Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
@amplitude/session-replay-browser
Advanced tools
Official Session Replay SDK
This package is published on NPM registry and is available to be installed using npm and yarn.
# npm
npm install @amplitude/session-replay-browser
# yarn
yarn add @amplitude/session-replay-browser
This SDK provides access to the Amplitude Session Replay product.
This plugin requires that default tracking for sessions is enabled. If default tracking for sessions is not enabled in the config, the plugin will automatically enable it.
@amplitude/session-replay-browser
import * as sessionReplay from '@amplitude/session-replay-browser';
The SDK must be configured via the following code. This call kicks off collection of replays for the user.
sessionReplay.init(API_KEY, {
deviceId: DEVICE_ID,
sessionId: SESSION_ID,
sampleRate: 0.5,
});
Any event that occurs within the span of a session replay must be tagged with properties that signal to Amplitude to include it in the scope of the replay. The following shows an example of how to use the properties
const sessionReplayProperties = sessionReplay.getSessionReplayProperties();
track(EVENT_NAME, {
...eventProperties,
...sessionReplayProperties
})
Any time that the session id for the user changes, the session replay SDK must be notified of that change. Update the session id via the following method:
sessionReplay.setSessionId(UNIX_TIMESTAMP)
You can optionally pass a new device id as a second argument as well:
sessionReplay.setSessionId(UNIX_TIMESTAMP, deviceId)
If at any point you would like to discontinue collection of session replays, for example in a part of your application where you would not like sessions to be collected, you can use the following method to stop collection and remove collection event listeners.
sessionReplay.shutdown()
Name | Type | Required | Default | Description |
---|---|---|---|---|
deviceId | string | Yes | undefined | Sets an identifier for the device running your application. |
sessionId | number | Yes | undefined | Sets an identifier for the users current session. The value must be in milliseconds since epoch (Unix Timestamp). |
sampleRate | number | No | 0 | Use this option to control how many sessions will be selected for replay collection. A selected session will be collected for replay, while sessions that are not selected will not. The number should be a decimal between 0 and 1, ie 0.01 , representing the fraction of sessions you would like to have randomly selected for replay collection. Over a large number of sessions, 0.01 would select 1% of those sessions. |
optOut | boolean | No | false | Sets permission to collect replays for sessions. Setting a value of true prevents Amplitude from collecting session replays. |
flushMaxRetries | number | No | 5 | Sets the maximum number of retries for failed upload attempts. This is only applicable to retryable errors. |
logLevel | number | No | LogLevel.Warn | LogLevel.None or LogLevel.Error or LogLevel.Warn or LogLevel.Verbose or LogLevel.Debug . Sets the log level. |
loggerProvider | Logger | No | Logger | Sets a custom loggerProvider class from the Logger to emit log messages to desired destination. |
serverZone | string | No | US | EU or US. Sets the Amplitude server zone. Set this to EU for Amplitude projects created in EU data center. |
privacyConfig | object | No | undefined | Supports advanced masking configs with CSS selectors. |
debugMode | boolean | No | false | Adds additional debug event property to help debug instrumentation issues (such as mismatching apps). Only recommended for debugging initial setup, and not recommended for production. |
By default, the session replay will mask all inputs, meaning the text in inputs will appear in a session replay as asterisks: ***
. You may require more specific masking controls based on your use case, so we offer the following controls:
In your application code, add the class .amp-unmask
to any input whose text you'd like to have unmasked in the replay. In the session replay, it will be possible to read the exact text entered into an input with this class, the text will not be converted to asterisks.
In your application code, add the class .amp-mask
to any non-input element whose text you'd like to have masked from the replay. The text in the element, as well as it's children, will all be converted to asterisks.
In your application code, add the class .amp-block
to any element you would like to have blocked from the collection of the replay. The element will appear in the replay as a placeholder with the same dimensions.
In the SDK initialization code, you can configure the SDK to block elements based on CSS selectors.
sessionReplay.init(AMPLITUDE_API_KEY, {
sampleRate: 0.01,
privacyConfig: {
blockSelector: ['.ignoreClass', '#ignoreId']
}
})
FAQs
<b
The npm package @amplitude/session-replay-browser receives a total of 71,170 weekly downloads. As such, @amplitude/session-replay-browser popularity was classified as popular.
We found that @amplitude/session-replay-browser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.