Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@dollarshaveclub/monitor
Advanced tools
A remote uptime monitoring framework for running monitors as a CRON job
A remote uptime monitoring framework for running monitors as a CRON job.
At Dollar Shave Club, we run some of our monitors using CircleCI 2 Scheduled Workflows. You can see the test/example monitors for this repository running every minute here: https://circleci.com/gh/dollarshaveclub/workflows/monitor/tree/master. See our CircleCI 2 Config.
With this monitoring solution, we were able to:
Some downsides to our CircleCI Scheduled Workflow setup are:
npm install
on every build,
which could be slower than just pulling a Docker container.
However, having a CircleCI UI is preferable.What about features other monitoring solutions provide?
There are two ways to run these monitors.
To run monitors locally:
npx dsc-monitor 'monitors/**/*.js'
Run dsc-monitor --help
for options.
NOTE: this assumes you've installed this library as a local dependency, which is installed as dsc-monitor
.
If you're running the monitors from this repository, use ./bin/run.js
.
If you've npm install --global @dollarshaveclub/monitor
, just run dsc-monitor
.
Copy our Dockerfile Template to your repository, then run:
docker build -t dsc-monitor
docker run -t dsc-monitor 'monitors/**/*.js'
mkdir my-monitors # your repository name
cd my-monitors
npm init
npm i --save @dollarshaveclub/monitor
mkdir monitors
npm run monitors
command:script
to your package.json
: "monitors": "dsc-monitor 'monitors/**/*.js'"
npm run monitors
.circleci/config.yml
and pushMonitor environment variables:
MONITOR_CONCURRENCY=1
- concurrency of monitors running at the same time
concurrency === 1
, results will stream to stdout
concurrency >= 1
, results will be logged one monitor set at a timeMONITOR_SHUFFLE
- whether to shuffle monitors and monitor setsMONITOR_SHUFFLE_MONITOR_SETS
- whether to shuffle monitor setsMONITOR_SHUFFLE_MONITORS
- whether to shuffle monitors within a setAll monitoring sets are defined in monitors/
.
Each set is a module with:
exports.disabled<Boolean> = false
- whether this monitor is disabledexports.id<String> = __filename [optional]
- an ID for your monitor set, defaulting to the filenameexports.slowThreshold<Number|String> = 30s [optional]
- slow threshold for the entire monitor setexports.parallelism<Number> = 1 [optional]
- split this monitor set into shards and run in parallelexports.monitors<Array>
- an array of monitors with the following properties:
id<String> [required]
- the ID of the monitorparameters<Object> [optional]
- parameters to send to the monitor function and for data purposesmonitor<Function>(monitorConfig, monitorSetConfig, { attempt, log }) [required]
- the monitor function, which is passed this monitor object as well as exports
monitorConfig
- this monitor
objectmonitorSetConfig
- this exports
objectattempt = 0
- the attempt # for this monitorlog(str)
- a function to log in a nicely-formatted waytimeout<Number|String> = '5s' [optional]
- timeout for the monitor before it's considered a failureslowThreshold<Number|String> = '1s' [optional]
- slow threshold for a monitorretries<Number> = 0 [optional]
- number of times to retry a failing monitorexports.beforeAll<Function>(monitorSetConfig)
exports.afterAll<Function>(monitorSetConfig, result)
exports.beforeEach<Function>(monitorConfig, monitorSetConfig, { attempt, log })
exports.afterEach<Function>(monitorConfig, monitorSetConfig, { attempt, log })
What certain fields do:
slowThreshold
- turns the color of the time from green
to yellow
when a monitor or set of monitors take this amount of timeCreate a file named dsc-monitor.js
with the form:
module.exports = (monitorRunner) => {
}
Then pass it as a plugin (-p
) when you run the monitors:
dsc-monitor -p dsc-monitor.js 'monitors/**/*.js'
Hook into events via monitorRunner.events.on(<event>, callback)
. The events are:
monitorSet
=> (result) => {}
- when a monitor set is completed
monitorSetConfig
results
- array of monitor
resultssuccess = true|false
elapsedTime
- in millisecondsmonitor
=> (result) => {}
- when a monitor is completed
monitorSetConfig
monitorConfig
results
- array of monitorAttempt
resultssuccess = true|false
elapsedTime
- in millisecondsmonitorAttempt
=> (result) => {}
- when a monitor attempt is completed
monitorSetConfig
monitorConfig
success = true|false
elapsedTime
- in millisecondserror
- if an error occuredattempt = 1
- attempt #See CircleCI 2 workflow scheduling: https://circleci.com/docs/2.0/workflows/#scheduling-a-workflow. You can work off our .circleci/config.yml template
See all builds on master of workflow monitor
without a commit attached to it: https://circleci.com/gh/dollarshaveclub/monitor/tree/master
Or just look at the monitor
workflow: https://circleci.com/gh/dollarshaveclub/workflows/monitor/tree/master
FAQs
A remote uptime monitoring framework for running monitors as a CRON job
We found that @dollarshaveclub/monitor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 26 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.