securenow 7.6.7 → 7.6.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/NPM_README.md +13 -13
  2. package/README.md +21 -37
  3. package/app-config.js +5 -3
  4. package/cli/config.js +4 -3
  5. package/cli/diagnostics.js +54 -15
  6. package/cli/run.js +40 -11
  7. package/firewall-only.js +1 -1
  8. package/mcp/catalog.js +1 -1
  9. package/nextjs-webpack-config.js +3 -15
  10. package/nextjs.js +21 -23
  11. package/nuxt-server-plugin.mjs +20 -10
  12. package/package.json +33 -34
  13. package/register.js +1 -1
  14. package/tracing.js +17 -7
  15. package/web-vite.mjs +23 -13
  16. package/CONSUMING-APPS-GUIDE.md +0 -463
  17. package/docs/ALL-FRAMEWORKS-QUICKSTART.md +0 -1388
  18. package/docs/API-KEYS-GUIDE.md +0 -278
  19. package/docs/ARCHITECTURE.md +0 -408
  20. package/docs/AUTO-BODY-CAPTURE.md +0 -412
  21. package/docs/AUTO-SETUP-SUMMARY.md +0 -331
  22. package/docs/AUTO-SETUP.md +0 -419
  23. package/docs/AUTOMATIC-IP-CAPTURE.md +0 -359
  24. package/docs/BODY-CAPTURE-FIX.md +0 -261
  25. package/docs/BODY-CAPTURE-QUICKSTART.md +0 -147
  26. package/docs/CHANGELOG-NEXTJS.md +0 -235
  27. package/docs/COMPLETION-REPORT.md +0 -408
  28. package/docs/CUSTOMER-GUIDE.md +0 -364
  29. package/docs/EASIEST-SETUP.md +0 -342
  30. package/docs/ENVIRONMENT-VARIABLES.md +0 -166
  31. package/docs/ENVIRONMENTS.md +0 -60
  32. package/docs/EXPRESS-BODY-CAPTURE.md +0 -1028
  33. package/docs/EXPRESS-SETUP-GUIDE.md +0 -722
  34. package/docs/FINAL-SOLUTION.md +0 -335
  35. package/docs/FIREWALL-GUIDE.md +0 -440
  36. package/docs/IMPLEMENTATION-SUMMARY.md +0 -410
  37. package/docs/INDEX.md +0 -222
  38. package/docs/LOGGING-GUIDE.md +0 -704
  39. package/docs/LOGGING-QUICKSTART.md +0 -221
  40. package/docs/MCP-GUIDE.md +0 -58
  41. package/docs/NEXTJS-BODY-CAPTURE-COMPARISON.md +0 -323
  42. package/docs/NEXTJS-BODY-CAPTURE.md +0 -368
  43. package/docs/NEXTJS-GUIDE.md +0 -392
  44. package/docs/NEXTJS-QUICKSTART.md +0 -83
  45. package/docs/NEXTJS-SETUP-COMPLETE.md +0 -795
  46. package/docs/NEXTJS-WEBPACK-WARNINGS.md +0 -267
  47. package/docs/NEXTJS-WRAPPER-APPROACH.md +0 -414
  48. package/docs/NUXT-GUIDE.md +0 -173
  49. package/docs/QUICKSTART-BODY-CAPTURE.md +0 -293
  50. package/docs/REDACTION-EXAMPLES.md +0 -484
  51. package/docs/REQUEST-BODY-CAPTURE.md +0 -587
  52. package/docs/SOLUTION-SUMMARY.md +0 -312
  53. package/docs/VERCEL-OTEL-MIGRATION.md +0 -255
  54. package/examples/README.md +0 -265
  55. package/examples/express-with-logging.js +0 -137
  56. package/examples/instrumentation-with-auto-capture.ts +0 -41
  57. package/examples/next.config.js +0 -37
  58. package/examples/nextjs-api-route-with-body-capture.ts +0 -54
  59. package/examples/nextjs-env-example.txt +0 -32
  60. package/examples/nextjs-instrumentation.js +0 -36
  61. package/examples/nextjs-instrumentation.ts +0 -36
  62. package/examples/nextjs-middleware.js +0 -37
  63. package/examples/nextjs-middleware.ts +0 -37
  64. package/examples/nextjs-with-logging-example.md +0 -301
  65. package/examples/nextjs-with-options.ts +0 -36
  66. package/examples/test-nextjs-setup.js +0 -70
  67. package/postinstall.js +0 -296
package/nuxt-server-plugin.mjs CHANGED
@@ -9,7 +9,7 @@
9
9
 
