Node.js - 2.12

Extension ID

com.castsoftware.nodejs

What’s new?

Please see Node.js - 2.12 - Release Notes for more information.

Description

This extension provides support for Node.js. Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engineexternal link. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient.

CAST recommends using this extension with HTML5 and JavaScript ≥ 2.2.5 for the best results.

In what situation should you install this extension?

Regarding Front-End to Back-End connections, we do support the following cross-technology stacks:

iOS Front-End connected to Node.js/PostgreSQL Back-end iOS Front-End connected to Node.js/MSSQL Back-end AngularJS Front-End connected to Node.js/MongoDB_ Back-end

If your Web application contains Node.js source code, and you want to view these object types and their links with other objects, then you should install this extension:

  • creates a Node.js application object when an instance has been found
  • creates Node.js operations which represent entry-points of web services
  • Node.js operations are called from client applications, using jQuery Ajax for example. Supported client frameworks are:

Supported Node.js versions

Version Support Comment
v0.x No longer supported
v4.x LTS
v5.x Based on Javascript ES6
v6.x Based on Javascript ES6
v7.x Based on Javascript ES6
v8.x
v9.x
v10.x
v11.x
v12.x
v13.x
v14.x
v15.x
v16.x
v17.x
v18.x
v19.x
v20.x

Node.js Ecosystem

Node.js comes with numerous libraries and frameworks bringing data access, web services calls, microservices architectures. This list contains all supported libraries:

Library Comment Data Access Web Service Messaging Cloud code execution Remote Process Call
AWS.DynamoDB Amazon database access
AWS.S3 Amazon storage service
AWS.SQS Amazon messaging service
AWS Lambda Cloud code execution
aws-amplify A library for AWS
Axios HTTP request client
Azure blobs Azure storage service
Azure Service Bus Azure Queue Service
Azure Event Hubs Azure Queue Service
Azure Function Cloud code execution
Cosmos DB Microsoft Azure NoSQL Database solution
Couchdb Couchdb access
Couchdb-nano Couchdb access
cross-fetch Fetch API for Node
elasticsearch Open-source search engine
EventSource A library for the EventSource client
Express Node.js application framework
falcor A library for data fetching
fetch Fetch API for Node
GCP Bigtable GCP database access
GCP Cloud Storage GCP storage service
GCP Pub/Sub GCP messaging service
got HTTP request client
g-RPC Remote Process Call service
Hapi Node.js application framework
isomorphic-fetch Fetch API for Node
Knex Node.js SQL query builder
Koa Node.js application framework
Loopback Node.js application framework
Marklogic Marklogic access
Memcached Storage framework
Mongodb (node-mongodb-native) MongoDB access
Mongo-client MongoDB access
Mongoose MongoDB access
MQTT Messaging library
mssql MsSQL access
my_connection MySQL access
mysql2 MySQL2 access
Node-couchdb Couchdb access
oracledb Oracle Database access
pg PostgreSQL access
prisma MsSQL, MySQL, PostgreSQL, MongoDB accesses
redis Redis access
request HTTP request client
request-promise HTTP request client
request-promise-native HTTP request client
request-promise-any HTTP request client
Sails Node.js application framework
Seneca Microservice toolkit
sequelize Postgres, MySQL, SQLite, MsSQL, Oracle accesses
sqlite3 SQLite3 access
superagent HTTP request client
tedious Tedious access
WebSocket WebSocket request
whatwg-fetch Fetch API for Node
WLResourceRequest Client Security API
wretch A wrapper built around fetch API
XMLHttpRequest A wrapper for HTTP request client

Function Point, Quality and Sizing support

This extension provides the following support:

  • Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
  • Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points (transactions) Quality and Sizing

Comparison with existing support for JavaScript

CAST AIP has provided support for analyzing JavaScript via its JEE and .NET analyzers (provided out of box in CAST AIP) for some time now. The HTML5/JavaScript extension (on which the Node.js extension depends) also provides support for JavaScript but with a focus on web applications. CAST highly recommends that you use this extension if your Application contains JavaScript and more specifically if you want to analyze a web application, however you should take note of the following:

  • You should ensure that you configure the extension to NOT analyze the back end web client part of a .NET or JEE application.
  • You should ensure that you configure the extension to ONLY analyze the front end web application built with the HTML5/JavaScript that communicates with the back end web client part of a .NET or JEE application.
  • If the back end web client part of a .NET or JEE application is analyzed with the Node.js extension and with the native .NET/JEE analyzers, then your results will reflect this - there will be duplicate objects and links (i.e. from the analyzer and from the extension) therefore impacting results and creating erroneous Function Point data.

In CAST AIP ≥ 8.3.x support for analyzing JavaScript has been withdrawn from the JEE and .NET analyzers.

Compatibility

Release Operating System Supported
v3/8.4.x Microsoft Windows / Linux
v2/8.3.x Microsoft Windows

Dependencies with other extensions

Some CAST extensions require the presence of other CAST extensions in order to function correctly. The Node.js extension requires that the following other CAST extensions are also installed:

Note that when using the CAST Extension Downloader to download the extension and the Manage Extensions interface in CAST Server Manager to install the extension, any dependent extensions are automatically downloaded and installed for you. You do not need to do anything.

