Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@iopipe/trace
Advanced tools
Create marks and measures for arbitrary units of time. Measure latency of database calls, third party requests, or code blocks and visualize them in IOpipe!
Supports automatic tracing of functions using Node's native http
and https
, as well as ioredis
.
8.10.0
6.9.0
1.x
Note: This plugin is automatically included in the recommended package @iopipe/iopipe
With yarn (recommended) in project directory:
yarn add @iopipe/trace
With npm in project directory:
npm install @iopipe/trace
Then include the plugin with IOpipe in your serverless function:
const iopipeLib = require('@iopipe/iopipe');
const tracePlugin = require('@iopipe/trace');
const iopipe = iopipeLib({
token: 'TOKEN_HERE',
plugins: [tracePlugin()]
});
// wrap your lambda handler
exports.handler = iopipe((event, context) => {
const {mark} = context.iopipe;
mark.start('database');
// after database call is finished
mark.end('database');
mark.start('analytics');
// after analytics call is finished
mark.end('analytics');
context.succeed('Wow!');
});
// create the start mark
// the string argument is a name you are assigning the particular trace
context.iopipe.mark.start('db');
// create the end mark
// pass the name of the trace that you want to end
context.iopipe.mark.end('db');
// create an custom measurement between start:init and end:db
context.iopipe.measure('custom', 'init', 'db');
autoHttp
(object: optional = {})Automatically create traces and matching metadata for each http/s call made within your function invocation.
autoHttp.enabled
(bool: optional = false)Enable HTTP/S auto-tracing. Enabled by default. You can also use the environment variable IOPIPE_TRACE_AUTO_HTTP_ENABLED
.
autoHttp.filter
(func: optional)Filter what data is recorded for each http request that occurs within the invocation. The function will be passed two arguments. The first is an object containing "safe" data that is typically not sensitive in nature. The second argument is a more complete object with the same shape that may include sensitive data. You can use these objects to determine:
const iopipe = iopipeLib({
plugins: [
tracePlugin({
autoHttp: {
enabled: true,
filter: (safeData, allData) => {
// obj = {'request.url':'http://iopipe.com', 'request.method': 'GET'}
// return the object with filtered keys
// or return false to exclude the trace data completely
const url = safeData['request.url'];
if (url.match(/restricted/)) {
// if you don't want any traces on this restricted URI return false
return false;
} else if (url.match(/cat-castle/)) {
// if you need to keep track of a sensitive header
return Object.assign(safeData, {
'request.headers.cookie': allData['request.headers.cookie']
});
}
// if you want to record the default data after some logic checks
return safeData;
}
}
})
]
});
autoRedis
Automatically trace Redis commands using redis (node_redis)Set the environment variable IOPIPE_TRACE_REDIS
to true
, and IOpipe will trace Redis commands automatically: which command, which key is being read or written, and information about the connection: hostname, port, and connection name (if defined in your connection options). Commands batched with multi/exec are traced individually, so you can measure individual performance within batch operations.
If you're using redis@2.5.3 or earlier, turn on auto-tracing with the IOPIPE_TRACE_REDIS_CB
environment variable set to true.
autoIoRedis
Automatically trace Redis commands using ioredisSet the environment variable IOPIPE_TRACE_IOREDIS
to true
, and your function will enable automatic traces on Redis commands: the name of the command, name of the host, port, and connection (if defined in your connection options), and the key being written or read. Commands batched with multi/exec are traced individually, so you can measure individual performance within batch operations.
autoMongoDb
Automatically trace MongoDB commandsSet the environment variable IOPIPE_TRACE_MONGODB
to true
, and IOpipe will trace commands automatically: which command, which key is being read or written, database and collection name (if available), and the connection's hostname and port. This plugin supports these commands:
command
, insert
, update
, and remove
on the Server classconnect
, close
, and db
on the MongoClient class.find
, findOne
, insertOne
, insertMany
, updateOne
, updateMany
, replaceOne
, deleteOne
, deleteMany
, createIndex
on collections. bulkWrite
is also supported, and generates a list of which commands were part of the bulk operation.next
, filter
, sort
, hint
, and toArray
on the Cursor class.Commands used with a callback parameter generate end traces and duration metrics. (Note that MongoDB commands that don't take callback params--like find
--won't generate durations.)
This plugin supports MongoDB Node.JS Driver v3.3 and newer.
autoMeasure
(bool: optional = true)By default, the plugin will create auto-measurements for marks with matching mark.start
and mark.end
. These measurements will be displayed in the IOpipe Dashboard. If you'd like to turn this off, set autoMeasure: false
.
const iopipe = iopipeLib({
plugins: [tracePlugin({
autoMeasure: false
})]
});
npm run eslint -- --fix
to auto-format the code before submitting pull requests.FAQs
IOpipe plugin for tracing metrics
We found that @iopipe/trace demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.