10
10
  import { NodeSDK } from '@opentelemetry/sdk-node';
11
11
  import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
12
- import { Resource } from '@opentelemetry/resources';
12
+ import * as otelResources from '@opentelemetry/resources';
13
13
  import { SemanticResourceAttributes } from '@opentelemetry/semantic-conventions';
14
14
  import { HttpInstrumentation } from '@opentelemetry/instrumentation-http';
15
15
  import {
@@ -17,8 +17,8 @@ import {
17
17
  trace as otelTrace,
18
18
  SpanStatusCode,
19
19
  } from '@opentelemetry/api';
20
- import { v4 as uuidv4 } from 'uuid';
21
20
  import { createRequire } from 'node:module';
21
+ import { randomUUID } from 'node:crypto';
22
22
 
23
23
  const nodeRequire = createRequire(import.meta.url);
24
24
  const appConfig = nodeRequire('./app-config');
@@ -27,6 +27,16 @@ const appConfig = nodeRequire('./app-config');
27
27
 
28
28
  const env = appConfig.env;
29
29
 
30
+ function createResource(attributes) {
31
+ if (typeof otelResources.resourceFromAttributes === 'function') {
32
+ return otelResources.resourceFromAttributes(attributes);
33
+ }
34
+ if (typeof otelResources.Resource === 'function') {
35
+ return new otelResources.Resource(attributes);
36
+ }
37
+ throw new Error('Unsupported @opentelemetry/resources version');
38
+ }
39
+
30
40
  const DEFAULT_SENSITIVE_FIELDS = [
31
41
  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
32
42
  'access_token', 'auth', 'credentials', 'mysql_pwd', 'stripeToken',
@@ -79,9 +89,9 @@ export default defineNitroPlugin(async (nitroApp) => {
79
89
 
80
90
  let serviceName;
81
91
  if (baseName) {
82
- serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
92
+ serviceName = noUuid ? baseName : `${baseName}-${randomUUID()}`;
83
93
  } else {
84
- serviceName = `nuxt-app-${uuidv4()}`;
94
+ serviceName = `nuxt-app-${randomUUID()}`;
85
95
  console.warn(
86
96
  '[securenow] ⚠️ No app identity resolved. Using fallback: %s',
87
97
  serviceName,
@@ -91,7 +101,7 @@ export default defineNitroPlugin(async (nitroApp) => {
91
101
  );
92
102
  }
93
103
 
94
- const serviceInstanceId = `${baseName || 'securenow'}-${uuidv4()}`;
104
+ const serviceInstanceId = `${baseName || 'securenow'}-${randomUUID()}`;
95
105
 
96
106
  // ── Endpoints ──
97
107
  const resolvedEndpoints = appConfig.resolveEndpoints({ endpoint: opts.endpoint || resolvedApp.instance });
@@ -101,7 +111,7 @@ export default defineNitroPlugin(async (nitroApp) => {
101
111
  const headers = resolvedEndpoints.headers;
102
112
 
103
113
  // ── Resource ──
104
- const resource = new Resource({
114
+ const resource = createResource({
105
115
  [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
106
116
  [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: serviceInstanceId,
107
117
  [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: deploymentEnvironment,
@@ -237,10 +247,10 @@ export default defineNitroPlugin(async (nitroApp) => {
237
247
  );
238
248
 
