Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@opentelemetry/auto-instrumentations-node
Advanced tools
Metapackage which bundles opentelemetry node core and contrib instrumentations
@opentelemetry/auto-instrumentations-node is a package that provides automatic instrumentation for Node.js applications. It simplifies the process of collecting telemetry data such as traces and metrics by automatically instrumenting various Node.js libraries and frameworks.
Automatic HTTP Instrumentation
This feature automatically instruments HTTP requests and responses, allowing you to collect telemetry data without manually adding instrumentation code.
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
instrumentations: [getNodeAutoInstrumentations()]
});
const http = require('http');
const server = http.createServer((req, res) => {
res.writeHead(200, { 'Content-Type': 'text/plain' });
res.end('Hello World\n');
});
server.listen(3000, '127.0.0.1', () => {
console.log('Server running at http://127.0.0.1:3000/');
});
Automatic Database Instrumentation
This feature automatically instruments database operations, such as those performed with MongoDB, to collect telemetry data on database queries and commands.
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { MongoClient } = require('mongodb');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
instrumentations: [getNodeAutoInstrumentations()]
});
const url = 'mongodb://localhost:27017';
const client = new MongoClient(url);
async function run() {
try {
await client.connect();
console.log('Connected to database');
const db = client.db('test');
const collection = db.collection('documents');
await collection.insertOne({ a: 1 });
console.log('Document inserted');
} finally {
await client.close();
}
}
run().catch(console.dir);
Automatic gRPC Instrumentation
This feature automatically instruments gRPC calls, enabling the collection of telemetry data for gRPC-based microservices.
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const grpc = require('@grpc/grpc-js');
const protoLoader = require('@grpc/proto-loader');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
instrumentations: [getNodeAutoInstrumentations()]
});
const packageDefinition = protoLoader.loadSync('helloworld.proto', {});
const helloProto = grpc.loadPackageDefinition(packageDefinition).helloworld;
function sayHello(call, callback) {
callback(null, { message: 'Hello ' + call.request.name });
}
const server = new grpc.Server();
server.addService(helloProto.Greeter.service, { sayHello: sayHello });
server.bindAsync('0.0.0.0:50051', grpc.ServerCredentials.createInsecure(), () => {
server.start();
});
elastic-apm-node is an official Elastic APM agent for Node.js. It provides automatic instrumentation for various Node.js frameworks and libraries, similar to @opentelemetry/auto-instrumentations-node. However, it is specifically designed to work with the Elastic APM server and the Elastic Stack.
newrelic is the official New Relic APM agent for Node.js. It offers automatic instrumentation for a wide range of Node.js modules and frameworks. Unlike @opentelemetry/auto-instrumentations-node, it is tailored to work with New Relic's monitoring and observability platform.
This module provides a way to auto instrument any Node application to capture telemetry from a number of popular libraries and frameworks. You can export the telemetry data in a variety of formats. Exporters, samplers, and more can be configured via environment variables. The net result is the ability to gather telemetry data from a Node application without any code changes.
This module also provides a simple way to manually initialize multiple Node instrumentations for use with the OpenTelemetry SDK.
Compatible with OpenTelemetry JS API and SDK 1.0+
.
npm install --save @opentelemetry/api
npm install --save @opentelemetry/auto-instrumentations-node
This module includes auto instrumentation for all supported instrumentations and all available data exporters. It provides a completely automatic, out-of-the-box experience. Please see the Supported Instrumentations section for more information.
