undici 7.14.0 → 7.15.0

package/lib/web/fetch/util.js

@@ -11,20 +11,6 @@ const assert = require('node:assert')
 const { isUint8Array } = require('node:util/types')
 const { webidl } = require('../webidl')
 
-let supportedHashes = []
-
-// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
-/** @type {import('crypto')} */
-let crypto
-try {
-  crypto = require('node:crypto')
-  const possibleRelevantHashes = ['sha256', 'sha384', 'sha512']
-  supportedHashes = crypto.getHashes().filter((hash) => possibleRelevantHashes.includes(hash))
-/* c8 ignore next 3 */
-} catch {
-
-}
-
 function responseURL (response) {
   // https://fetch.spec.whatwg.org/#responses
   // A response has an associated URL. It is a pointer to the last URL
@@ -698,206 +684,6 @@ function isURLPotentiallyTrustworthy (url) {
   return isOriginPotentiallyTrustworthy(url.origin)
 }
 
-/**
- * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist
- * @param {Uint8Array} bytes
- * @param {string} metadataList
- */
-function bytesMatch (bytes, metadataList) {
-  // If node is not built with OpenSSL support, we cannot check
-  // a request's integrity, so allow it by default (the spec will
-  // allow requests if an invalid hash is given, as precedence).
-  /* istanbul ignore if: only if node is built with --without-ssl */
-  if (crypto === undefined) {
-    return true
-  }
-
-  // 1. Let parsedMetadata be the result of parsing metadataList.
-  const parsedMetadata = parseMetadata(metadataList)
-
-  // 2. If parsedMetadata is no metadata, return true.
-  if (parsedMetadata === 'no metadata') {
-    return true
-  }
-
-  // 3. If response is not eligible for integrity validation, return false.
-  // TODO
-
-  // 4. If parsedMetadata is the empty set, return true.
-  if (parsedMetadata.length === 0) {
-    return true
-  }
-
-  // 5. Let metadata be the result of getting the strongest
-  //    metadata from parsedMetadata.
-  const strongest = getStrongestMetadata(parsedMetadata)
-  const metadata = filterMetadataListByAlgorithm(parsedMetadata, strongest)
-
-  // 6. For each item in metadata:
-  for (const item of metadata) {
-    // 1. Let algorithm be the alg component of item.
-    const algorithm = item.algo
-
-    // 2. Let expectedValue be the val component of item.
-    const expectedValue = item.hash
-
-    // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
-    // "be liberal with padding". This is annoying, and it's not even in the spec.
-
-    // 3. Let actualValue be the result of applying algorithm to bytes.
-    let actualValue = crypto.createHash(algorithm).update(bytes).digest('base64')
-
-    if (actualValue[actualValue.length - 1] === '=') {
-      if (actualValue[actualValue.length - 2] === '=') {
-        actualValue = actualValue.slice(0, -2)
-      } else {
-        actualValue = actualValue.slice(0, -1)
-      }
-    }
-
-    // 4. If actualValue is a case-sensitive match for expectedValue,
-    //    return true.
-    if (compareBase64Mixed(actualValue, expectedValue)) {
-      return true
-    }
-  }
-
-  // 7. Return false.
-  return false
-}
-
-// https://w3c.github.io/webappsec-subresource-integrity/#grammardef-hash-with-options
-// https://www.w3.org/TR/CSP2/#source-list-syntax
-// https://www.rfc-editor.org/rfc/rfc5234#appendix-B.1
-const parseHashWithOptions = /(?<algo>sha256|sha384|sha512)-((?<hash>[A-Za-z0-9+/]+|[A-Za-z0-9_-]+)={0,2}(?:\s|$)( +[!-~]*)?)?/i
-
-/**
- * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
- * @param {string} metadata
- */
-function parseMetadata (metadata) {
-  // 1. Let result be the empty set.
-  /** @type {{ algo: string, hash: string }[]} */
-  const result = []
-
-  // 2. Let empty be equal to true.
-  let empty = true
-
-  // 3. For each token returned by splitting metadata on spaces:
