add soap support (#85)

davydova-oleksandra · A3a3e1 · web-flow · commit d2f9c05f85cb · 2026-02-27T12:35:46.000+02:00
* add soap support

* fix

* readme

* soap 5.0.2

* remove dev

* fix vuln

---------

Co-authored-by: Pavlo Voropaiev &lt;pavel.voropaiev@elastic.io&gt;
diff --git a/.nsprc b/.nsprc
@@ -10,5 +10,21 @@
   "GHSA-6rw7-vpxm-498p": {
     "active": true,
     "notes": "qs vulnerability in request (via co-request). This is a transitive dependency. The deprecated 'request' library is used by co-request. Waiting on upstream libraries to upgrade."
+  },
+  "GHSA-43fc-jf86-j433": {
+    "active": true,
+    "notes": "Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig. This is a transitive dependency. Waiting on upstream libraries to upgrade."
+  },
+    "GHSA-3ppc-4f35-3m26": {
+    "active": true,
+    "notes": "minimatch ReDoS via repeated wildcards. minimatch is only used with static, developer-defined glob patterns in this project; no user input is passed as patterns. Waiting on upstream libraries to upgrade."
+  },
+  "GHSA-7r86-cg39-jmmj": {
+    "active": true,
+    "notes": "minimatch ReDoS via multiple non-adjacent GLOBSTAR segments. minimatch is only used with static, developer-defined glob patterns in this project; no user input is passed as patterns. Waiting on upstream libraries to upgrade."
+  },
+  "GHSA-23c5-xmqv-rm74": {
+    "active": true,
+    "notes": "minimatch ReDoS via nested extglobs. minimatch is only used with static, developer-defined glob patterns in this project; no user input is passed as patterns. Waiting on upstream libraries to upgrade."
   }
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## 1.2.15 (February 27, 2026)
+
+* Add `strong-soap` v5.0.7 lib support
+
 ## 1.2.14 (February 04, 2026)
 
 * Update Sailor version to 2.7.8
diff --git a/README.md b/README.md
@@ -34,6 +34,7 @@ Built-in Node.js global objects are also supported.
 ### Other Libraries/functions
 - `wait(numberOfMilliscondsToSleep)` - Utility function for sleeping
 - [`request`](https://github.com/request/request) - Http Client (wrapped in `co` - [this library](https://www.npmjs.com/package/co-request) so that it is pre-promisified)
+- [`strong-soap`](https://github.com/loopbackio/strong-soap) - SOAP client for invoking web services
 - `_` - [Lodash](https://lodash.com/)
 
 ## Code component usage Examples
@@ -91,6 +92,42 @@ async function run(msg, cfg, snapshot) {
 }
 ```
 
+### Calling a SOAP web service with strong-soap
+
+The Code component exposes the [`strong-soap`](https://github.com/loopbackio/strong-soap) client as `soap`. You can call SOAP operations using async/await. Create the client with a small promise wrapper, then invoke methods (they return promises).
+
+**Basic SOAP call (WSDL URL and operation args from incoming message):**
+
+```JavaScript
+function createSoapClient(wsdlUrl, options = {}) {
+  return new Promise((resolve, reject) => {
+    soap.createClient(wsdlUrl, options, (err, client) => {
+      if (err) reject(err);
+      else resolve(client);
+    });
+  });
+}
+
+async function run(msg, cfg, snapshot) {
+  const { wsdlUrl, operation, args } = msg.body;
+  const client = await createSoapClient(wsdlUrl);
+  const { result } = await client[operation](args || {});
+  await this.emit('data', { body: result });
+}
+```
+
+**Calling a specific service and port:**
+
+If the WSDL defines multiple services or ports, use the `ServiceName.PortName.MethodName` form (use the same `createSoapClient` helper as in the examples above):
+
+```JavaScript
+async function run(msg, cfg, snapshot) {
+  const client = await createSoapClient(msg.body.wsdlUrl);
+  const { result } = await client.MyService.MyPort.MyFunction({ name: msg.body.inputName });
+  await this.emit('data', { body: result });
+}
+```
+
 ## Known issues and limitations
 
  - Credentials are not supported
diff --git a/actions/code.js b/actions/code.js
@@ -3,6 +3,7 @@ const _ = require('lodash');
 const vm = require('vm');
 const co = require('co');
 const request = require('co-request');
+const { soap } = require('strong-soap');
 
 function wait(timeout) {
   return new Promise((ok) => {
@@ -46,6 +47,7 @@ exports.process = async function (msg, conf, snapshot) {
     // Other Libraries
     _,
     request,
+    soap,
     wait: wait.bind(this),
   });
   this.logger.debug('Running the code...');
diff --git a/component.json b/component.json
@@ -1,6 +1,6 @@
 {
     "title": "Node.js Code",
-    "version": "1.2.14",
+    "version": "1.2.15",
     "description": "You can write your own code and deploy it as part of integration process.",
     "docsUrl": "http://go2.elastic.io/code-component",
     "fields": {
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"title": "Node.js Code",`
`3`		`- "version": "1.2.14",`
	`3`	`+ "version": "1.2.15",`
`4`	`4`	`"description": "You can write your own code and deploy it as part of integration process.",`
`5`	`5`	`"docsUrl": "http://go2.elastic.io/code-component",`
`6`	`6`	`"fields": {`