239
249
  const logExporter = new OTLPLogExporter({ url: logsUrl, headers });
240
- loggerProvider = new LoggerProvider({ resource });
241
- loggerProvider.addLogRecordProcessor(
242
- new BatchLogRecordProcessor(logExporter),
243
- );
250
+ loggerProvider = new LoggerProvider({
251
+ resource,
252
+ processors: [new BatchLogRecordProcessor(logExporter)],
253
+ });
244
254
 
245
255
  const logger = loggerProvider.getLogger('console', '1.0.0');
246
256
  const SEV = { DEBUG: 5, INFO: 9, WARN: 13, ERROR: 17 };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "securenow",
3
- "version": "7.6.7",
3
+ "version": "7.6.8",
4
4
  "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
5
5
  "type": "commonjs",
6
6
  "main": "register.js",
@@ -9,9 +9,6 @@
9
9
  "securenow": "cli.js",
10
10
  "securenow-mcp": "mcp/server.js"
11
11
  },
12
- "scripts": {
13
- "postinstall": "node postinstall.js || exit 0"
14
- },
15
12
  "keywords": [
16
13
  "opentelemetry",
17
14
  "otel",
@@ -135,47 +132,49 @@
135
132
  "firewall-tcp.js",
136
133
  "firewall-iptables.js",
137
134
  "firewall-cloud.js",
138
- "postinstall.js",
139
135
  "register-vite.js",
140
136
  "web-vite.mjs",
141
137
  "app-config.js",
142
- "examples/",
143
- "docs/",
144
138
  "README.md",
145
139
  "NPM_README.md",
146
- "CONSUMING-APPS-GUIDE.md",
147
140
  "SKILL-CLI.md",
148
141
  "SKILL-API.md"
149
142
  ],
150
143
  "dependencies": {
151
- "@opentelemetry/api": "1.7.0",
152
- "@opentelemetry/api-logs": "0.47.0",
153
- "@opentelemetry/auto-instrumentations-node": "0.47.0",
154
- "@opentelemetry/exporter-logs-otlp-http": "0.47.0",
155
- "@opentelemetry/exporter-trace-otlp-http": "0.47.0",
156
- "@opentelemetry/instrumentation": "0.47.0",
157
- "@opentelemetry/instrumentation-document-load": "0.47.0",
158
- "@opentelemetry/instrumentation-fetch": "0.47.0",
159
- "@opentelemetry/instrumentation-http": "0.47.0",
160
- "@opentelemetry/instrumentation-mongodb": "0.46.0",
161
- "@opentelemetry/instrumentation-user-interaction": "0.47.0",
162
- "@opentelemetry/instrumentation-xml-http-request": "0.47.0",
163
- "@opentelemetry/resources": "1.20.0",
164
- "@opentelemetry/sdk-logs": "0.47.0",
165
- "@opentelemetry/sdk-node": "0.47.0",
166
- "@opentelemetry/sdk-trace-web": "1.20.0",
167
- "@opentelemetry/semantic-conventions": "1.20.0",
168
- "dotenv": "^17.2.1",
169
- "uuid": "^9.0.0"
144
+ "@opentelemetry/api": "1.9.1",
145
+ "@opentelemetry/api-logs": "0.218.0",
146
+ "@opentelemetry/auto-instrumentations-node": "0.76.0",
147
+ "@opentelemetry/core": "2.7.1",
148
+ "@opentelemetry/exporter-logs-otlp-http": "0.218.0",
149
+ "@opentelemetry/exporter-trace-otlp-http": "0.218.0",
150
+ "@opentelemetry/instrumentation": "0.218.0",
151
+ "@opentelemetry/instrumentation-document-load": "0.63.0",
152
+ "@opentelemetry/instrumentation-fetch": "0.218.0",
153
+ "@opentelemetry/instrumentation-http": "0.218.0",
154
+ "@opentelemetry/instrumentation-mongodb": "0.71.0",
155
+ "@opentelemetry/instrumentation-user-interaction": "0.62.0",
156
+ "@opentelemetry/instrumentation-xml-http-request": "0.218.0",
157
+ "@opentelemetry/resources": "2.7.1",
158
+ "@opentelemetry/sdk-logs": "0.218.0",
159
+ "@opentelemetry/sdk-metrics": "2.7.1",
160
+ "@opentelemetry/sdk-node": "0.218.0",
161
+ "@opentelemetry/sdk-trace-base": "2.7.1",
162
+ "@opentelemetry/sdk-trace-web": "2.7.1",
163
+ "@opentelemetry/semantic-conventions": "1.41.1",
164
+ "dotenv": "17.2.1"
170
165
  },
171
166
  "optionalDependencies": {
172
- "@vercel/otel": "1.10.4"
173
- },
174
- "overrides": {
175
- "@opentelemetry/api": "1.7.0",
176
- "@opentelemetry/api-logs": "0.47.0",
177
- "protobufjs": "^7.5.5"
167
+ "@vercel/otel": "2.1.2"
178
168
  },
179
169
  "sideEffects": true,
180
- "license": "ISC"
170
+ "license": "ISC",
171
+ "directories": {
172
+ "doc": "docs",
173
+ "example": "examples"
174
+ },
175
+ "devDependencies": {},
176
+ "scripts": {
177
+ "test": "echo \"Error: no test specified\" && exit 1"
178
+ },
179
+ "author": ""
181
180
  }
package/register.js CHANGED
@@ -9,7 +9,7 @@
9
9
  // 1. Load dotenv quietly only for legacy installs. Normal local and production
10
10
  // configuration comes from .securenow/credentials.json via app-config.js.
11
11
  try {
12
- require('dotenv').config();
12
+ require('dotenv').config({ quiet: true });
13
13
  } catch (e) {
14
14
  // dotenv is optional.
15
15
  }
package/tracing.js CHANGED
@@ -33,15 +33,25 @@ const { NodeSDK } = require('@opentelemetry/sdk-node');
33
33
  const { OTLPTraceExporter } = require('@opentelemetry/exporter-trace-otlp-http');
34
34
  const { OTLPLogExporter } = require('@opentelemetry/exporter-logs-otlp-http');
35
35
  const { LoggerProvider, BatchLogRecordProcessor } = require('@opentelemetry/sdk-logs');
36
- const { Resource } = require('@opentelemetry/resources');
36
+ const otelResources = require('@opentelemetry/resources');
37
37
  const { SemanticResourceAttributes } = require('@opentelemetry/semantic-conventions');
38
38
  const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
39
39
  const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
40
- const { v4: uuidv4 } = require('uuid');
40
+ const { randomUUID } = require('crypto');
41
41
  const appConfig = require('./app-config');
42
42
 
