@contrast/reporter - npm Package Compare versions

Comparing version 1.8.3 to 1.9.0

lib/reporters/file.d.ts

@@ -5,2 +5,3 @@ import { RequestStore } from '@contrast/common';
     private stream;
+    private core;
     constructor(core: Core, name?: string);
@@ -7,0 +8,0 @@ handle(event: string, msg: Record<string, any>): void;

lib/reporters/file.js

@@ -29,2 +29,3 @@ "use strict";
         super(core, name);
+        this.core = core;
         this.stream = new sonic_boom_1.default({
@@ -35,3 +36,5 @@ dest: core.config.agent.reporters.file,
         [
+            common_1.Event.ASSESS_DATAFLOW_FINDING,
             common_1.Event.LIBRARY_USAGE,
+            common_1.Event.LIBRARY,
             common_1.Event.ARCHITECTURE_COMPONENT,
@@ -47,3 +50,19 @@ common_1.Event.ROUTE_COVERAGE_DISCOVERY,
     handle(event, msg) {
-        const jsonStr = (0, safe_stable_stringify_1.default)({ time: Date.now(), pid: process_1.pid, event, ...msg });
+        const data = { time: Date.now(), pid: process_1.pid, event, ...msg };
+        if (process.env.SCREENER_RUN) {
+            const store = this.core.scopes.sources.getStore();
+            let screenerHeader = null;
+            if (store?.protect) {
+                const headers = store.protect.reqData?.headers || [];
+                const idx = headers.indexOf('x-screener-id');
+                screenerHeader = idx ? headers[idx + 1] : null;
+            }
+            else if (store?.assess) {
+                screenerHeader = store.assess.reqData?.headers?.['x-screener-id'] || null;
+            }
+            // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+            // @ts-ignore
+            data.requestId = screenerHeader;
+        }
+        const jsonStr = (0, safe_stable_stringify_1.default)(data);
         this.stream.write(jsonStr + os_1.EOL);
@@ -50,0 +69,0 @@ }

package.json

 {
   "name": "@contrast/reporter",
-  "version": "1.8.3",
+  "version": "1.9.0",
   "description": "Subscribes to agent messages and reports them",
@@ -20,3 +20,3 @@ "license": "SEE LICENSE IN LICENSE",
   "dependencies": {
-    "@contrast/common": "1.3.2",
+    "@contrast/common": "1.4.0",
     "axios": "^0.27.2",
@@ -23,0 +23,0 @@ "hpagent": "^1.2.0",

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

101436

increased by1.55%

Lines of code

1536

increased by1.32%

Worsened metrics

Number of low supply chain risk alerts

2

increased by100%

Dependency changes

• + Added@contrast/common@1.4.0(transitive)

• - Removed@contrast/common@1.3.2(transitive)

• Updated@contrast/common@1.4.0