Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@newrelic/browser-agent-core
Advanced tools
See @newrelic/browser-agent package
This package contains the modules used by the New Relic Browser agent NPM package, this is used internally only and is not intended for use as a public-facing library.
0.0.9-beta.121 (2022-05-27)
Note: Version bump only for package newrelic
Added internal mechanism for applying regex and replacement rules to all strings in payloads to obfuscate before sending to ingest.
file://
protocolA change has been implemented in our handling of applications hosted locally on a file://
protocol. For security reasons, we can not send payloads that contain file information, so our previous implementation revolved around completely shutting the agent down when file://
protocols were detected. This change introduces the ability to obfuscate all file://
paths from our payloads before sending to ingest.
The final character in trace ID hex generation was returning as undefined
, which translated to always be 0
(undefined & 15 === 0
). This change fixes this final character and ensures it is valid.
Added front end framework detection metrics to help guide future priorities for browser agent features. The following front end frameworks will now be detected and analyzed:
Previously, XMLHttpRequest and Fetch calls made with Data URLs could prevent the agent from harvesting data.
Renamed LargestContentfulPaint PageViewTiming attributes from url
to elUrl
and tag
to elTag
. This makes the names less generic and as a result less likely to collide with custom attributes.
The agent will now include core web vitals page view timings in the session trace waterfall payload. If observed, events such FI
, FID
, LCP
, FP
, FCP
etc. will now be available in the browser Session Traces
UI grouped under the timing
type.
If a session trace ID exists, it will now be appended to harvests for the linking of session-related datasets downstream. This ID will be appended to any payload that exists at the time the session ID is determined, meaning the only harvests which won't have a session ID are PageView
and Initial Page Load Browser Interaction
.
The core web vitals metrics LCP
and FI
will now include metadata describing the network information observed on the page. This includes network type, round trip time (rtt) and downlink.
LCP
metrics will now also report a tag name and an image URL if present (for LCP triggered by images).
Largest Contentful Paint will now stop being tracked when page visibility changes to hidden. This aligns with the web-vitals library.
Using the addEventEventListener without the passive flag for the touchstart
event is flagged in Lighthouse. The passive flag is now applied to all addEventListener calls in the agent.
FAQs
New Relic Browser Agent Core Modules
The npm package @newrelic/browser-agent-core receives a total of 9 weekly downloads. As such, @newrelic/browser-agent-core popularity was classified as not popular.
We found that @newrelic/browser-agent-core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.