43
43
  const env = appConfig.env;
44
44
 
45
+ function createResource(attributes) {
46
+ if (typeof otelResources.resourceFromAttributes === 'function') {
47
+ return otelResources.resourceFromAttributes(attributes);
48
+ }
49
+ if (typeof otelResources.Resource === 'function') {
50
+ return new otelResources.Resource(attributes);
51
+ }
52
+ throw new Error('Unsupported @opentelemetry/resources version');
53
+ }
54
+
45
55
  // Default sensitive fields to redact from request bodies
46
56
  const DEFAULT_SENSITIVE_FIELDS = [
47
57
  'password', 'passwd', 'pwd', 'secret', 'token', 'api_key', 'apikey',
@@ -297,15 +307,15 @@ if (!baseName && inPm2Cluster && strict) {
297
307
  // service.name
298
308
  let serviceName;
299
309
  if (baseName) {
300
- serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
310
+ serviceName = noUuid ? baseName : `${baseName}-${randomUUID()}`;
301
311
  } else {
302
312
  // last-resort fallback (only if STRlCT is off). You can rename this to make it obvious in monitoring.
303
- serviceName = `securenow-free-${uuidv4()}`;
313
+ serviceName = `securenow-free-${randomUUID()}`;
304
314
  }
305
315
 
