Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@microsoft/ads-extension-telemetry
Advanced tools
A module for first party Microsoft extensions to report consistent telemetry.
This module provides a consistent way for first-party extensions to report telemetry over Application Insights.
The module respects the user's decision about whether or not to send telemetry data through the telemetry.enableTelemetry
setting in Azure Data Studio.
Follow guide to set up Application Insights in Azure and get your key.
npm install ads-extension-telemetry
const vscode = require('vscode');
const TelemetryReporter = require('ads-extension-telemetry');
// all events will be prefixed with this event name
const extensionId = '<your extension unique name>';
// extension version will be reported as a property with each event
const extensionVersion = '<your extension version>';
// the application insights key (also known as instrumentation key)
const key = '<your key>';
// telemetry reporter
let reporter;
function activate(context: vscode.ExtensionContext) {
...
// create telemetry reporter on extension activation
reporter = new TelemetryReporter(extensionId, extensionVersion, key);
// ensure it gets property disposed
context.subscriptions.push(reporter);
...
}
function deactivate() {
// This will ensure all pending events get flushed
reporter.dispose();
}
...
// send event any time after activation
// Immediately send event
reporter.sendViewEvent('ConnectionDialog');
reporter.sendActionEvent('ConnectionDialog', 'Click', 'OKButton', 'Mouse', 123);
reporter.sendMetricsEvent({ 'dialogLoadTimeMs', 578 }, 'ConnectionDialog');
reporter.sendErrorEvent('ConnectionDialog', 'connectionFailed', '4060', 'SqlException');
// Add on additional properties and then send event
reporter.createViewEvent('ConnectionDialog')
.withAdditionalProperties( { myProp: 'MyPropValue' })
.withAdditionalMeasurements( { myMeasure: 123 })
.withConnectionInfo(connectionProfile)
.send();
common.extname
common.extversion
common.vscodemachineid
common.vscodesessionid
common.vscodeversion
common.os
common.platformversion
The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at https://go.microsoft.com/fwlink/?LinkID=824704. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
FAQs
A module for first party Microsoft extensions to report consistent telemetry.
The npm package @microsoft/ads-extension-telemetry receives a total of 140 weekly downloads. As such, @microsoft/ads-extension-telemetry popularity was classified as not popular.
We found that @microsoft/ads-extension-telemetry demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.