@datadog/native-iast-rewriter - npm Package Compare versions

Comparing version 2.5.0 to 2.6.0

wasm/snippets/nati...riter-7af3479270ba33a1/tracer_logger.js

+'use strict'
+
+let defaultLogger = console || {}
+function setLogger (logger) {
+  if (logger) {
+    defaultLogger = logger
+  }
+}
+
+function log (level, msg) {
+  const logFn = defaultLogger[level.toLowerCase()]
+  if (logFn) {
+    logFn(msg)
+  }
+}
+
+module.exports = {
+  setLogger,
+  log
+}

package.json

 {
   "name": "@datadog/native-iast-rewriter",
   "homepage": "https://github.com/DataDog/dd-native-iast-rewriter-js/blob/main/README.md",
-  "version": "2.5.0",
+  "version": "2.6.0",
   "description": "Datadog IAST instrumentation addon for NodeJS",
@@ -6,0 +6,0 @@ "main": "main.js",

wasm/wasm_iast_rewriter.js

 let imports = {};
 imports['__wbindgen_placeholder__'] = module.exports;
 let wasm;
-const { log, setLogger } = require(String.raw`./snippets/native-iast-rewriter-f4dc3bdb6c615ad0/tracer_logger.js`);
+const { log, setLogger } = require(String.raw`./snippets/native-iast-rewriter-7af3479270ba33a1/tracer_logger.js`);
 const { readFileSync } = require(`fs`);
 const { dirname } = require(`path`);
-const { TextDecoder, TextEncoder } = require(`util`);
+const { TextEncoder, TextDecoder } = require(`util`);
 
-let cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
-
-cachedTextDecoder.decode();
-
-let cachedUint8Memory0 = null;
-
-function getUint8Memory0() {
-    if (cachedUint8Memory0 === null || cachedUint8Memory0.byteLength === 0) {
-        cachedUint8Memory0 = new Uint8Array(wasm.memory.buffer);
-    }
-    return cachedUint8Memory0;
-}
-
-function getStringFromWasm0(ptr, len) {
-    ptr = ptr >>> 0;
-    return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
-}
-
 const heap = new Array(128).fill(undefined);
@@ -31,15 +13,6 @@
 
+function getObject(idx) { return heap[idx]; }
+
 let heap_next = heap.length;
 
-function addHeapObject(obj) {
-    if (heap_next === heap.length) heap.push(heap.length + 1);
-    const idx = heap_next;
-    heap_next = heap[idx];
-
-    heap[idx] = obj;
-    return idx;
-}
-
-function getObject(idx) { return heap[idx]; }
-
 function dropObject(idx) {
@@ -59,2 +32,11 @@ if (idx < 132) return;
 
+let cachedUint8Memory0 = null;
+
+function getUint8Memory0() {
+    if (cachedUint8Memory0 === null || cachedUint8Memory0.byteLength === 0) {
+        cachedUint8Memory0 = new Uint8Array(wasm.memory.buffer);
+    }
+    return cachedUint8Memory0;
+}
+
 let cachedTextEncoder = new TextEncoder('utf-8');
@@ -127,2 +109,20 @@
 
+let cachedTextDecoder = new TextDecoder('utf-8', { ignoreBOM: true, fatal: true });
+
+cachedTextDecoder.decode();
+
+function getStringFromWasm0(ptr, len) {
+    ptr = ptr >>> 0;
+    return cachedTextDecoder.decode(getUint8Memory0().subarray(ptr, ptr + len));
+}
+
+function addHeapObject(obj) {
+    if (heap_next === heap.length) heap.push(heap.length + 1);
+    const idx = heap_next;
+    heap_next = heap[idx];
+
+    heap[idx] = obj;
+    return idx;
+}
+
 let cachedFloat64Memory0 = null;
@@ -314,17 +314,2 @@
 