306
316
  // service.instance.id = <appid-or-fallback>-<uuid> (unique per worker)
307
317
  const instancePrefix = baseName || 'securenow';
308
- const serviceInstanceId = `${instancePrefix}-${uuidv4()}`;
318
+ const serviceInstanceId = `${instancePrefix}-${randomUUID()}`;
309
319
 
310
320
  // Loud line per worker to prove what was used
311
321
  console.log('[securenow] pid=%d appId=%s instance=%s apiKey=%s → service.name=%s instance.id=%s',
@@ -466,7 +476,7 @@ const httpInstrumentation = new HttpInstrumentation({
466
476
  const loggingEnabled = !/^(0|false)$/i.test(String(env('SECURENOW_LOGGING_ENABLED') ?? ''));
467
477
 
468
478
  // Create shared resource for both traces and logs
469
- const sharedResource = new Resource({
479
+ const sharedResource = createResource({
470
480
  [SemanticResourceAttributes.SERVICE_NAME]: serviceName,
471
481
  [SemanticResourceAttributes.SERVICE_INSTANCE_ID]: serviceInstanceId,
472
482
  [SemanticResourceAttributes.DEPLOYMENT_ENVIRONMENT]: appConfig.resolveDeploymentEnvironment(),
@@ -485,8 +495,8 @@ if (loggingEnabled) {
485
495
  const batchLogProcessor = new BatchLogRecordProcessor(logExporter);
486
496
  loggerProvider = new LoggerProvider({
487
497
  resource: sharedResource,
498
+ processors: [batchLogProcessor],
488
499
  });
489
- loggerProvider.addLogRecordProcessor(batchLogProcessor);
490
500
 
491
501
  // Auto-patch console.* so every log/warn/error becomes an OTel log record
492
502
  const _logger = loggerProvider.getLogger('console', '1.0.0');
package/web-vite.mjs CHANGED
@@ -3,7 +3,7 @@
3
3
 
4
4
  import { WebTracerProvider, BatchSpanProcessor } from '@opentelemetry/sdk-trace-web';
5
5
  import { OTLPTraceExporter } from '@opentelemetry/exporter-trace-otlp-http';
6
- import { Resource } from '@opentelemetry/resources';
6
+ import * as otelResources from '@opentelemetry/resources';
7
7
  import { SemanticResourceAttributes as S } from '@opentelemetry/semantic-conventions';
8
8
  import { registerInstrumentations } from '@opentelemetry/instrumentation';
9
9
  import { DocumentLoadInstrumentation } from '@opentelemetry/instrumentation-document-load';
@@ -12,9 +12,19 @@ import { FetchInstrumentation } from '@opentelemetry/instrumentation-fetch';
12
12
  import { XMLHttpRequestInstrumentation } from '@opentelemetry/instrumentation-xml-http-request';
13
13
 
14
14
  // ---- helpers / env ----
15
- const viteEnv: any = (import.meta as any).env || {};
15
+ const viteEnv = import.meta.env || {};
16
16
 
17
- function env(k: string): string | undefined {
17
+ function createResource(attributes) {
18
+ if (typeof otelResources.resourceFromAttributes === 'function') {
19
+ return otelResources.resourceFromAttributes(attributes);
20
+ }
21
+ if (typeof otelResources.Resource === 'function') {
22
+ return new otelResources.Resource(attributes);
23
+ }
24
+ throw new Error('Unsupported @opentelemetry/resources version');
25
+ }
26
+
27
+ function env(k) {
18
28
  // Accept both Vite envs (VITE_*) and raw names for window.__SECURENOW__
19
29
  const direct =
20
30
  viteEnv[k] ??
@@ -23,13 +33,13 @@ function env(k: string): string | undefined {
23
33
  if (direct != null) return String(direct);
24
34
 
