npm - securenow - Versions diffs - 8.0.2 → 8.1.0 - Mend

securenow 8.0.2 → 8.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/mcp/catalog.js CHANGED Viewed

@@ -18,7 +18,7 @@ Primary goals:
 Safety rules:
 - Do not print full API keys, JWTs, tokens, or local SecureNow credential files (.securenow/admin.json, .securenow/runtime.json, legacy .securenow/credentials.json, or .securenow/credentials.*.json). Mask secrets.
-- Do not commit secrets. Ignore only local SecureNow credential files (.securenow/admin.json, .securenow/runtime.json, .securenow/credentials.json, and .securenow/credentials.*.json); keep the .securenow/ directory itself trackable for repo-owned docs/templates.
+- Keep local SecureNow credential files secret (.securenow/admin.json, .securenow/runtime.json, legacy .securenow/credentials.json, and .securenow/credentials.*.json). Do not print them; mask secrets in summaries.
 - Do not manually browse to a SecureNow auth URL. Always start auth with npx securenow login so the CLI generates the required callback and state.
 - If the browser says "Missing callback parameter", you opened the wrong URL: rerun npx securenow login from the project root.
 - Do not skip login, app selection, firewall connection, or verification unless I explicitly say to.

package/nextjs.js CHANGED Viewed

@@ -31,12 +31,12 @@
  */
 const { randomUUID } = require('crypto');
-const { defaultMetricsExporterToNone } = require('./otel-defaults');
+const { nodeSdkDefaultTelemetryOptions } = require('./otel-defaults');
 const appConfig = require('./app-config');
 const { resolveClientIpWithDetails } = require('./resolve-ip');
 const otelResources = require('@opentelemetry/resources');
-defaultMetricsExporterToNone();
+const nodeSdkTelemetryOptions = nodeSdkDefaultTelemetryOptions();
 let isRegistered = false;
@@ -477,6 +477,7 @@ function registerSecureNow(options = {}) {
       });
       const sdk = new NodeSDK({
+        ...nodeSdkTelemetryOptions,
         serviceName: serviceName,
         traceExporter: traceExporter,
         instrumentations: [httpInstrumentation],

package/nuxt-server-plugin.mjs CHANGED Viewed

@@ -20,8 +20,8 @@ import { randomUUID } from 'node:crypto';
 const nodeRequire = createRequire(import.meta.url);
 const appConfig = nodeRequire('./app-config');
 const { resolveClientIpWithDetails } = nodeRequire('./resolve-ip');
-const { defaultMetricsExporterToNone } = nodeRequire('./otel-defaults');
-defaultMetricsExporterToNone();
+const { nodeSdkDefaultTelemetryOptions } = nodeRequire('./otel-defaults');
+const nodeSdkTelemetryOptions = nodeSdkDefaultTelemetryOptions();
 const { NodeSDK } = nodeRequire('@opentelemetry/sdk-node');
 const { OTLPTraceExporter } = nodeRequire('@opentelemetry/exporter-trace-otlp-http');
@@ -219,6 +219,7 @@ export default defineNitroPlugin(async (nitroApp) => {
   const traceExporter = new OTLPTraceExporter({ url: tracesUrl, headers });
   const sdk = new NodeSDK({
+    ...nodeSdkTelemetryOptions,
     traceExporter,
     resource,
     instrumentations: [httpInstrumentation],

package/otel-defaults.js CHANGED Viewed

@@ -1,11 +1,39 @@
 'use strict';
+function isUnset(value) {
+  return value == null || String(value).trim() === '';
+}
+function listIncludes(value, needle) {
+  return String(value || '')
+    .split(',')
+    .map((part) => part.trim().toLowerCase())
+    .includes(needle);
+}
 function defaultMetricsExporterToNone(env = process.env) {
   if (!env) return false;
   const current = env.OTEL_METRICS_EXPORTER;
-  if (current != null && String(current).trim() !== '') return false;
+  if (!isUnset(current)) return false;
   env.OTEL_METRICS_EXPORTER = 'none';
   return true;
 }
-module.exports = { defaultMetricsExporterToNone };
+function nodeSdkDefaultTelemetryOptions(env = process.env) {
+  const options = {};
+  defaultMetricsExporterToNone(env);
+  if (listIncludes(env?.OTEL_METRICS_EXPORTER, 'none')) {
+    options.metricReaders = [];
+  }
+  // SecureNow installs its own log exporter. Without this, sdk-node falls back
+  // to the upstream OTEL_LOGS_EXPORTER default and tries localhost:4318.
+  if (env && isUnset(env.OTEL_LOGS_EXPORTER)) {
+    options.logRecordProcessors = [];
+  }
+  return options;
+}
+module.exports = { defaultMetricsExporterToNone, nodeSdkDefaultTelemetryOptions };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "securenow",
-  "version": "8.0.2",
+  "version": "8.1.0",
   "description": "OpenTelemetry instrumentation for Node.js, Next.js, and Nuxt - Send traces and logs to any OTLP-compatible backend",
   "type": "commonjs",
   "main": "register.js",

package/tracing.js CHANGED Viewed

@@ -14,8 +14,8 @@
  *   Production should mount/copy tokenless runtime credentials to the same path.
  */
-const { defaultMetricsExporterToNone } = require('./otel-defaults');
-defaultMetricsExporterToNone();
+const { nodeSdkDefaultTelemetryOptions } = require('./otel-defaults');
+const nodeSdkTelemetryOptions = nodeSdkDefaultTelemetryOptions();
 const { diag, DiagConsoleLogger, DiagLogLevel, context, trace } = require('@opentelemetry/api');
 const { NodeSDK } = require('@opentelemetry/sdk-node');
@@ -654,6 +654,7 @@ process.on('unhandledRejection', (reason) => {
 // -------- SDK --------
 const traceExporter = new OTLPTraceExporter({ url: tracesUrl, headers });
 const sdk = new NodeSDK({
+  ...nodeSdkTelemetryOptions,
   traceExporter,
   instrumentations: [
     httpInstrumentation,