Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@achingbrain/appmetrics-dash
Advanced tools
Embedded monitoring dashboard for Node.js applications - published to work around npm/npm#20795 until RuntimeTools/appmetrics-dash#165 is released
Node Application Metrics Dashboard (appmetrics-dash) provides a very easy-to-use web based dashboard to show the performance metrics of your running Node.js application.
If you want to add the dashboard to all HTTP servers created by your application then simply add:
// Before all other 'require' statements:
require('appmetrics-dash').attach();
to the very top of your main JavaScript source file.
Alternatively, to use preloading:
$ node --require appmetrics-dash/attach app.js
or in Node.js from versions 8.0.0 and 6.12.0 onwards, use the NODE_OPTIONS environment variable:
$ export NODE_OPTIONS="--require appmetrics-dash/attach"
If you want to add the dashboard to one specific HTTP server then use:
var dash = require('appmetrics-dash');
// Other 'require' statements here
// Create HTTP server 'myHttpServer' here
dash.monitor({server: myHttpServer});
If you are not creating an HTTP server then use:
// Before all other 'require' statements:
require('appmetrics-dash').monitor();
or run your program with
$ node --require appmetrics-dash/monitor app.js
or via the NODE_OPTIONS environment variable:
$ export NODE_OPTIONS="--require appmetrics-dash/monitor"
This creates a new server for the dashboard on port 3001 by default. The path defaults to /appmetrics-dash
.
E.g. http://localhost:3001/appmetrics-dash
The data available on the dashboard is as follows:
As well as displaying data, it also provides the ability to generate both Node Report and Heap Snapshots directly from the dashboard. The Node Report will display in a new tab in the browser whilst the Heap Snapshot will be written to disk for loading into the Chrome DevTools for analysis. These can both be triggered from the options menu in the top left of the screen
The dashboard uses Node Application Metrics to monitor the application.
npm install appmetrics-dash
Our testing has shown that the performance overhead in terms of processing is minimal, adding less than 0.5 % to the CPU usage of your application. The additional memory required is around 30 MB to gather information about your system and application which is then visualized in the dashboard.
We gathered this information by monitoring the sample application Acme Air. We used MongoDB as our datastore and used JMeter to drive load though the program. We have performed this testing with Node.js version 6.10.3
dash.monitor()
.Auto-attach to all http
servers created after this call, calling dash.monitor(options)
for every server.
Simple example using attach
var dash = require('appmetrics-dash');
dash.attach();
var http = require('http');
const port = 3000;
const requestHandler = (request, response) => {
response.end('Hello')
}
const server = http.createServer(requestHandler);
server.listen(port, (err) => {
if (err) {
return console.log('An error occurred', err)
}
console.log(`Server is listening on ${port}`)
});
'/appmetrics-dash'
.console.log()
and console.error()
. Optional, defaults to the global
console
object.http
server to serve the
dashboard from. Optional, default is to create a server (see port
and
host
).server
option is used.server
option is used.require('appmetrics')
can be
injected if the application wants to use appmetrics, since it is a singleton
module and only one can be present in an application. Optional, defaults to
the appmetrics dependency of this module.require('node-report')
can be
injected if the application wants to use node-report, since it is a singleton
module and only one can be present in an application. Optional, defaults to
the node-report dependency of this module.
The ability to generate reports can be disabled by setting this to null
or
undefined
.We welcome contributions. Please see CONTRIBUTING.md for details about the contributor licence agreement and other information. If you want to do anything more involved than a bug fix or a minor enhancement then we would recommend discussing it in an issue first before doing the work to make sure that it's likely to be accepted. We're also keen to improve test coverage and may not accept new code unless there are accompanying tests.
This module adopts the Module Long Term Support (LTS) policy, with the following End Of Life (EOL) dates:
Module Version | Release Date | Minimum EOL | EOL With | Status |
---|---|---|---|---|
V4.x.x | Jun 2018 | Dec 2019 | Current |
The Node Application Metrics Dashboard is licensed using an Apache v2.0 License.
FAQs
Embedded monitoring dashboard for Node.js applications - published to work around npm/npm#20795 until RuntimeTools/appmetrics-dash#165 is released
We found that @achingbrain/appmetrics-dash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.