DataDog · juan-fernandez · Nov 3, 2025 · Oct 31, 2025 · Oct 31, 2025 · Oct 31, 2025
@@ -19,7 +19,7 @@ runs:
       if: inputs.cache == 'true' && steps.yarn-cache.outputs.cache-hit == 'true'
       # Retry in case of server error from registry.
       # Wait 60 seconds to give the registry server time to heal.
-    - run: bun install --linker=hoisted --trust || sleep 60 && bun install --linker=hoisted --trust
+    - run: bun install --trust || sleep 60 && bun install --trust
       shell: bash
       env:
         _DD_IGNORE_ENGINES: 'true'

@@ -21,4 +21,4 @@ runs:
         registry-url: ${{ inputs.registry-url || 'https://registry.npmjs.org' }}
     - uses: oven-sh/setup-bun@735343b667d3e6f658f44d0eca948eb6282f2b76 # v2.0.2
       with:
-        bun-version: "1.2.23"
+        bun-version: "1.3.1"
@@ -38,7 +38,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
+      uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
       with:
         languages: ${{ matrix.language }}
         config-file: .github/codeql_config.yml
@@ -48,7 +48,7 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
+      uses: github/codeql-action/autobuild@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@4e94bd11f71e507f7f87df81788dff88d1dacbfb # v3.29.5
+      uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
@@ -413,8 +413,8 @@ jobs:
         with:
           version: ${{ matrix.version }}
       - uses: ./.github/actions/install
-      - run: bun add --linker=hoisted --ignore-scripts mocha@10 # Use older mocha to support old Node.js versions
-      - run: bun add --linker=hoisted --ignore-scripts express@4 # Use older express to support old Node.js versions
+      - run: bun add --ignore-scripts mocha@10 # Use older mocha to support old Node.js versions
+      - run: bun add --ignore-scripts express@4 # Use older express to support old Node.js versions
       - run: node node_modules/.bin/mocha --colors --timeout 30000 integration-tests/init.spec.js
       - uses: DataDog/junit-upload-github-action@762867566348d59ac9bcf479ebb4ec040db8940a  # v2.0.0
         if: always()

@@ -1,5 +1,6 @@
 * @DataDog/dd-trace-js
 
+/integration-tests/appsec/ @DataDog/asm-js
 /packages/dd-trace/src/appsec/ @DataDog/asm-js
 /packages/dd-trace/test/appsec/ @DataDog/asm-js
 

@@ -29,6 +29,7 @@ function detectTestWorkerType () {
   if (getEnvironmentVariable('MOCHA_WORKER_ID')) return 'mocha'
   if (getEnvironmentVariable('DD_PLAYWRIGHT_WORKER')) return 'playwright'
   if (getEnvironmentVariable('TINYPOOL_WORKER_ID')) return 'vitest'
+  if (getEnvironmentVariable('DD_VITEST_WORKER')) return 'vitest'
   return null
 }
 

@@ -2,24 +2,23 @@
 
 const { describe, it, before, after } = require('mocha')
 const path = require('path')
-const { createSandbox, FakeAgent, spawnProc } = require('../helpers')
+const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
 const startApiMock = require('./api-mock')
 const { expect } = require('chai')
 const { executeRequest } = require('./util')
 
 describe('AIGuard SDK integration tests', () => {
-  let sandbox, cwd, appFile, agent, proc, api, url
+  let cwd, appFile, agent, proc, api, url
+
+  useSandbox(['express'])
 
   before(async function () {
-    this.timeout(process.platform === 'win32' ? 90000 : 30000)
-    sandbox = await createSandbox(['express'])
-    cwd = sandbox.folder
+    cwd = sandboxCwd()
     appFile = path.join(cwd, 'aiguard/server.js')
     api = await startApiMock()
   })
 
   after(async () => {
-    await sandbox.remove()
     await api.close()
   })
 

@@ -5,24 +5,22 @@ const path = require('path')
 const Axios = require('axios')
 
 const {
-  createSandbox,
+  sandboxCwd,
+  useSandbox,
   FakeAgent,
   spawnProc
 } = require('../helpers')
 
 describe('ASM Data collection', () => {
-  let axios, sandbox, cwd, appFile, agent, proc
+  let axios, cwd, appFile, agent, proc
+
+  useSandbox(['express'])
 
   before(async () => {
-    sandbox = await createSandbox(['express'])
-    cwd = sandbox.folder
+    cwd = sandboxCwd()
     appFile = path.join(cwd, 'appsec/data-collection/index.js')
   })
 
