request Body Capture - Quick Start
-## Enable in 30 Seconds
-### Step 1: Enable
-Add to `.env.local`:
-```bash
-SECURENOW_CAPTURE_BODY=1
-```
-### Step 2: Deploy
-```bash
-npm run dev  # or deploy to production
-```
-### Step 3: Done! ✅
-All POST/PUT/PATCH request bodies are now captured with sensitive data automatically redacted!
----
-## What Gets Captured (ALL with Auto-Redaction!)
-✅ **JSON** - API payloads (objects redacted)
-✅ **GraphQL** - Queries and mutations (arguments/variables redacted)
-✅ **Form Data** - Form submissions (parsed and redacted)
-❌ **File Uploads** - NOT captured at all (by design)
----
-## Security Built-In
-These fields are **automatically redacted**:
-- `password`, `token`, `api_key`, `secret`
-- `access_token`, `auth`, `credentials`
-- `card`, `cardnumber`, `cvv`, `ssn`
-- And 15+ more sensitive fields
-**Example:**
-```json
-// Original
-{"username": "john", "password": "secret123"}
-// Captured
-{"username": "john", "password": "[REDACTED]"}
-```
----
-## Configuration Options
-```bash
-# Enable capture (required)
-SECURENOW_CAPTURE_BODY=1
-# Max body size in bytes (default: 10KB)
-SECURENOW_MAX_BODY_SIZE=20480
-# Add custom sensitive fields to redact
-SECURENOW_SENSITIVE_FIELDS=email,phone,address
-```
----
-## View in SecureNow
-Query for captured bodies:
-```
-http.request.body IS NOT NULL
-```
-See specific endpoint:
-```
-http.target = "/api/checkout"
-AND http.request.body CONTAINS "product"
-```
----
-## Examples
-### Next.js API Route
-```typescript
-// app/api/login/route.ts
-export async function POST(request: Request) {
-  const body = await request.json();
-  // Body automatically captured in traces!
-  return Response.json({ success: true });
-}
-```
-### Express.js
-```javascript
-app.post('/api/login', (req, res) => {
-  // req.body automatically captured!
-  res.json({ success: true });
-});
-```
----
-## Safety Features
-✅ **Size limits** - Bodies over limit show `[TOO LARGE]`
-✅ **Auto-redaction** - 20+ sensitive fields protected
-✅ **Type detection** - JSON, GraphQL, Form parsed correctly
-✅ **No file capture** - Multipart uploads excluded
-✅ **Fast** - < 1ms overhead per request
----
-## Common Use Cases
-1. **Debug API errors** - See exact input that caused error
-2. **Monitor GraphQL** - Track slow queries
-3. **Validate inputs** - Understand user input patterns
-4. **Track features** - See which API features are used
-5. **Security analysis** - Detect malicious payloads
----
-## Privacy Notes
-⚠️ Request bodies may contain personal data
-**Best practices:**
-- Add relevant fields to `SECURENOW_SENSITIVE_FIELDS`
-- Set appropriate retention in SecureNow
-- Document in privacy policy
-- Consider GDPR/CCPA requirements
----
-## Full Documentation
-See [REQUEST-BODY-CAPTURE.md](./REQUEST-BODY-CAPTURE.md) for:
-- Complete security guide
-- GDPR compliance tips
-- Advanced configuration
-- Performance optimization
-- Troubleshooting
-- FAQ
----
-**That's it!** Enable with one environment variable, get full request visibility with automatic security. 🔒

package/docs/CHANGELOG-NEXTJS.md DELETED Viewed

@@ -1,235 +0,0 @@
-# Changelog - Next.js Support
-## Version 3.1.0 (Next.js Support Added)
-### 🎉 New Features
-#### Next.js Integration (`nextjs.js`)
-- ✅ **Seamless Next.js support** via `securenow/nextjs` export
-- ✅ **One-line setup** using Next.js instrumentation hook
-- ✅ **Auto-instrumentation** for all Node.js frameworks and libraries
-- ✅ **Environment-based configuration** with sensible defaults
-- ✅ **Programmatic configuration** option for advanced users
-- ✅ **Edge runtime detection** (automatically skips unsupported runtimes)
-- ✅ **Vercel deployment** attributes (region, environment, version)
-- ✅ **PM2/Cluster support** with unique service instance IDs
-#### Enhanced Core (`tracing.js`)
-- ✅ **Added `getNodeAutoInstrumentations()`** for comprehensive auto-instrumentation
-- ✅ **Supports 30+ Node.js libraries** out of the box:
-  - Web frameworks: Express, Fastify, NestJS, Koa, Hapi
-  - Databases: PostgreSQL, MySQL, MongoDB, Redis
-  - HTTP clients: fetch, axios, http/https
-  - GraphQL, gRPC, and more
-- ✅ **Advanced configuration** via environment variables
-- ✅ **Diagnostic logging** with configurable log levels
-- ✅ **Test span creation** for setup verification
-- ✅ **Graceful shutdown** handling for both SIGTERM and SIGINT
-### 📦 Package Updates
-#### New Exports
-```json
-{
-  "./nextjs": "./nextjs.js"
-}
-```
-#### New Files
-- `nextjs.js` - Next.js integration entry point
