Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@nifty-lil-tricks/monitoring
Advanced tools
A selection of useful utilities (or nifty li'l tricks!) for all things monitoring and OpenTelemetry
A selection of useful utilities (or nifty li'l tricks!) for all things monitoring and OpenTelemetry.
Note: this package works with TypeScript v5 or later
@opentelemetry/api
package is a peer-dependency, and it should be installed
separately.
npm install @nifty-lil-tricks/monitoring @opentelemetry/api
The following features are supported
This decorator wraps all methods of a class in an OpenTelemetry Span. If a parent span cannot be retrieved from the context of the method call, it will not be monitored.
The decorator will not affect any of the underlying functionality and it will also handle any legitimate errors thrown from the underlying method as appropriate.
A method of name hello
on class Service
that returns without error will
export the following span details by default:
{
"id": "b98126c289c5c9dc",
"name": "Service.hello",
"traceId": "a7b41739082880c506d62152de2e13a1",
"parentId": "f64d1571cd4a88dd",
"kind": 0,
"attributes": {
"monitoring.method": "hello",
"monitoring.class": "Service"
},
"status": { "code": 1 },
"timestamp": 1684136794317000,
"duration": 2010408,
"events": [],
"links": []
}
A method of name hello
on class Service
that throws an error will export the
following span details by default:
{
"id": "7c5f84a384af9a63",
"name": "Service.hello",
"traceId": "931ba33b4ab375ade4f26c7ac93df4ce",
"parentId": "0182507d0f5f0a85",
"kind": 0,
"attributes": {
"monitoring.method": "hello",
"monitoring.class": "Service"
},
"status": { "code": 2, "message": "Error: something bad happened" },
"timestamp": 1684136986170000,
"duration": 502605,
"events": [],
"links": []
}
Ensure OpenTelemetry tracing is set-up by ensuring:
See example set up for a quick guide to getting the above setup.
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor()
class Service {
async hello(): Promise<void> {
// Do work
await promisify(setTimeout)(500);
// Do nested work
await this.nested();
}
async nested(): Promise<void> {
// Do work
await promisify(setTimeout)(1000);
}
}
By default, the monitor decorator monitors all
non-private
methods. One can provide an allowedMethods
option to filter the methods that
are monitored. This filter can be provided in several types:
string[]
RegExp
(methodName: string) => boolean
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ allowedMethods: ["allowed1", "allowed2"] })
class Service {
// Not monitored
notAllowed(): void {}
// Monitored
allowed1(): void {}
// Monitored
allowed2(): void {}
}
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ allowedMethods: /^allowed.+/ })
class Service {
// Not monitored
notAllowed(): void {}
// Monitored
allowed1(): void {}
// Monitored
allowed2(): void {}
}
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ allowedMethods: (method) => method.startsWith("allowed") })
class Service {
// Not monitored
notAllowed(): void {}
// Monitored
allowed1(): void {}
// Monitored
allowed2(): void {}
}
By default, the monitor decorator sets the Span Kind to be INTERNAL
. This
option allows one to override this.
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ spanKind: SpanKind.SERVER })
class Service {
async hello(): Promise<void> {
// Do work
await promisify(setTimeout)(500);
}
}
By default, the monitor decorator infers the class name from the class. This option allows one to override this behaviour. A use-case for this would be when one has multiple classes of the same name defined.
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ className: "OtherService" })
class Service {
async hello(): Promise<void> {
// Do work
await promisify(setTimeout)(500);
}
}
By default, the monitor decorator uses the default tracer to record spans. This option allows one to override this behaviour.
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ tracerName: "some-other-tracer" })
class Service {
async hello(): Promise<void> {
// Do work
await promisify(setTimeout)(500);
}
}
Private methods as defined here are not monitoring by this decorator.
import { Monitor } from "@nifty-lil-tricks/monitoring";
import { promisify } from "node:util";
@Monitor({ tracerName: "some-other-tracer" })
class Service {
// Monitored
async hello(): Promise<void> {
// Not monitored
await this.#privateMethod(())
}
async #privateMethod(): Promise<void> {
// Do work
await promisify(setTimeout)(500);
}
}
The API docs can be found here
Examples can be found here.
To run the examples/basic.ts
example, run the following:
npm run start:collector
npm run example:basic
Platform Version | Supported | Notes |
---|---|---|
Node.JS v18 | :white_check_mark: | TypeScript v5+ for typings |
Node.JS v20 | :white_check_mark: | TypeScript v5+ for typings |
Deno v1 | :x: | Will be supported when OpenTelemetry is supported in Deno |
Web Browsers | :x: | Coming soon |
Nifty li'l tricks packages are 100% free and open-source, under the MIT license.
This package is Treeware. If you use it in production, then we ask that you buy the world a tree to thank us for our work. By contributing to the Treeware forest you’ll be creating employment for local families and restoring wildlife habitats.
Contributions, issues and feature requests are very welcome. If you are using this package and fixed a bug for yourself, please consider submitting a PR!
FAQs
A selection of useful utilities (or nifty li'l tricks!) for all things monitoring and OpenTelemetry
The npm package @nifty-lil-tricks/monitoring receives a total of 208 weekly downloads. As such, @nifty-lil-tricks/monitoring popularity was classified as not popular.
We found that @nifty-lil-tricks/monitoring demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.