
Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
@gasbuddy/configured-prometheus-client
Advanced tools
A small wrapper around the Prometheus client to allow configuration from JSON configuration or hydration.
You can create metrics "upfront":
import PrometheusClient from '@gasbuddy/configured-prometheus-client';
const client = new PrometheusClient({}, {
histograms: {
TestHisto: {
help: 'Test Histogram',
labels: ['foo', 'baz'],
buckets: [0.1, 0.2, 1],
},
},
counters: {
TestCount: {
help: 'Test Counter',
},
},
gauges: {
TestGauge: {
help: 'Test Gauge',
},
},
summaries: {
TestSum: {
help: 'Test Summary',
},
},
});
// Increment the counter by 5
client.counters.TestCount.inc(5);
Also, since most things you want to time are some sort of asynchronous operation, the client provides a "Promise timer" method:
async function aPromise(value) {
await Promise.delay(1);
return value;
}
const rz = await client.promiseTimer('TestHisto')
.label({ foo: 'bar' })
.labelSuccess(result => ({ baz: result }))
.execute(aPromise('beep'));
// rz is now the result of the promise
The foo:bar
label will be applied on the call to startTimer, and the
baz:beep
label will be applied when the timer ends assuming the promise
resolves rather than rejects (use labelError for that case). Each of the
label functions accepts either a function (so you can examine the result of
the promise) or a literal object that just gets added to the labels.
(Note that literal labels applied with .label() will always be applied when the timer STARTS, all others will be applied in order after it resolves or rejects).
FAQs
A configuration driven prometheus client
The npm package @gasbuddy/configured-prometheus-client receives a total of 258 weekly downloads. As such, @gasbuddy/configured-prometheus-client popularity was classified as not popular.
We found that @gasbuddy/configured-prometheus-client demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
Research
A malicious package uses a QR code as steganography in an innovative technique.
Research
/Security News
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.