-  for (const token of metadata.split(' ')) {
-    // 1. Set empty to false.
-    empty = false
-
-    // 2. Parse token as a hash-with-options.
-    const parsedToken = parseHashWithOptions.exec(token)
-
-    // 3. If token does not parse, continue to the next token.
-    if (
-      parsedToken === null ||
-      parsedToken.groups === undefined ||
-      parsedToken.groups.algo === undefined
-    ) {
-      // Note: Chromium blocks the request at this point, but Firefox
-      // gives a warning that an invalid integrity was given. The
-      // correct behavior is to ignore these, and subsequently not
-      // check the integrity of the resource.
-      continue
-    }
-
-    // 4. Let algorithm be the hash-algo component of token.
-    const algorithm = parsedToken.groups.algo.toLowerCase()
-
-    // 5. If algorithm is a hash function recognized by the user
-    //    agent, add the parsed token to result.
-    if (supportedHashes.includes(algorithm)) {
-      result.push(parsedToken.groups)
-    }
-  }
-
-  // 4. Return no metadata if empty is true, otherwise return result.
-  if (empty === true) {
-    return 'no metadata'
-  }
-
-  return result
-}
-
-/**
- * @param {{ algo: 'sha256' | 'sha384' | 'sha512' }[]} metadataList
- */
-function getStrongestMetadata (metadataList) {
-  // Let algorithm be the algo component of the first item in metadataList.
-  // Can be sha256
-  let algorithm = metadataList[0].algo
-  // If the algorithm is sha512, then it is the strongest
-  // and we can return immediately
-  if (algorithm[3] === '5') {
-    return algorithm
-  }
-
-  for (let i = 1; i < metadataList.length; ++i) {
-    const metadata = metadataList[i]
-    // If the algorithm is sha512, then it is the strongest
-    // and we can break the loop immediately
-    if (metadata.algo[3] === '5') {
-      algorithm = 'sha512'
-      break
-    // If the algorithm is sha384, then a potential sha256 or sha384 is ignored
-    } else if (algorithm[3] === '3') {
-      continue
-    // algorithm is sha256, check if algorithm is sha384 and if so, set it as
-    // the strongest
-    } else if (metadata.algo[3] === '3') {
-      algorithm = 'sha384'
-    }
-  }
-  return algorithm
-}
-
-function filterMetadataListByAlgorithm (metadataList, algorithm) {
-  if (metadataList.length === 1) {
-    return metadataList
-  }
-
-  let pos = 0
-  for (let i = 0; i < metadataList.length; ++i) {
-    if (metadataList[i].algo === algorithm) {
-      metadataList[pos++] = metadataList[i]
-    }
-  }
-
-  metadataList.length = pos
-
-  return metadataList
-}
-
-/**
- * Compares two base64 strings, allowing for base64url
- * in the second string.
- *
-* @param {string} actualValue always base64
- * @param {string} expectedValue base64 or base64url
- * @returns {boolean}
- */
-function compareBase64Mixed (actualValue, expectedValue) {
-  if (actualValue.length !== expectedValue.length) {
-    return false
-  }
-  for (let i = 0; i < actualValue.length; ++i) {
-    if (actualValue[i] !== expectedValue[i]) {
-      if (
-        (actualValue[i] === '+' && expectedValue[i] === '-') ||
-        (actualValue[i] === '/' && expectedValue[i] === '_')
-      ) {
-        continue
-      }
-      return false
-    }
-  }
-
-  return true
-}
-
 // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
 function tryUpgradeRequestToAPotentiallyTrustworthyURL (request) {
   // TODO
@@ -1761,7 +1547,6 @@ module.exports = {
   isValidHeaderValue,
   isErrorLike,
   fullyReadBody,
-  bytesMatch,
   readableStreamClose,
   isomorphicEncode,
   urlIsLocal,
@@ -1770,7 +1555,6 @@ module.exports = {
   readAllBytes,
   simpleRangeHeaderValue,
   buildContentRange,
-  parseMetadata,
   createInflate,
   extractMimeType,
   getDecodeSplit,