-  after(async () => {
-    await sandbox.remove()
-  })
-
   function startServer (extendedDataCollection) {
     beforeEach(async () => {
       agent = await new FakeAgent().start()

@@ -1,26 +1,19 @@
 'use strict'
 
 const { expect } = require('chai')
-const { describe, before, after, it } = require('mocha')
+const { describe, before, it } = require('mocha')
 
 const path = require('node:path')
 
-const { createSandbox, FakeAgent, spawnProc } = require('../helpers')
+const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
 
 describe('Endpoints collection', () => {
-  let sandbox, cwd
+  let cwd
 
-  before(async function () {
-    this.timeout(process.platform === 'win32' ? 90000 : 30000)
+  useSandbox(['express', 'fastify'])
 
-    sandbox = await createSandbox(['express', 'fastify'])
-
-    cwd = sandbox.folder
-  })
-
-  after(async function () {
-    this.timeout(60000)
-    await sandbox.remove()
+  before(function () {
+    cwd = sandboxCwd()
   })
 
   function getExpectedEndpoints (framework) {

@@ -6,16 +6,18 @@ const axios = require('axios')
 
 const {
   FakeAgent,
-  createSandbox,
+  sandboxCwd,
+  useSandbox,
   spawnProc
 } = require('../helpers')
 
 describe('graphql', () => {
-  let sandbox, cwd, agent, webFile, proc
+  let cwd, agent, webFile, proc
 
-  before(async function () {
-    sandbox = await createSandbox(['@apollo/server', 'graphql'])
-    cwd = sandbox.folder
+  useSandbox(['@apollo/server', 'graphql'])
+
+  before(function () {
+    cwd = sandboxCwd()
     webFile = path.join(cwd, 'graphql/index.js')
   })
 
@@ -34,10 +36,6 @@ describe('graphql', () => {
     await agent.stop()
   })
 
-  after(async () => {
-    await sandbox.remove()
-  })
-
   it('should not report any attack', async () => {
     const agentPromise = agent.assertMessageReceived(({ headers, payload }) => {
       assert.propertyVal(headers, 'host', `127.0.0.1:${agent.port}`)

@@ -8,18 +8,19 @@ const path = require('path')
 const { promisify } = require('util')
 const msgpack = require('@msgpack/msgpack')
 
-const { createSandbox, FakeAgent, spawnProc } = require('../helpers')
+const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
 
 const exec = promisify(childProcess.exec)
 
 describe('esbuild support for IAST', () => {
   describe('cjs', () => {
-    let proc, agent, sandbox, axios
+    let proc, agent, axios
     let applicationDir, bundledApplicationDir
 
+    useSandbox()
+
     before(async () => {
-      sandbox = await createSandbox([])
-      const cwd = sandbox.folder
+      const cwd = sandboxCwd()
       applicationDir = path.join(cwd, 'appsec/iast-esbuild')
 
       // Craft node_modules directory to ship native modules
@@ -49,10 +50,6 @@ describe('esbuild support for IAST', () => {
       fs.cpSync(path.join(craftedNodeModulesDir, 'node_modules'), bundledApplicationDir, { recursive: true })
     })
 
-    after(async () => {
-      await sandbox.remove()
-    })
-
     function startServer (appFile, iastEnabled) {
       beforeEach(async () => {
         agent = await new FakeAgent().start()

@@ -1,24 +1,20 @@
 'use strict'
 
-const { createSandbox, spawnProc, FakeAgent } = require('../helpers')
+const { sandboxCwd, useSandbox, spawnProc, FakeAgent } = require('../helpers')
 const path = require('path')
 const Axios = require('axios')
 const { assert } = require('chai')
 
 describe('ESM Security controls', () => {
-  let axios, sandbox, cwd, appFile, agent, proc
+  let axios, cwd, appFile, agent, proc
 
   ['4', '5'].forEach(version => {
     describe(`With express v${version}`, () => {
-      before(async function () {
-        this.timeout(process.platform === 'win32' ? 90000 : 30000)
-        sandbox = await createSandbox([`express@${version}`])
-        cwd = sandbox.folder
-        appFile = path.join(cwd, 'appsec', 'esm-security-controls', 'index.mjs')
-      })
+      useSandbox([`express@${version}`])
 
-      after(async function () {
-        await sandbox.remove()
+      before(function () {
+        cwd = sandboxCwd()
+        appFile = path.join(cwd, 'appsec', 'esm-security-controls', 'index.mjs')
       })
 
       const nodeOptions = '--import dd-trace/initialize.mjs'