-module.exports.__wbindgen_error_new = function(arg0, arg1) {
-    const ret = new Error(getStringFromWasm0(arg0, arg1));
-    return addHeapObject(ret);
-};
-
-module.exports.__wbindgen_string_new = function(arg0, arg1) {
-    const ret = getStringFromWasm0(arg0, arg1);
-    return addHeapObject(ret);
-};
-
-module.exports.__wbg_log_221f5576ef3c7ecd = function() { return handleError(function (arg0, arg1) {
-    const ret = log(getObject(arg0), getObject(arg1));
-    return addHeapObject(ret);
-}, arguments) };
-
 module.exports.__wbindgen_object_drop_ref = function(arg0) {
@@ -334,13 +319,2 @@ takeObject(arg0);
 
-module.exports.__wbg_setLogger_eea32cb765a7f794 = function() { return handleError(function (arg0) {
-    const ret = setLogger(getObject(arg0));
-    return addHeapObject(ret);
-}, arguments) };
-
-module.exports.__wbindgen_boolean_get = function(arg0) {
-    const v = getObject(arg0);
-    const ret = typeof(v) === 'boolean' ? (v ? 1 : 0) : 2;
-    return ret;
-};
-
 module.exports.__wbindgen_string_get = function(arg0, arg1) {
@@ -355,2 +329,8 @@ const obj = getObject(arg1);
 
+module.exports.__wbindgen_boolean_get = function(arg0) {
+    const v = getObject(arg0);
+    const ret = typeof(v) === 'boolean' ? (v ? 1 : 0) : 2;
+    return ret;
+};
+
 module.exports.__wbindgen_is_object = function(arg0) {
@@ -372,3 +352,23 @@ const val = getObject(arg0);
 
-module.exports.__wbg_readFileSync_2fbfb5c08caf9f03 = function() { return handleError(function (arg0, arg1) {
+module.exports.__wbindgen_error_new = function(arg0, arg1) {
+    const ret = new Error(getStringFromWasm0(arg0, arg1));
+    return addHeapObject(ret);
+};
+
+module.exports.__wbindgen_is_string = function(arg0) {
+    const ret = typeof(getObject(arg0)) === 'string';
+    return ret;
+};
+
+module.exports.__wbindgen_string_new = function(arg0, arg1) {
+    const ret = getStringFromWasm0(arg0, arg1);
+    return addHeapObject(ret);
+};
+
+module.exports.__wbg_log_0af2b4c5b5342a4e = function() { return handleError(function (arg0, arg1) {
+    const ret = log(getObject(arg0), getObject(arg1));
+    return addHeapObject(ret);
+}, arguments) };
+
+module.exports.__wbg_readFileSync_eac8c8314c32adf3 = function() { return handleError(function (arg0, arg1) {
     const ret = readFileSync(getStringFromWasm0(arg0, arg1));
@@ -378,3 +378,3 @@ return addHeapObject(ret);
 
-module.exports.__wbg_dirname_d9315d222a1c06c9 = function() { return handleError(function (arg0, arg1) {
+module.exports.__wbg_dirname_bb427dbb1fcaf956 = function() { return handleError(function (arg0, arg1) {
     const ret = dirname(getStringFromWasm0(arg0, arg1));
@@ -384,6 +384,6 @@ return addHeapObject(ret);
 
-module.exports.__wbindgen_is_string = function(arg0) {
-    const ret = typeof(getObject(arg0)) === 'string';
-    return ret;
-};
+module.exports.__wbg_setLogger_5084749410ea9861 = function() { return handleError(function (arg0) {
+    const ret = setLogger(getObject(arg0));
+    return addHeapObject(ret);
+}, arguments) };
 
@@ -390,0 +390,0 @@ module.exports.__wbindgen_jsval_loose_eq = function(arg0, arg1) {

wasm/snippets/nati...riter-f4dc3bdb6c615ad0/tracer_logger.js

-'use strict'
-
-let defaultLogger = console || {}
-function setLogger (logger) {
-  if (logger) {
-    defaultLogger = logger
-  }
-}
-
-function log (level, msg) {
-  const logFn = defaultLogger[level.toLowerCase()]
-  if (logFn) {
-    logFn(msg)
-  }
-}
-
-module.exports = {
-  setLogger,
-  log
-}

New alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Fixed alerts

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Dynamic require

Supply chain risk

Dynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Long strings

Supply chain risk

Contains long string literals, which may be a sign of obfuscated or packed code.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

2576914

2.8%

Worsened metrics

Number of low supply chain risk alerts

7

16.67%

No dependency changes