Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@fibery/correlation-id
Advanced tools
Readme
Create correlation id instance
import {createCorrelationId} from '@vizydrop/correlation-id';
const correlationId = createCorrelationId();
Integrate with @fibery/vizydrop-logger
const {createLogger} = require(`@fibery/vizydrop-logger`);
const logger = createLogger({
correlationId: {
enabled: true,
getCorrelationId: () => correlationId.correlator.getId(),
emptyValue: `nocorrelation`,
},
});
Register middleware. Support koa
and express
// koa
app.use(correlationId.koaMiddleware);
// express
app.use(correlationId.expressMiddleware);
Enhance request so each request will contain correlation id http header.
const request = require(`request`);
const correlatedRequest = correlationId.enhanceRequest(request);
correlatedRequest.get(`http://anotherservice:10020/data`);
Enhance http proxy so each proxied request will contain correlation id http header.
const httpProxy = require(`http-proxy`);
const proxy = httpProxy.createProxyServer({
target: `http://anotherservice:10020/`,
});
correlationId.enhanceHttpProxy(proxy);
Run jobs. Jobs usually do not go through express/koa
middleware so correlation id should be generated manually.
function jobTask() {}
function runJob() {
correlationId.correlator.withId(correlator.generateDefaultId(), () => {
jobTask();
});
}
Custom settings can be passed as an object to createCorrelationId
function.
generateDefaultId
- function that should return new correlation id. By default crypto.randomUUID
is used.expressMiddleware
- express middleware that runs next middlewares in scope of correlation id async hookkoaMiddleware
- koa middleware that runs next middlewares in scope of correlation id async hookenhanceHttpRequest
- takes request and return new request instance that adds correlation id header by defaultenhanceHttpProxy
- register additional listener that adds correlation id header by defaultcorrelator.getId()
- returns current correlation idcorrelator.withId(id, fn)
- run function and all subsequent function with specified correlation idcorrelator.bind()
- binds provided function to current execution context. Actually now it's a simple alias to AsyncResource.bind https://nodejs.org/api/async_context.html#integrating-asyncresource-with-eventemittercorrelator.generateId()
- generates new correlation idSince bindEmitter
method was removed and we don't bind req
in express and koa middlewares there might be some edge cases where correlation-id gets lost.
According to the https://github.com/nodejs/node/issues/33723 it's not recommended to bind whole emitter as execution in different context might be intentional so packages should maintain correct async context on their side. And it was actually fixed in many packages like express.js, body-parser, on-finished, fastify and etc.
In most cases where it's still a problem this can be worked around with correlator.bind
(see https://nodejs.org/api/async_context.html#integrating-asyncresource-with-eventemitter). Following example shows how to workaround this for dead koa-morgan package:
<!-- WAS -->
app.use(morgan(
`:method :status :url (:res[content-length] bytes) :response-time ms`,
{
stream: {
write: (text) => logger.info(text.trim()), // no correlation id here, context is lost
},
immediate: false,
},
));
<!-- Should become -->
app.use(async (ctx, next) => {
await morgan(
`:method :status :url (:res[content-length] bytes) :response-time ms`,
{
stream: {
write: correlator.bind((text) => logger.info(text.trim())), // correlation-id is here as we bound the callback to current async context
},
immediate: false,
},
)(ctx, next);
});
bluebird.promisifyAll
. Alternative solution is to explicitly promisify using native promiseconst redis = require(`redis`);
const util = require(`util`);
const client = redis.createClient();
client.setAsync = util.promisify(client.set).bind(client);
client.getAsync = util.promisify(client.get).bind(client);
mongoose
callbacks. Alternative solution is to use promisified functions.const mongoose = require(`mongooose`);
mongoose.Promise = global.Promise;
EntityModel.find({name: `name`}).then((value) => {
// do something
});
FAQs
Correlation id helper based on async local storage
The npm package @fibery/correlation-id receives a total of 205 weekly downloads. As such, @fibery/correlation-id popularity was classified as not popular.
We found that @fibery/correlation-id demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.