package/lib/web/subresource-integrity/Readme.md

@@ -0,0 +1,9 @@
+# Subresource Integrity
+
+based on Editor’s Draft, 12 June 2025
+
+This module provides support for Subresource Integrity (SRI) in the context of web fetch operations. SRI is a security feature that allows clients to verify that fetched resources are delivered without unexpected manipulation.
+
+## Links
+
+- [Subresource Integrity](https://w3c.github.io/webappsec-subresource-integrity/)

package/lib/web/subresource-integrity/subresource-integrity.js

@@ -0,0 +1,306 @@
+'use strict'
+
+const assert = require('node:assert')
+
+/**
+ * @typedef {object} Metadata
+ * @property {SRIHashAlgorithm} alg - The algorithm used for the hash.
+ * @property {string} val - The base64-encoded hash value.
+ */
+
+/**
+ * @typedef {Metadata[]} MetadataList
+ */
+
+/**
+ * @typedef {('sha256' | 'sha384' | 'sha512')} SRIHashAlgorithm
+ */
+
+/**
+ * @type {Map<SRIHashAlgorithm, number>}
+ *
+ * The valid SRI hash algorithm token set is the ordered set « "sha256",
+ * "sha384", "sha512" » (corresponding to SHA-256, SHA-384, and SHA-512
+ * respectively). The ordering of this set is meaningful, with stronger
+ * algorithms appearing later in the set.
+ *
+ * @see https://w3c.github.io/webappsec-subresource-integrity/#valid-sri-hash-algorithm-token-set
+ */
+const validSRIHashAlgorithmTokenSet = new Map([['sha256', 0], ['sha384', 1], ['sha512', 2]])
+
+// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
+/** @type {import('crypto')} */
+let crypto
+try {
+  crypto = require('node:crypto')
+  const cryptoHashes = crypto.getHashes()
+
+  // If no hashes are available, we cannot support SRI.
+  if (cryptoHashes.length === 0) {
+    validSRIHashAlgorithmTokenSet.clear()
+  }
+
+  for (const algorithm of validSRIHashAlgorithmTokenSet.keys()) {
+    // If the algorithm is not supported, remove it from the list.
+    if (cryptoHashes.includes(algorithm) === false) {
+      validSRIHashAlgorithmTokenSet.delete(algorithm)
+    }
+  }
+  /* c8 ignore next 4 */
+} catch {
+  // If crypto is not available, we cannot support SRI.
+  validSRIHashAlgorithmTokenSet.clear()
+}
+
+/**
+ * @typedef GetSRIHashAlgorithmIndex
+ * @type {(algorithm: SRIHashAlgorithm) => number}
+ * @param {SRIHashAlgorithm} algorithm
+ * @returns {number} The index of the algorithm in the valid SRI hash algorithm
+ * token set.
+ */
+
+const getSRIHashAlgorithmIndex = /** @type {GetSRIHashAlgorithmIndex} */ (Map.prototype.get.bind(
+  validSRIHashAlgorithmTokenSet))
+
+/**
+ * @typedef IsValidSRIHashAlgorithm
+ * @type {(algorithm: string) => algorithm is SRIHashAlgorithm}
+ * @param {*} algorithm
+ * @returns {algorithm is SRIHashAlgorithm}
+ */
+
+const isValidSRIHashAlgorithm = /** @type {IsValidSRIHashAlgorithm} */ (
+  Map.prototype.has.bind(validSRIHashAlgorithmTokenSet)
+)
+
+/**
+ * @param {Uint8Array} bytes
+ * @param {string} metadataList
+ * @returns {boolean}
+ *
+ * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist
+ */
+const bytesMatch = crypto === undefined || validSRIHashAlgorithmTokenSet.size === 0
+  // If node is not built with OpenSSL support, we cannot check
+  // a request's integrity, so allow it by default (the spec will
+  // allow requests if an invalid hash is given, as precedence).
+  ? () => true
+  : (bytes, metadataList) => {
+    // 1. Let parsedMetadata be the result of parsing metadataList.
+      const parsedMetadata = parseMetadata(metadataList)
+
+      // 2. If parsedMetadata is empty set, return true.
+      if (parsedMetadata.length === 0) {
+        return true
+      }
+
+      // 3. Let metadata be the result of getting the strongest
+      //    metadata from parsedMetadata.
+      const metadata = getStrongestMetadata(parsedMetadata)
+
+      // 4. For each item in metadata:
+      for (const item of metadata) {
+      // 1. Let algorithm be the item["alg"].
+        const algorithm = item.alg
+
+        // 2. Let expectedValue be the item["val"].
+        const expectedValue = item.val
+
+        // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
+        // "be liberal with padding". This is annoying, and it's not even in the spec.