@@ -1,22 +1,18 @@
 'use strict'
 
-const { createSandbox, spawnProc, FakeAgent } = require('../helpers')
+const { sandboxCwd, useSandbox, spawnProc, FakeAgent } = require('../helpers')
 const path = require('path')
 const Axios = require('axios')
 const { assert } = require('chai')
 
 describe('ESM', () => {
-  let axios, sandbox, cwd, appFile, agent, proc
+  let axios, cwd, appFile, agent, proc
 
-  before(async function () {
-    this.timeout(process.platform === 'win32' ? 90000 : 30000)
-    sandbox = await createSandbox(['express'])
-    cwd = sandbox.folder
-    appFile = path.join(cwd, 'appsec', 'esm-app', 'index.mjs')
-  })
+  useSandbox(['express'])
 
-  after(async function () {
-    await sandbox.remove()
+  before(function () {
+    cwd = sandboxCwd()
+    appFile = path.join(cwd, 'appsec', 'esm-app', 'index.mjs')
   })
 
   const nodeOptionsList = [

@@ -4,23 +4,20 @@ const path = require('path')
 const Axios = require('axios')
 const { assert } = require('chai')
 const msgpack = require('@msgpack/msgpack')
-const { createSandbox, FakeAgent, spawnProc } = require('../helpers')
+const { sandboxCwd, useSandbox, FakeAgent, spawnProc } = require('../helpers')
 
 describe('RASP', () => {
-  let axios, sandbox, cwd, appFile, agent, proc, stdioHandler
+  let axios, cwd, appFile, agent, proc, stdioHandler
 
   function stdOutputHandler (data) {
     stdioHandler && stdioHandler(data)
   }
 
-  before(async () => {
-    sandbox = await createSandbox(['express', 'axios'])
-    cwd = sandbox.folder
-    appFile = path.join(cwd, 'appsec/rasp/index.js')
-  })
+  useSandbox(['express', 'axios'])
 
-  after(async () => {
-    await sandbox.remove()
+  before(() => {
+    cwd = sandboxCwd()
+    appFile = path.join(cwd, 'appsec/rasp/index.js')
   })
 
   function startServer (abortOnUncaughtException, collectRequestBody = false) {

@@ -2,29 +2,27 @@
 
 const axios = require('axios')
 const { assert } = require('chai')
-const { describe, it, beforeEach, afterEach, before, after } = require('mocha')
+const { describe, it, beforeEach, afterEach, before } = require('mocha')
 
 const path = require('node:path')
 
 const {
-  createSandbox,
+  sandboxCwd,
+  useSandbox,
   FakeAgent,
   spawnProc
 } = require('../helpers')
 
 describe('multer', () => {
-  let sandbox, cwd, startupTestFile, agent, proc, env
+  let cwd, startupTestFile, agent, proc, env
 
   ['1.4.4-lts.1', '1.4.5-lts.1'].forEach((version) => {
     describe(`v${version}`, () => {
-      before(async () => {
-        sandbox = await createSandbox(['express', `multer@${version}`])
-        cwd = sandbox.folder
-        startupTestFile = path.join(cwd, 'appsec', 'multer', 'index.js')
-      })
+      useSandbox(['express', `multer@${version}`])
 
-      after(async () => {
-        await sandbox.remove()
+      before(() => {
+        cwd = sandboxCwd()
+        startupTestFile = path.join(cwd, 'appsec', 'multer', 'index.js')
       })
 
       beforeEach(async () => {

@@ -5,22 +5,20 @@ const path = require('path')
 const Axios = require('axios')
 
 const {
-  createSandbox,
+  sandboxCwd,
+  useSandbox,
   FakeAgent,
   spawnProc
 } = require('../helpers')
 
 describe('Headers collection - Fastify', () => {
-  let axios, sandbox, cwd, appFile, agent, proc
+  let axios, cwd, appFile, agent, proc
 
-  before(async () => {
-    sandbox = await createSandbox(['fastify'])
-    cwd = sandbox.folder
-    appFile = path.join(cwd, 'appsec/data-collection/fastify.js')
-  })
+  useSandbox(['fastify'])
 
-  after(async () => {
-    await sandbox.remove()
+  before(() => {
+    cwd = sandboxCwd()
+    appFile = path.join(cwd, 'appsec/data-collection/fastify.js')
   })
 
   beforeEach(async () => {