Download and installation instructions

The extension will be automatically downloaded and installed in CAST Console. You can manage the extension using the Application - Extensions interface:

Analysis with CAST Imaging Console

CAST Imaging Console exposes the technology configuration options once a version has been accepted/imported, or an analysis has been run. Click Universal Technology (3) in the Config (1) > Analysis (2) tab to display the available options for your Node.js source code:

Then choose the relevant Analysis Unit (1) to view the configuration:

Analysis warning and error messages

Message ID Message Type Logged during Impact Remediation Action
NODEJS-001 Warning Analysis An internal issue occurred when parsing a statement in a file. A part of a file was badly analyzed. Contactexternal link CAST Technical Support

What results can you expect?

Node.js source code will be categorised in CAST Dashboards as “HTML5/JavaScript”.

Once the analysis/snapshot generation has completed, you can view the results in the normal manner (for example via CAST Enlighten):

Node.js application with MongoDB data storage exposing web services

Detailed analysis results per framework

See below for more details about how the extension handles each supported framework: Results.

Objects

The following specific objects are displayed in CAST Enlighten:

Icon Description
NodeJS Application
NodeJS Port
NodeJS Delete Operation
NodeJS Get Operation
NodeJS Post Operation
NodeJS Put Operation
NodeJS Service
NodeJS Call to gRPC service method
NodeJS gRPC service method
NodeJS Express Controller
NodeJS Get Http Request Service
NodeJS Post Http Request Service
NodeJS Put Http Request Service
NodeJS Delete Http Request Service
NodeJS Unknown Database
NodeJS Collection
NodeJS Memcached Connection
NodeJS Memcached Value
NodeJS Call to Java Program
NodeJS Call to Generic Program
NodeJS Restify Get Operation
NodeJS Restify Post Operation
NodeJS Restify Put Operation
NodeJS Restify Delete Operation
NodeJS AWS SQS Publisher
NodeJS AWS SNS Publisher
NodeJS Azure Service Bus Publisher
NodeJS Azure Event Hub Publisher
NodeJS GCP Pub/Sub Publisher
NodeJS AWS SQS Receiver
NodeJS AWS SNS Subscriber
NodeJS Azure Service Bus Receiver
NodeJS Azure Event Hub Receiver
NodeJS GCP Pub/Sub Receiver
NodeJS AWS SQS Unknown Publisher
NodeJS AWS SNS Unknown Publisher
NodeJS Azure Unknown Service Bus Publisher
NodeJS Azure Unknown Event Hub Publisher
NodeJS GCP Unknown Pub/Sub Publisher
NodeJS AWS SQS Unknown Receiver
NodeJS AWS SNS Unknown Subscriber
NodeJS Azure Unknown Service Bus Receiver
NodeJS Azure Unknown Event Hub Receiver
NodeJS GCP Unknown Pub/Sub Receiver
NodeJS GCP Pub/Sub Subscription
NodeJS Azure Function
NodeJS Call to Azure Function
NodeJS Call to Unknown Azure Function
NodeJS AWS call to Lambda Function
NodeJS AWS call to unknown Lambda Function
NodeJS SignalR Hub Method
NodeJS SignalR Call to Hub Method
NodeJS SignalR Call to Unknown Hub Method
NodeJS S3 Bucket
NodeJS Azure Blob Container
NodeJS GCP Cloud Storage Bucket
NodeJS S3 Unknown Bucket
NodeJS Azure Unknown Blob Container
NodeJS GCP Unknown Cloud Storage Bucket
NodeJS CosmosDB Collection
NodeJS AWS DynamoDB Table
NodeJS Elasticsearch Index
NodeJS GCP Bigtable table
NodeJS Marklogic collection
NodeJS Redis Collection
NodeJS CosmosDB Unknown Collection
NodeJS Elasticsearch Unknown Index
NodeJS GCP Unknown Bigtable table
NodeJS Unknown Database Table
NodeJS SQL Query
NodeJS MongoDB collection
NodeJS MongoDB connection
NodeJS Unknown MongoDB collection
NodeJS Unknown MongoDB connection
Prisma Configuration
NodeJS Entity
NodeJS Entity Operation

Behaviour is different depending on the version of CAST AIP you are using the extension with:

  • From 7.3.6, SQL queries are sent to the external links exactly like standard CAST AIP analyzers.
  • From 7.3.4 and before 7.3.6, a degraded mode takes place: The Node.js extension analyzes the FROM clause to retrieve table names, then sends the table names only to external links.
  • For all other versions, if no links are found via external links and the com.castsoftware.nodejs.missingtable extension is installed, unresolved objects are created (with type CAST_NodeJS_Unknown_Database_Table).

Data sensitivity

This extension is capable of setting a property on NoSQL collection and Cloud File storage objects for the following:

  • custom sensitivity
  • GDPR
  • PCI-DSS

See Data Sensitivity for more information.

Structural Rules

The following structural rules are provided:

Release Link
2.12.0-beta2 https://technologies.castsoftware.com/rules?sec=srs_nodejs&ref=||2.12.0-beta2external link
2.12.0-beta1 https://technologies.castsoftware.com/rules?sec=srs_nodejs&ref=||2.12.0-beta1external link

Known Limitations

In this section we list the most significant functional limitations that may affect the analysis of applications using Node.js: