
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@mastra/datadog
Advanced tools
Affected versions:
Datadog LLM Observability exporter for Mastra - exports tracing data to Datadog's LLM Observability product
Datadog LLM Observability exporter for Mastra. Exports observability data to Datadog's LLM Observability product.
pnpm add @mastra/datadog
dd-trace native modules ship prebuilt binaries for this ABI)import { Mastra } from '@mastra/core';
import { DatadogExporter } from '@mastra/datadog';
const datadog = new DatadogExporter({
mlApp: 'my-llm-app',
apiKey: process.env.DD_API_KEY,
});
const mastra = new Mastra({
observability: {
configs: {
default: {
serviceName: 'my-service',
exporters: [datadog],
},
},
},
});
If you have a Datadog Agent running locally, you can use agent mode instead:
const datadog = new DatadogExporter({
mlApp: 'my-llm-app',
agentless: false, // Use local Datadog Agent instead of direct HTTPS
env: 'production',
});
| Option | Description | Default |
|---|---|---|
apiKey | Datadog API key (required) | DD_API_KEY env var |
mlApp | ML application name for grouping traces (required) | DD_LLMOBS_ML_APP env var |
site | Datadog site (e.g., 'datadoghq.com', 'datadoghq.eu') | DD_SITE or 'datadoghq.com' |
agentless | Use direct HTTPS intake (no local agent required) | true |
service | Service name for the application | Uses mlApp value |
env | Environment name (e.g., 'production', 'staging') | DD_ENV env var |
integrationsEnabled | Enable dd-trace automatic integrations | false |
Note that the site is also used to specify non-default regions, e.g. us3.datadoghq.com instead of us1.datadoghq.com.
The exporter reads configuration from environment variables:
DD_API_KEY - Datadog API key (required)DD_LLMOBS_ML_APP - ML application nameDD_SITE - Datadog siteDD_ENV - Environment nameDD_LLMOBS_AGENTLESS_ENABLED - Set to 'false' or '0' to use local Datadog AgentMastra span types are mapped to Datadog LLMObs span kinds:
| Mastra SpanType | Datadog Kind |
|---|---|
AGENT_RUN | agent |
MODEL_GENERATION | workflow |
MODEL_STEP | llm |
TOOL_CALL | tool |
MCP_TOOL_CALL | tool |
WORKFLOW_RUN | workflow |
| All other types | task |
All unmapped span types (including MODEL_CHUNK, GENERIC, etc., and future span types) automatically default to task.
If you see errors like No native build was found for runtime=node abi=137:
These are non-blocking warnings. The dd-trace native modules (@datadog/native-metrics, etc.) are optional and provide performance monitoring features. Core tracing works without them.
Options:
dd-trace native modules target Node.js 22 (ABI 127/131). Newer Node.js versions have different ABIs.When using bundlers, mark dd-trace and native modules as external:
// src/mastra/index.ts
export const mastra = new Mastra({
bundler: {
externals: [
'dd-trace',
'@datadog/native-metrics',
'@datadog/native-appsec',
'@datadog/native-iast-taint-tracking',
'@datadog/pprof',
],
},
});
Apache-2.0
FAQs
Datadog LLM Observability exporter for Mastra - exports tracing data to Datadog's LLM Observability product
The npm package @mastra/datadog receives a total of 55,688 weekly downloads. As such, @mastra/datadog popularity was classified as popular.
We found that @mastra/datadog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.