+
+        // 3. Let actualValue be the result of applying algorithm to bytes .
+        const actualValue = applyAlgorithmToBytes(algorithm, bytes)
+
+        // 4. If actualValue is a case-sensitive match for expectedValue,
+        //    return true.
+        if (caseSensitiveMatch(actualValue, expectedValue)) {
+          return true
+        }
+      }
+
+      // 5. Return false.
+      return false
+    }
+
+/**
+ * @param {MetadataList} metadataList
+ * @returns {MetadataList} The strongest hash algorithm from the metadata list.
+ */
+function getStrongestMetadata (metadataList) {
+  // 1. Let result be the empty set and strongest be the empty string.
+  const result = []
+  /** @type {Metadata|null} */
+  let strongest = null
+
+  // 2. For each item in set:
+  for (const item of metadataList) {
+    // 1. Assert: item["alg"] is a valid SRI hash algorithm token.
+    assert(isValidSRIHashAlgorithm(item.alg), 'Invalid SRI hash algorithm token')
+
+    // 2. If result is the empty set, then:
+    if (result.length === 0) {
+      // 1. Append item to result.
+      result.push(item)
+
+      // 2. Set strongest to item.
+      strongest = item
+
+      // 3. Continue.
+      continue
+    }
+
+    // 3. Let currentAlgorithm be strongest["alg"], and currentAlgorithmIndex be
+    // the index of currentAlgorithm in the valid SRI hash algorithm token set.
+    const currentAlgorithm = /** @type {Metadata} */ (strongest).alg
+    const currentAlgorithmIndex = getSRIHashAlgorithmIndex(currentAlgorithm)
+
+    // 4. Let newAlgorithm be the item["alg"], and newAlgorithmIndex be the
+    // index of newAlgorithm in the valid SRI hash algorithm token set.
+    const newAlgorithm = item.alg
+    const newAlgorithmIndex = getSRIHashAlgorithmIndex(newAlgorithm)
+
+    // 5. If newAlgorithmIndex is less than currentAlgorithmIndex, then continue.
+    if (newAlgorithmIndex < currentAlgorithmIndex) {
+      continue
+
+    // 6. Otherwise, if newAlgorithmIndex is greater than
+    // currentAlgorithmIndex:
+    } else if (newAlgorithmIndex > currentAlgorithmIndex) {
+      // 1. Set strongest to item.
+      strongest = item
+
+      // 2. Set result to « item ».
+      result[0] = item
+      result.length = 1
+
+    // 7. Otherwise, newAlgorithmIndex and currentAlgorithmIndex are the same
+    // value. Append item to result.
+    } else {
+      result.push(item)
+    }
+  }
+
+  // 3. Return result.
+  return result
+}
+
+/**
+ * @param {string} metadata
+ * @returns {MetadataList}
+ *
+ * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
+ */
+function parseMetadata (metadata) {
+  // 1. Let result be the empty set.
+  /** @type {MetadataList} */
+  const result = []
+
+  // 2. For each item returned by splitting metadata on spaces:
+  for (const item of metadata.split(' ')) {
+    // 1. Let expression-and-options be the result of splitting item on U+003F (?).
+    const expressionAndOptions = item.split('?', 1)
+
+    // 2. Let algorithm-expression be expression-and-options[0].
+    const algorithmExpression = expressionAndOptions[0]
+
+    // 3. Let base64-value be the empty string.
+    let base64Value = ''
+
+    // 4. Let algorithm-and-value be the result of splitting algorithm-expression on U+002D (-).
+    const algorithmAndValue = [algorithmExpression.slice(0, 6), algorithmExpression.slice(7)]
+
+    // 5. Let algorithm be algorithm-and-value[0].
+    const algorithm = algorithmAndValue[0]
+
+    // 6. If algorithm is not a valid SRI hash algorithm token, then continue.
+    if (!isValidSRIHashAlgorithm(algorithm)) {
+      continue
+    }
+
+    // 7. If algorithm-and-value[1] exists, set base64-value to
+    // algorithm-and-value[1].
+    if (algorithmAndValue[1]) {
+      base64Value = algorithmAndValue[1]
+    }
+
+    // 8. Let metadata be the ordered map
+    // «["alg" → algorithm, "val" → base64-value]».
+    const metadata = {
+      alg: algorithm,
+      val: base64Value
+    }
+
+    // 9. Append metadata to result.
+    result.push(metadata)
+  }
+
+  // 3. Return result.
+  return result
+}
+
+/**
