Question
- How does the Node agent find the package.json?
- How does the Node agent detect the app root?
Answer
This question revolves around the following error found in the agent logs:
error: 2024-01-09T15:23:43.110Z 1 contrast:contrast-init - Unable to find application's package.json.. Continuing without instrumentation.
error: 2024-01-09T15:23:43.111Z 1 contrast:contrast-init - Unexpected error while trying to start contrast. Continuing without instrumentation. Error: Unable to find application's package.json.
The agent only looks at agent.node.app_root to find the package.json, which defaults to reading ./package.json relative to process.cwd() (the directory where the node executable is run).
Example using OWASP Juice Shop:
We clone the juice-shop project and cd into juice-shop.
The package.json file of interest is in the root directory. The Node agent will find the correct package.json if the application is started from the root directory.
juice-shop on master [!?] via v18.16.1
❯ node -r @contrast/agent build/app
If the same command is run in the build folder, the agent will not find the package.json and print the above error messages because the correct package.json is in the app root.
juice-shop/build on master [!?] via v18.16.1 took 4s
❯ node -r @contrast/agent app
When working with the agent operator or when the node executable is run in a different directory than the application's root, it is best to set agent.node.app_root: /path/to/app_root.
YAML example:
agent:
node:
app_root: /path/to/app_root
Env var:
CONTRAST__AGENT__NODE__APP_ROOT=/path/to/app_root