Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@airbrake/node
Advanced tools
The official Airbrake notifier for capturing JavaScript errors in Node.js and reporting them to Airbrake. If you're looking for browser support, there is a separate package.
Using yarn:
yarn add @airbrake/node
Using npm:
npm install @airbrake/node
First, initialize the notifier with the project ID and project key taken from
Airbrake. To find your project_id
and project_key
navigate to your project's Settings and copy the values from the right
sidebar:
const { Notifier } = require('@airbrake/node');
const airbrake = new Notifier({
projectId: 1,
projectKey: 'REPLACE_ME',
environment: 'production',
});
Then, you can send a textual message to Airbrake:
let promise = airbrake.notify(`user id=${user_id} not found`);
promise.then((notice) => {
if (notice.id) {
console.log('notice id', notice.id);
} else {
console.log('notify failed', notice.error);
}
});
or report errors directly:
try {
throw new Error('Hello from Airbrake!');
} catch(err) {
airbrake.notify(err);
}
Alternatively, you can wrap any code which may throw errors using the wrap
method:
let startApp = () => {
throw new Error('Hello from Airbrake!');
};
startApp = airbrake.wrap(startApp);
// Any exceptions thrown in startApp will be reported to Airbrake.
startApp();
or use the call
shortcut:
let startApp = () => {
throw new Error('Hello from Airbrake!');
};
airbrake.call(startApp);
It's possible to annotate error notices with all sorts of useful information at the time they're captured by supplying it in the object being reported.
try {
startApp();
} catch(err) {
airbrake.notify({
error: err,
context: { component: 'bootstrap' },
environment: { env1: 'value' },
params: { param1: 'value' },
session: { session1: 'value' },
});
}
Severity allows
categorizing how severe an error is. By default, it's set to error
. To
redefine severity, simply overwrite context/severity
of a notice object:
airbrake.notify({
error: err,
context: { severity: 'warning' }
});
There may be some errors thrown in your application that you're not interested in sending to Airbrake, such as errors thrown by 3rd-party libraries.
The Airbrake notifier makes it simple to ignore this chaff while still
processing legitimate errors. Add filters to the notifier by providing filter
functions to addFilter
.
addFilter
accepts the entire
error notice to be sent to
Airbrake and provides access to the context
, environment
, params
,
and session
properties. It also includes the single-element errors
array
with its backtrace
property and associated backtrace lines.
The return value of the filter function determines whether or not the error notice will be submitted.
null
is returned, the notice is ignored.An error notice must pass all provided filters to be submitted.
In the following example all errors triggered by admins will be ignored:
airbrake.addFilter((notice) => {
if (notice.params.admin) {
// Ignore errors from admin sessions.
return null;
}
return notice;
});
Filters can be also used to modify notice payload, e.g. to set the environment and application version:
airbrake.addFilter((notice) => {
notice.context.environment = 'production';
notice.context.version = '1.2.3';
return notice;
});
With the keysBlocklist
option, you can specify a list of keys containing
sensitive information that must be filtered out:
const airbrake = new Notifier({
// ...
keysBlocklist: [
'password', // exact match
/secret/, // regexp match
],
});
To use the request HTTP client, pass
the request
option which accepts a request wrapper:
const airbrake = new Notifier({
// ...
request: request.defaults({'proxy':'http://localproxy.com'})
});
@airbrake/node
attempts to automatically instrument various performance
metrics. You can disable that behavior using the performanceStats
option:
const airbrake = new Notifier({
// ...
performanceStats: false
});
addPerformanceFilter
allows for filtering performance data. Return null
in
the filter to prevent that metric from being reported to Airbrake.
airbrake.addPerformanceFilter((metric) => {
if (metric.route === '/foo') {
// Requests to '/foo' will not be reported
return null;
}
return metric;
});
[2.0.0] (February 18, 2021)
ignoreWindowError
option
(#929)keysBlacklist
option
(#930)remoteConfigHost
option. This option
configures the host that the notifier fetch remote configuration from.
(#940)apmHost
option. This option configures the
host that the notifier should send APM events to.
(#940)errorNotifications
option. This options
configures ability to send errors
(#940)remoteConfig
option. This option configures
the remote configuration feature
(#940)FAQs
Official Airbrake notifier for Node.js
The npm package @airbrake/node receives a total of 13,052 weekly downloads. As such, @airbrake/node popularity was classified as popular.
We found that @airbrake/node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.