+ * Applies the specified hash algorithm to the given bytes
+ *
+ * @typedef {(algorithm: SRIHashAlgorithm, bytes: Uint8Array) => string} ApplyAlgorithmToBytes
+ * @param {SRIHashAlgorithm} algorithm
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+const applyAlgorithmToBytes = (algorithm, bytes) => {
+  return crypto.hash(algorithm, bytes, 'base64')
+}
+
+/**
+ * Compares two base64 strings, allowing for base64url
+ * in the second string.
+ *
+ * @param {string} actualValue base64 encoded string
+ * @param {string} expectedValue base64 or base64url encoded string
+ * @returns {boolean}
+ */
+function caseSensitiveMatch (actualValue, expectedValue) {
+  // Ignore padding characters from the end of the strings by
+  // decreasing the length by 1 or 2 if the last characters are `=`.
+  let actualValueLength = actualValue.length
+  if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
+    actualValueLength -= 1
+  }
+  if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
+    actualValueLength -= 1
+  }
+  let expectedValueLength = expectedValue.length
+  if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
+    expectedValueLength -= 1
+  }
+  if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
+    expectedValueLength -= 1
+  }
+
+  if (actualValueLength !== expectedValueLength) {
+    return false
+  }
+
+  for (let i = 0; i < actualValueLength; ++i) {
+    if (
+      actualValue[i] === expectedValue[i] ||
+      (actualValue[i] === '+' && expectedValue[i] === '-') ||
+      (actualValue[i] === '/' && expectedValue[i] === '_')
+    ) {
+      continue
+    }
+    return false
+  }
+
+  return true
+}
+
+module.exports = {
+  applyAlgorithmToBytes,
+  bytesMatch,
+  caseSensitiveMatch,
+  isValidSRIHashAlgorithm,
+  getStrongestMetadata,
+  parseMetadata
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "undici",
-  "version": "7.14.0",
+  "version": "7.15.0",
   "description": "An HTTP/1.1 client, written from scratch for Node.js",
   "homepage": "https://undici.nodejs.org",
   "bugs": {
@@ -69,7 +69,7 @@
     "lint:fix": "eslint --fix --cache",
     "test": "npm run test:javascript && cross-env NODE_V8_COVERAGE=  npm run test:typescript",
     "test:javascript": "npm run test:javascript:no-jest && npm run test:jest",
-    "test:javascript:no-jest": "npm run generate-pem && npm run test:unit && npm run test:node-fetch && npm run test:cache && npm run test:cache-interceptor && npm run test:interceptors && npm run test:fetch && npm run test:cookies && npm run test:eventsource && npm run test:wpt && npm run test:websocket && npm run test:node-test && npm run test:cache-tests",
+    "test:javascript:no-jest": "npm run generate-pem && npm run test:unit && npm run test:node-fetch && npm run test:cache && npm run test:cache-interceptor && npm run test:interceptors && npm run test:fetch && npm run test:cookies && npm run test:eventsource && npm run test:subresource-integrity && npm run test:wpt && npm run test:websocket && npm run test:node-test && npm run test:cache-tests",
     "test:javascript:without-intl": "npm run test:javascript:no-jest",
     "test:busboy": "borp -p \"test/busboy/*.js\"",
     "test:cache": "borp -p \"test/cache/*.js\"",
@@ -79,6 +79,7 @@
     "test:eventsource": "npm run build:node && borp --expose-gc -p \"test/eventsource/*.js\"",
     "test:fuzzing": "node test/fuzzing/fuzzing.test.js",
     "test:fetch": "npm run build:node && borp --timeout 180000 --expose-gc --concurrency 1 -p \"test/fetch/*.js\" && npm run test:webidl && npm run test:busboy",
+    "test:subresource-integrity": "borp -p \"test/subresource-integrity/*.js\"",
     "test:h2": "npm run test:h2:core && npm run test:h2:fetch",
     "test:h2:core": "borp -p \"test/+(http2|h2)*.js\"",
     "test:h2:fetch": "npm run build:node && borp -p \"test/fetch/http2*.js\"",
@@ -107,7 +108,7 @@
     "prepare": "husky && node ./scripts/platform-shell.js"
   },
   "devDependencies": {
-    "@fastify/busboy": "3.1.1",
+    "@fastify/busboy": "3.2.0",
     "@matteo.collina/tspl": "^0.2.0",
     "@metcoder95/https-pem": "^1.0.0",
     "@sinonjs/fake-timers": "^12.0.0",

