Security News
JavaScript Leaders Demand Oracle Release the JavaScript Trademark
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
@contrast/agent
Advanced tools
This package will enable instrumentation of your Node.js application for security anaylsis and runtime protection by ContrastSecurity.com.
Unlike legacy application security testing solutions, Contrast produces accurate results without dependence on application security experts. Accuracy comes from Contrast's patented Deep Security Instrumentation technology, which integrates the most effective elements of Interactive (IAST), Static (SAST), and Dynamic (DAST) application security testing technology, software composition analysis (SCA), and configuration analysis, and delivers them directly to applications.
Contrast produces a continuous stream of accurate vulnerability and compliance risk information whenever and wherever software is run. Development, QA and Security teams get results as they develop and test software, enabling them to find and fix security flaws early in the software lifecycle, when they are easiest and cheapest to remediate.
Existing Contrast Node.js agent users should install and update the Contrast Node.js agent from npm. Auto-update for the Node.js agent is no longer supported. The Contrast Node.js agent follows semantic versioning (major.minor.patch).
An API key, provided by Contrast Security, is required for the agent to function.
Ensure you have installed the latest LTS (Long Term Support) version of Node.js
To install from npm using the command line (run from the app root directory):
$ npm install @contrast/agent
Usage: node -r @contrast/agent app-main.js [agent arguments] -- [app arguments]
Options:
-h, --help output usage information
-V, --version output the version number
-c, --config <path> path to agent config file
The agent expects that the contrast_security.yaml
configuration file exists in the application's root directory (where the package.json
file usually resides). The minimum required contrast_security.yaml
setup should look something like this:
api:
url: https://app.contrastsecurity.com
user_name: contrast_user
api_key: demo
service_key: demo
Property | Description |
---|---|
api.api_key | Organization's API key |
api.user_name | Contrast user account ID (In most cases, this is your login ID) |
api.service_key | Contrast user account service key |
api.url | Address of the Contrast installation you would like your agent to report to |
For detailed installation and configuration instructions, see the Node.js Agent documentation.
FAQs
Assess and Protect agents for Node.js
The npm package @contrast/agent receives a total of 29,266 weekly downloads. As such, @contrast/agent popularity was classified as popular.
We found that @contrast/agent demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.
Security News
Floating dependency ranges in npm can introduce instability and security risks into your project by allowing unverified or incompatible versions to be installed automatically, leading to unpredictable behavior and potential conflicts.