Question
- How does the Node agent find the package.json?
- How does the Node agent detect the app root?
Answer
This question revolves around the following error found in the agent logs:
error: 2024-01-09T15:23:43.110Z 1 contrast:contrast-init - Unable to find application's package.json.. Continuing without instrumentation.
error: 2024-01-09T15:23:43.111Z 1 contrast:contrast-init - Unexpected error while trying to start contrast. Continuing without instrumentation. Error: Unable to find application's package.json.
The agent only looks at agent.node.app_root
to find the package.json
, which defaults to reading ./package.json
relative to process.cwd()
(the directory where the node executable is run).
Example using OWASP Juice Shop:
We clone the juice-shop project and cd
into juice-shop
.
The package.json
file of interest is in the root directory. The Node agent will find the correct package.json
if the application is started from the root directory.
juice-shop on master [!?] via v18.16.1
❯ node -r @contrast/agent build/app
If the same command is run in the build
folder, the agent will not find the package.json
and print the above error messages because the correct package.json
is in the app root.
juice-shop/build on master [!?] via v18.16.1 took 4s
❯ node -r @contrast/agent app
When working with the agent operator or when the node executable is run in a different directory than the application's root, it is best to set agent.node.app_root: /path/to/app_root
.
YAML example:
agent:
node:
app_root: /path/to/app_root
Env var:
CONTRAST__AGENT__NODE__APP_ROOT=/path/to/app_root