Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/xushiwei/appdash
Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin.
Appdash allows you to trace the end-to-end handling of requests and operations in your application (for perf and debugging). It displays timings and application-specific metadata for each step, and it displays a tree and timeline for each request and its children.
To use appdash, you must instrument your application with calls to an appdash recorder. You can record any type of event or operation. Recorders and schemas for HTTP (client and server) and SQL are provided, and you can write your own.
To install appdash, run:
go get -u sourcegraph.com/sourcegraph/appdash/cmd/...
A standalone example using Negroni and Gorilla packages is available in the examples/cmd/webapp
folder.
A demo / pure net/http
application (which is slightly more verbose) is also available at cmd/appdash/example_app.go
, and it can be ran easily using appdash demo
on the command line.
Questions or comments? Join us on Slack!
Appdash uses vfsgen to package HTML templates with the appdash binary for
distribution. This means that if you want to modify the template data in traceapp/tmpl
you can first build using the dev
build tag, which makes the template data be reloaded from disk live.
After you're finished making changes to the templates, always run go generate sourcegraph.com/sourcegraph/appdash/traceapp/tmpl
so that the data_vfsdata.go
file is updated for normal Appdash users that aren't interested in modifying the template data.
Appdash follows the design and naming conventions of Google's Dapper. You should read that paper if you are curious about why certain architectural choices were made.
There are 4 main components/concepts in appdash:
Appdash has clients available for Go, Python (see python/
subdir) and Ruby (see https://github.com/bsm/appdash-rb).
Appdash supports the OpenTracing API. Please see the
opentracing
subdir for the Go implementation, or see the GoDoc
for API documentation.
appdash was influenced by, and uses code from, Coda Hale's lunk.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.