Node.js agent

The Contrast Node agent analyzes the behavior of Node.js web applications using established techniques, such as source-to-source compilation, to add Contrast sensors to an application prior to execution.

The Contrast Node.js agent follows semantic versioning (major.minor.patch).

There are two primary source code transformations that the Contrast Node.js agent employs to monitor the behavior of your application:

  • Function hooks take over the execution of a given function like, child_process.exec, to collect data about its arguments and its return value, and send this data to the parts of the agent responsible for analysis. As a result, the agent enables certain functions to be self reporting.

  • AST transformation is the process by which the agent creates an abstract syntax tree of a body of code, manipulates the tree and then creates new source code based on this syntax tree. The agent goes through this process to handle scenarios in which function hooks won't work. For example, rewrites allow Contrast to add operator overloading to JavaScript so that it can properly track the flow of untrusted data.

As a next step, you can: