fix: failing appsec tests after iitm bump to v2.0.0

[pabloerhard]

What does this PR do?

This PR aims to fix appsec tests failing after bumping iitm to version 2.0.0

Motivation

iitm version 2.0.0 includes changes that include files being rewritten from CommonJS to ESM, which caused the conditions in the isEsmConfigured function to fail. This happened because the files are no longer keys in the require.cache. This PR adds the flag --import dd-trace/initialize.mjs as an early return statement to bypass the issues caused by the iitm change.

Plugin Checklist

• Unit tests.
• Integration tests.
• Benchmarks.
• TypeScript definitions.
• TypeScript tests.
• API documentation.
• CI jobs/workflows.

Additional Notes

[github-actions]

Overall package size

Self size: 4.35 MB
Deduped: 5.18 MB
No deduping: 5.18 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | import-in-the-middle | 2.0.0 | 68.46 kB | 797.03 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.78%. Comparing base (b08f6e9) to head (67ffe04).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6935      +/-   ##
==========================================
+ Coverage   84.77%   84.78%   +0.01%     
==========================================
  Files         521      521              
  Lines       22157    22155       -2     
==========================================
+ Hits        18784    18785       +1     
+ Misses       3373     3370       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-12-17 23:05:52

Comparing candidate commit 67ffe04 in PR branch pabloerhard/iitm-appsec-fix with baseline commit b08f6e9 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 288 metrics, 32 unstable metrics.

[BridgeAR]

LGTM with the import being more general. The other part is optional.

[pabloerhard]

I added dd-trace/initialize.mjs and dd-trace/register.js as flags to consider when checking whether ESM is configured, since these are the options provided in Datadog’s documentation. ESM does not directly expose the module cache, so a direct alternative to require.cache does not currently exist. I added this general comment so we can further discuss any other options or concerns, as the two open comments relate to this change.
@bengl @BridgeAR @uurien

[BridgeAR]

LGTM % @uurien 's comment. It would remove the overhead of checking for that more than once (which will not show up anywhere, but it is still nice).

[BridgeAR]

LGTM with the debug log removed

Comments addressed