feat: add a demo server that triggers a vuln method

README.md

@@ -1 +1,14 @@
 # Snyk Nodejs Runtime Agent 
+
+Use this package as a library in your application to monitor your dependencies and learn how the dependencies' vulnerable methods are being invoked in your deployments.
+
+# Howto
+```js
+require('@snyk/nodejs-agent')({
+  url: 'https://homebase.snyk.io/api/v1/beacon',
+  projectId: `your project ID from snyk.io`,
+});
+```
+
+# Demo
+`npm start` to bring up an http server that invokes a vulnerable method on every request.

demo/index.js

@@ -0,0 +1,20 @@
+// load the agent from the local project and start it
+require('../lib')({
+  url: 'http://localhost:8000/api/v1/beacon',
+  projectId: 'A3B8ADA9-B726-41E9-BC6B-5169F7F89A0C',
+  debug: true,
+});
+
+// create a server with a known vulnerability
+const http = require('http');
+const st = require('st');
+const PORT = process.env.PORT || 3000;
+
+
+http.createServer(
+  st({
+    path: __dirname + '/static',
+    url: '/',
+    cors: true
+  })
+).listen(PORT, () => console.log(`Demo server started, hit http://localhost:${PORT}/hello.txt to try it`));

demo/static/hello.txt

@@ -0,0 +1,6 @@
+Hello there!
+
+You've just triggered a vulnerable method in `st`, congratulations!
+
+This event is being recorded and will be sent to the homebase service shortly.
+Refresh this page to trigger the event once again.

package.json

@@ -6,18 +6,20 @@
     "type": "git",
     "url": "https://github.com/snyk/nodejs-agent"
   },
-  "main": "lib/index.js",
+  "main": "demo/index.js",
   "directories": {
     "test": "test"
   },
   "scripts": {
+    "start": "node .",
     "test": "npm run lint && tap ./test/*.test.js -R spec",
     "lint": "eslint -c .eslintrc lib"
   },
   "author": "snyk.io",
   "license": "private",
   "devDependencies": {
     "eslint": "^4.19.1",
+    "st": "^0.1.0",
     "tap": "^12.0.1",
     "sinon": "^6.1.5"
   },