package/types/diagnostics-channel.d.ts

@@ -16,7 +16,6 @@ declare namespace DiagnosticsChannel {
     statusText: string;
     headers: Array<Buffer>;
   }
-  type Error = unknown
   interface ConnectParams {
     host: URL['host'];
     hostname: URL['hostname'];

package/types/interceptors.d.ts

@@ -9,6 +9,10 @@ declare namespace Interceptors {
   export type DumpInterceptorOpts = { maxSize?: number }
   export type RetryInterceptorOpts = RetryHandler.RetryOptions
   export type RedirectInterceptorOpts = { maxRedirections?: number }
+  export type DecompressInterceptorOpts = {
+    skipErrorResponses?: boolean
+    skipStatusCodes?: number[]
+  }
 
   export type ResponseErrorInterceptorOpts = { throwOnError: boolean }
   export type CacheInterceptorOpts = CacheHandler.CacheOptions
@@ -28,6 +32,7 @@ declare namespace Interceptors {
   export function dump (opts?: DumpInterceptorOpts): Dispatcher.DispatcherComposeInterceptor
   export function retry (opts?: RetryInterceptorOpts): Dispatcher.DispatcherComposeInterceptor
   export function redirect (opts?: RedirectInterceptorOpts): Dispatcher.DispatcherComposeInterceptor
+  export function decompress (opts?: DecompressInterceptorOpts): Dispatcher.DispatcherComposeInterceptor
   export function responseError (opts?: ResponseErrorInterceptorOpts): Dispatcher.DispatcherComposeInterceptor
   export function dns (opts?: DNSInterceptorOpts): Dispatcher.DispatcherComposeInterceptor
   export function cache (opts?: CacheInterceptorOpts): Dispatcher.DispatcherComposeInterceptor

package/types/snapshot-agent.d.ts

@@ -18,9 +18,11 @@ declare class SnapshotRecorder {
 }
 
 declare namespace SnapshotRecorder {
+  type SnapshotRecorderMode = 'record' | 'playback' | 'update'
+
   export interface Options {
     snapshotPath?: string
-    mode?: 'record' | 'playback' | 'update'
+    mode?: SnapshotRecorderMode
     maxSnapshots?: number
     autoFlush?: boolean
     flushInterval?: number
@@ -77,7 +79,7 @@ declare class SnapshotAgent extends MockAgent {
   saveSnapshots (filePath?: string): Promise<void>
   loadSnapshots (filePath?: string): Promise<void>
   getRecorder (): SnapshotRecorder
-  getMode (): 'record' | 'playback' | 'update'
+  getMode (): SnapshotRecorder.SnapshotRecorderMode
   clearSnapshots (): void
   resetCallCounts (): void
   deleteSnapshot (requestOpts: any): boolean
@@ -87,7 +89,7 @@ declare class SnapshotAgent extends MockAgent {
 
 declare namespace SnapshotAgent {
   export interface Options extends MockAgent.Options {
-    mode?: 'record' | 'playback' | 'update'
+    mode?: SnapshotRecorder.SnapshotRecorderMode
     snapshotPath?: string
     maxSnapshots?: number
     autoFlush?: boolean