Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@opentelemetry/api-metrics
Advanced tools
Note: This is an experimental package under active development. New releases may include breaking changes.
This package provides everything needed to interact with the unstable OpenTelemetry Metrics API, including all TypeScript interfaces, enums, and no-op implementations. It is intended for use both on the server and in the browser.
The metrics API is considered alpha software and there is no guarantee of stability or long-term support. When the API is stabilized, it will be made available and supported long-term in the @opentelemetry/api
package and this package will be deprecated.
To get started you need to install the SDK and instrumentations, create a MeterProvider, and register it with the API.
$ # Install metrics dependencies
$ npm install \
@opentelemetry/api-metrics \
@opentelemetry/sdk-metrics \
@opentelemetry/exporter-prometheus # add exporters as needed
Note: this example is for node.js. See examples/tracer-web for a browser example.
Before any other module in your application is loaded, you must initialize the global tracer and meter providers. If you fail to initialize a provider, no-op implementations will be provided to any library which acquires them from the API.
To collect traces and metrics, you will have to tell the SDK where to export telemetry data to. This example uses Jaeger and Prometheus, but exporters exist for other tracing backends. If you're not sure if there is an exporter for your tracing backend, contact your tracing provider.
const api = require("@opentelemetry/api-metrics");
const { MeterProvider } = require("@opentelemetry/sdk-metrics");
const { PrometheusExporter } = require("@opentelemetry/exporter-prometheus");
// The Prometheus exporter runs an HTTP server which the Prometheus backend
// scrapes to collect metrics.
const exporter = new PrometheusExporter({ startServer: true });
// Creates MeterProvider and installs the exporter as a MetricReader
const meterProvider = new MeterProvider();
meterProvider.addMetricReader(exporter);
/**
* Registering the provider with the API allows it to be discovered
* and used by instrumentation libraries.
*/
api.metrics.setGlobalMeterProvider(meterProvider);
Because the npm installer and node module resolution algorithm could potentially allow two or more copies of any given package to exist within the same node_modules
structure, the OpenTelemetry API takes advantage of a variable on the global
object to store the global API. When an API method in the API package is called, it checks if this global
API exists and proxies calls to it if and only if it is a compatible API version. This means if a package has a dependency on an OpenTelemetry API version which is not compatible with the API used by the end user, the package will receive a no-op implementation of the API.
If you are writing an instrumentation library, or prefer to call the API methods directly rather than using the register
method on the Tracer/Meter Provider, OpenTelemetry provides direct access to the underlying API methods through the @opentelemetry/api-metrics
package. API entry points are defined as global singleton objects trace
, metrics
, propagation
, and context
which contain methods used to initialize SDK implementations and acquire resources from the API.
const api = require("@opentelemetry/api-metrics");
/* Initialize MeterProvider */
api.metrics.setGlobalMeterProvider(meterProvider);
/* returns meterProvider (no-op if a working provider has not been initialized) */
api.metrics.getMeterProvider();
/* returns a meter from the registered global meter provider (no-op if a working provider has not been initialized) */
api.metrics.getMeter(name, version);
Apache 2.0 - See LICENSE for more information.
FAQs
Public metrics API for OpenTelemetry
The npm package @opentelemetry/api-metrics receives a total of 581,359 weekly downloads. As such, @opentelemetry/api-metrics popularity was classified as popular.
We found that @opentelemetry/api-metrics demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.