25
35
  // Optionally support runtime overrides via window.__SECURENOW__
26
- const w = (globalThis as any).window as any;
36
+ const w = globalThis.window;
27
37
  if (w && w.__SECURENOW__ && k in w.__SECURENOW__) return String(w.__SECURENOW__[k]);
28
38
  return undefined;
29
39
  }
30
40
 
31
- function parseHeaders(str?: string) {
32
- const out: Record<string, string> = {};
41
+ function parseHeaders(str) {
42
+ const out = {};
33
43
  if (!str) return out;
34
44
  String(str).split(',').forEach(raw => {
35
45
  const s = raw.trim();
@@ -63,7 +73,7 @@ const noUuid =
63
73
  : !!baseName;
64
74
  const strict = String(env('SECURENOW_STRICT')) === '1' || String(env('SECURENOW_STRICT')).toLowerCase() === 'true';
65
75
 
66
- function uuidv4(): string {
76
+ function uuidv4() {
67
77
  if (typeof crypto !== 'undefined' && crypto.randomUUID) {
68
78
  return crypto.randomUUID();
69
79
  }
@@ -79,7 +89,7 @@ function uuidv4(): string {
79
89
  return `${hex.slice(0,8)}-${hex.slice(8,12)}-${hex.slice(12,16)}-${hex.slice(16,20)}-${hex.slice(20)}`;
80
90
  }
81
91
 
82
- let serviceName: string;
92
+ let serviceName;
83
93
  let disabled = false;
84
94
  if (baseName) {
85
95
  serviceName = noUuid ? baseName : `${baseName}-${uuidv4()}`;
@@ -125,15 +135,15 @@ export function startSecurenowWeb() {
125
135
  });
126
136
 
127
137
  const provider = new WebTracerProvider({
128
- resource: new Resource({
138
+ resource: createResource({
129
139
  [S.SERVICE_NAME]: serviceName,
130
140
  [S.SERVICE_INSTANCE_ID]: serviceInstanceId,
131
141
  [S.DEPLOYMENT_ENVIRONMENT]: viteEnv.MODE || 'production',
132
142
  [S.SERVICE_VERSION]: viteEnv.VITE_APP_VERSION || undefined,
133
143
  }),
144
+ spanProcessors: [new BatchSpanProcessor(exporter)],
134
145
  });
135
146
 
136
- provider.addSpanProcessor(new BatchSpanProcessor(exporter));
137
147
  provider.register();
138
148
 
139
149
  registerInstrumentations({
@@ -163,13 +173,13 @@ export function startSecurenowWeb() {
163
173
  }
164
174
 
165
175
  // ---- Free trial banner (browser DOM injection) ----
166
- function injectFreeTrialBanner(): void {
176
+ function injectFreeTrialBanner() {
167
177
  const FREETRIAL_HOST = 'freetrial.securenow.ai';
168
178
  const hideBanner = String(env('SECURENOW_HIDE_BANNER')) === '1';
169
179
  if (hideBanner || !endpointBase.includes(FREETRIAL_HOST)) return;
170
180
  if (typeof document === 'undefined') return;
171
181
 
172
- function create(): void {
182
+ function create() {
173
183
  if (document.getElementById('sn-ft-banner')) return;
174
184
 
175
185
  const d = document.createElement('div');
@@ -240,7 +250,7 @@ function injectFreeTrialBanner(): void {
240
250
  try {
241
251
  startSecurenowWeb();
242
252
  injectFreeTrialBanner();
243
- } catch (e: any) {
253
+ } catch (e) {
244
254
  console.error('[securenow/web-vite] failed to start:', e);
245
255
  }
246
256