
Security News
Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
@dreamhorizonorg/pulse-web
Advanced tools
Pulse observability SDK for web — OpenTelemetry-based RUM, sessions, errors, web vitals, network, and click instrumentation
OpenTelemetry-based web SDK for Pulse RUM telemetry.
Captures:
yarn add @dreamhorizonorg/pulse-web
npm install @dreamhorizonorg/pulse-web
PulseProvider from @dreamhorizonorg/pulse-web/react does everything in one shot:
Pulse.init on mountPulseErrorBoundaryReact (CRA / Vite):
import { PulseProvider } from '@dreamhorizonorg/pulse-web/react'
import { PulseDataCollectionConsent } from '@dreamhorizonorg/pulse-web'
const config = {
apiKey: 'your-project-key',
serviceName: 'my-app',
dataCollectionState: PulseDataCollectionConsent.ALLOWED,
}
<PulseProvider config={config}>
<App />
</PulseProvider>
Next.js App Router: the compiled SDK dist does not include "use client", so PulseProvider cannot be imported directly from a Server Component. Create a thin wrapper first:
// app/providers/PulseProvider.tsx
'use client'
import { PulseProvider as SDKPulseProvider } from '@dreamhorizonorg/pulse-web/react'
export function PulseProvider({ config, children }: { config: any; children: React.ReactNode }) {
return <SDKPulseProvider config={config} shutdownOnUnmount={false}>{children}</SDKPulseProvider>
}
Then use the wrapper in layout.tsx:
// app/layout.tsx
import { PulseProvider } from './providers/PulseProvider'
import { PulseDataCollectionConsent } from '@dreamhorizonorg/pulse-web'
const config = {
apiKey: process.env.NEXT_PUBLIC_PULSE_API_KEY,
serviceName: 'my-app',
dataCollectionState: PulseDataCollectionConsent.ALLOWED,
}
export default function RootLayout({ children }) {
return (
<html lang="en">
<body>
<PulseProvider config={config}>
{children}
</PulseProvider>
</body>
</html>
)
}
After mount, these signals auto-capture with zero extra work:
| Signal | Trigger |
|---|---|
session.start / session.end | Tab open / close |
network.<status> (e.g. network.200) | Every fetch / XMLHttpRequest — client span pulse.type from HTTP status, not the literal http |
app.click | User clicks anywhere |
web_vital | LCP, CLS, INP, TTFB, FCP |
screen_load | Navigation timing (incl. tti on initial load when available) |
device.crash | Uncaught JS errors + React render errors (via built-in PulseErrorBoundary) |
useRouterTracking from @dreamhorizonorg/pulse-web/react requires react-router-dom — it won't work in Next.js. Add this null-rendering component once inside <PulseProvider> in layout.tsx:
// app/components/PulsePageView.tsx
'use client'
import { usePathname } from 'next/navigation'
import { useEffect } from 'react'
import { Pulse } from '@dreamhorizonorg/pulse-web'
export function PulsePageView() {
const pathname = usePathname()
useEffect(() => { Pulse.setScreenName(pathname) }, [pathname])
return null
}
// layout.tsx — add inside <PulseProvider>
<PulseProvider config={config}>
<PulsePageView />
{children}
</PulseProvider>
For React Router apps, import useRouterTracking or <PulseRouterEvents /> from @dreamhorizonorg/pulse-web/react/router (not the bare /react entry — that path avoids a hard react-router-dom dependency for apps that do not use React Router):
import { useRouterTracking } from '@dreamhorizonorg/pulse-web/react/router'
useRouterTracking() // inside a component rendered within <BrowserRouter>
Naming note — beforeSendData: RUM docs often say “beforeSend”. Pulse
uses the config key beforeSendData for parity with Android; inner
callbacks still use names like beforeSend / beforeSendSpan. See
docs/instrumentations/integration/SPEC.md §5.9.
Pulse.init(config)Pulse.shutdown()Pulse.isInitialized()Pulse.setScreenName(name)Pulse.trackEvent(name, attrs?)Pulse.reportException(error, attrs?)Pulse.reportDeviceCrash(error, attrs?)Pulse.trackNonFatal(name, attrs?)Interaction configs are fetched from:
default-project*_*): {collector→8080}/v1/interaction-configs/ with X-API-KEYhttps://pulse-otel-collector.pulse-ux.com/config/projects/{projectId}/interaction-config.json (no /v1/interaction-configs/ — search DevTools for interaction-config.json)Remote pulse-config.json may set features[].interaction.sessionSampleRate < 1 for pulse_web_js; interaction spans stay gated, but the SDK still loads interaction configs when instrumentations.interactions is not enabled: false.
Web runtime now uses backend/Android wire shape directly:
id: numberdescription: stringname (not key)EQUALS | NOTEQUALS | CONTAINS | NOTCONTAINS | STARTSWITH | ENDSWITHglobalBlacklistedEvents is an array of event objects# Node >= 18.13
corepack enable
yarn install
# Build SDK
yarn build
# Run demo apps
yarn demo # React ecommerce-demo → localhost:3002
yarn demo:docs # Vanilla web-sdk-docs → localhost:3003
# Typecheck + unit tests
yarn lint
yarn test:run
# One-time browser install
cd examples/ecommerce-demo
yarn playwright install --with-deps chromium firefox webkit
# From SDK root
cd ../..
yarn workspace ecommerce-demo e2e:m2-interactions
yarn workspace ecommerce-demo e2e:web-sdk-gates
docs/prd/README.md — feature PRDs under docs/prd/; PRD.md in that folder symlinks to the active Ralph PRD when applicabledocs/instrumentations/integration/SPEC.mddocs/sdk-core/SPEC.md — topic SPECs under docs/sdk-core/<topic>/SPEC.md (e.g. data-contract/SPEC.md, architecture-and-bootstrap/SPEC.md); session: docs/instrumentations/session/SPEC.mddocs/instrumentations/docs/publishing/SPEC.md · docs/publishing/QUICKSTART.md · docs/publishing/PUBLISHING.mdFAQs
Pulse observability SDK for web — OpenTelemetry-based RUM, sessions, errors, web vitals, network, and click instrumentation
The npm package @dreamhorizonorg/pulse-web receives a total of 24 weekly downloads. As such, @dreamhorizonorg/pulse-web popularity was classified as not popular.
We found that @dreamhorizonorg/pulse-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.