-- `examples/nextjs-instrumentation.ts` - TypeScript example
-- `examples/nextjs-instrumentation.js` - JavaScript example
-- `examples/nextjs-with-options.ts` - Advanced configuration example
-- `examples/nextjs-env-example.txt` - Environment variables reference
-- `examples/test-nextjs-setup.js` - Test script
-- `NEXTJS-GUIDE.md` - Complete Next.js integration guide
-- `NEXTJS-QUICKSTART.md` - Quick start guide
-- `ARCHITECTURE.md` - Technical architecture documentation
-#### Updated Files
-- `README.md` - Added Next.js quick start
-- `package.json` - Added exports, keywords, description
-### 🔧 Configuration Options
-#### New Environment Variables
-- `SECURENOW_APPID` - Preferred way to set service name
-- `SECURENOW_INSTANCE` - Preferred way to set collector endpoint
-- `SECURENOW_NO_UUID` - Disable UUID suffix
-- `SECURENOW_STRICT` - Fail fast if no service name in cluster
-- `SECURENOW_DISABLE_INSTRUMENTATIONS` - Disable specific instrumentations
-- `OTEL_LOG_LEVEL` - Control diagnostic logging
-- `SECURENOW_TEST_SPAN` - Create test span on startup
-#### Backward Compatibility
-- ✅ Legacy `securenow` and `securenow_instance` still work
-- ✅ Standard OpenTelemetry env vars supported
-- ✅ Existing Node.js apps work without changes
-### 📊 Auto-Instrumented Libraries
-#### New Instrumentations Added
-- Express.js
-- Fastify
-- NestJS
-- Koa
-- Hapi
-- PostgreSQL
-- MySQL / MySQL2
-- MongoDB
-- Redis
-- GraphQL
-- HTTP/HTTPS
-- Fetch API
-- DNS
-- Net
-- File System
-- And 20+ more via auto-instrumentations
-### 🎯 Usage Examples
-#### Next.js (New)
-```typescript
-// instrumentation.ts
-import { registerSecureNow } from 'securenow/nextjs';
-export function register() { registerSecureNow(); }
-```
-#### Node.js (Existing)
-```bash
-NODE_OPTIONS="-r securenow/register" node app.js
-```
-### 📚 Documentation
-#### New Guides
-- **NEXTJS-QUICKSTART.md** - 30-second setup guide
-- **NEXTJS-GUIDE.md** - Complete integration guide with:
-  - Installation instructions
-  - Configuration options
-  - Deployment guides (Vercel, Docker, VPS)
-  - Troubleshooting
-  - Best practices
-  - Comparison with alternatives
-- **ARCHITECTURE.md** - Technical architecture and data flow
-#### Updated Documentation
-- **README.md** - Now includes Next.js quick start
-- **Examples** - 5 new example files
-### 🐛 Bug Fixes
-- Fixed graceful shutdown handling
-- Improved error messages for missing configuration
-- Better handling of PM2/cluster deployments
-### ⚡ Performance
-- No additional overhead (uses existing OpenTelemetry SDK)
-- Efficient batching of spans
-- Configurable sampling (100% by default)
-### 🔒 Security
-- API keys passed via headers (never logged)
-- Supports HTTPS endpoints
-- No sensitive data exposed in spans by default
-### 📈 Metrics
-- Lines of code added: ~500
-- New files: 11
-- Dependencies added: 0 (uses existing dependencies)
-- Breaking changes: 0 (fully backward compatible)
-### 🚀 What's Next?
-#### Planned Features
-- Edge Runtime support for Next.js
-- Browser instrumentation improvements
-- Metrics support (in addition to traces)
-- Log correlation
-- Custom span decorators
-- Configuration presets
-### 🙏 Credits
-- Built on OpenTelemetry
-- Inspired by Vercel's `@vercel/otel`
-- Compatible with SecureNow and all OTLP collectors
----
-## Migration Guide
-### From Previous Versions
-No changes required! All existing code works as-is.
-### Adding Next.js Support
-If you want to add Next.js support:
-1. Update to latest version:
-   ```bash
-   npm install securenow@latest
-   ```
-2. Create `instrumentation.ts`:
-   ```typescript
-   import { registerSecureNow } from 'securenow/nextjs';
-   export function register() { registerSecureNow(); }
-   ```
-3. Add environment variables:
-   ```bash
-   SECURENOW_APPID=my-nextjs-app
-   ```
-That's it!
----
-## Breaking Changes
-**None** - This release is 100% backward compatible.
----
-## Deprecations
-**None** - All existing APIs remain supported.
----
-## Known Issues
-### Edge Runtime
-- Not yet supported (automatically skipped)
-- Workaround: Use Node.js runtime for instrumented routes
-### Vercel Deployment
-- Some instrumentations may be too verbose
-- Workaround: Use `SECURENOW_DISABLE_INSTRUMENTATIONS=fs`
----
-## Testing
-Tested with:
-- ✅ Next.js 13.x (Pages Router)
-- ✅ Next.js 14.x (App Router)
-- ✅ Next.js 15.x (App Router)
-- ✅ Vercel deployment
-- ✅ Docker deployment
-- ✅ PM2 cluster mode
-- ✅ Express.js
-- ✅ Fastify
-- ✅ NestJS
----
-**Release Date:** December 2024
-**Version:** 3.1.0 (proposed)