Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@opentelemetry/api-metrics
Advanced tools
Note: This is an experimental package under active development. New releases may include breaking changes.
This package provides everything needed to interact with the unstable OpenTelemetry Metrics API, including all TypeScript interfaces, enums, and no-op implementations. It is intended for use both on the server and in the browser.
The metrics API is considered alpha software and there is no guarantee of stability or long-term support. When the API is stabilized, it will be made available and supported long-term in the @opentelemetry/api
package and this package will be deprecated.
To get started you need to install the SDK and instrumentations, create a MeterProvider, and register it with the API.
$ # Install metrics dependencies
$ npm install \
@opentelemetry/api-metrics \
@opentelemetry/sdk-metrics \
@opentelemetry/exporter-prometheus # add exporters as needed
Note: this example is for node.js. See examples/tracer-web for a browser example.
Before any other module in your application is loaded, you must initialize the global tracer and meter providers. If you fail to initialize a provider, no-op implementations will be provided to any library which acquires them from the API.
To collect traces and metrics, you will have to tell the SDK where to export telemetry data to. This example uses Jaeger and Prometheus, but exporters exist for other tracing backends. If you're not sure if there is an exporter for your tracing backend, contact your tracing provider.
const api = require("@opentelemetry/api-metrics");
const { MeterProvider } = require("@opentelemetry/sdk-metrics");
const { PrometheusExporter } = require("@opentelemetry/exporter-prometheus");
// The Prometheus exporter runs an HTTP server which the Prometheus backend
// scrapes to collect metrics.
const exporter = new PrometheusExporter({ startServer: true });
// Creates MeterProvider and installs the exporter as a MetricReader
const meterProvider = new MeterProvider();
meterProvider.addMetricReader(exporter);
/**
* Registering the provider with the API allows it to be discovered
* and used by instrumentation libraries.
*/
api.metrics.setGlobalMeterProvider(meterProvider);
Because the npm installer and node module resolution algorithm could potentially allow two or more copies of any given package to exist within the same node_modules
structure, the OpenTelemetry API takes advantage of a variable on the global
object to store the global API. When an API method in the API package is called, it checks if this global
API exists and proxies calls to it if and only if it is a compatible API version. This means if a package has a dependency on an OpenTelemetry API version which is not compatible with the API used by the end user, the package will receive a no-op implementation of the API.
If you are writing an instrumentation library, or prefer to call the API methods directly rather than using the register
method on the Tracer/Meter Provider, OpenTelemetry provides direct access to the underlying API methods through the @opentelemetry/api-metrics
package. API entry points are defined as global singleton objects trace
, metrics
, propagation
, and context
which contain methods used to initialize SDK implementations and acquire resources from the API.
const api = require("@opentelemetry/api-metrics");
/* Initialize MeterProvider */
api.metrics.setGlobalMeterProvider(meterProvider);
/* returns meterProvider (no-op if a working provider has not been initialized) */
api.metrics.getMeterProvider();
/* returns a meter from the registered global meter provider (no-op if a working provider has not been initialized) */
api.metrics.getMeter(name, version);
Apache 2.0 - See LICENSE for more information.
FAQs
Public metrics API for OpenTelemetry
The npm package @opentelemetry/api-metrics receives a total of 397,285 weekly downloads. As such, @opentelemetry/api-metrics popularity was classified as popular.
We found that @opentelemetry/api-metrics demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.