Enable auto instrumentation by requiring this module using the --require flag:
node --require '@opentelemetry/auto-instrumentations-node/register' app.js
If your Node application is encapsulated in a complex run script, you can also set it via an environment variable before running Node.
env NODE_OPTIONS="--require @opentelemetry/auto-instrumentations-node/register"
The module is highly configurable using environment variables. Many aspects of the auto instrumentation's behavior can be configured for your needs, such as resource detectors, exporter choice, exporter configuration, trace context propagation headers, and much more. Instrumentation configuration is not yet supported through environment variables. Users that require instrumentation configuration must initialize OpenTelemetry programmatically.
export OTEL_TRACES_EXPORTER="otlp"
export OTEL_EXPORTER_OTLP_PROTOCOL="http/protobuf"
export OTEL_EXPORTER_OTLP_COMPRESSION="gzip"
export OTEL_EXPORTER_OTLP_TRACES_ENDPOINT="https://your-endpoint"
export OTEL_EXPORTER_OTLP_HEADERS="x-api-key=your-api-key"
export OTEL_EXPORTER_OTLP_TRACES_HEADERS="x-api-key=your-api-key"
export OTEL_RESOURCE_ATTRIBUTES="service.namespace=my-namespace"
export OTEL_NODE_RESOURCE_DETECTORS="env,host,os,serviceinstance"
export OTEL_SERVICE_NAME="client"
export NODE_OPTIONS="--require @opentelemetry/auto-instrumentations-node/register"
node app.js
By default, all SDK resource detectors are used, but you can use the environment variable OTEL_NODE_RESOURCE_DETECTORS to enable only certain detectors, or completely disable them:
env
host
os
process
serviceinstance
container
alibaba
aws
azure
gcp
all
- enable all resource detectorsnone
- disable resource detectionFor example, to enable only the env
, host
detectors:
export OTEL_NODE_RESOURCE_DETECTORS="env,host"
By default, all Supported Instrumentations are enabled, unless they are annotated with "default disabled".
You can use the environment variable OTEL_NODE_ENABLED_INSTRUMENTATIONS
to enable only certain instrumentations, including "default disabled" ones
OR the environment variable OTEL_NODE_DISABLED_INSTRUMENTATIONS
to disable only certain instrumentations,
by providing a comma-separated list of the instrumentation package names without the @opentelemetry/instrumentation-
prefix.
For example, to enable only @opentelemetry/instrumentation-http and @opentelemetry/instrumentation-nestjs-core instrumentations:
export OTEL_NODE_ENABLED_INSTRUMENTATIONS="http,nestjs-core"
To disable only @opentelemetry/instrumentation-net:
export OTEL_NODE_DISABLED_INSTRUMENTATIONS="net"
If both environment variables are set, OTEL_NODE_ENABLED_INSTRUMENTATIONS
is applied first, and then OTEL_NODE_DISABLED_INSTRUMENTATIONS
is applied to that list.
Therefore, if the same instrumentation is included in both lists, that instrumentation will be disabled.
To enable logging for troubleshooting, set the log level by setting the OTEL_LOG_LEVEL
environment variable to one of the following:
none
error
warn
info
debug
verbose
all
The default level is info
.
Notes:
OTEL_LOG_LEVEL
to info
.OpenTelemetry Meta Packages for Node automatically loads instrumentations for Node builtin modules and common packages.
Custom configuration for each of the instrumentations can be passed to the function, by providing an object with the name of the instrumentation as a key, and its configuration as the value.
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node');
const { CollectorTraceExporter } = require('@opentelemetry/exporter-collector');
const { Resource } = require('@opentelemetry/resources');
const { SEMRESATTRS_SERVICE_NAME } = require('@opentelemetry/semantic-conventions');
const { SimpleSpanProcessor } = require('@opentelemetry/sdk-trace-base');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const exporter = new CollectorTraceExporter();
const provider = new NodeTracerProvider({
resource: new Resource({
[SEMRESATTRS_SERVICE_NAME]: 'basic-service',
}),
});
provider.addSpanProcessor(new SimpleSpanProcessor(exporter));
provider.register();
registerInstrumentations({
instrumentations: [
getNodeAutoInstrumentations({
// load custom configuration for http instrumentation
'@opentelemetry/instrumentation-http': {
applyCustomAttributesOnSpan: (span) => {
span.setAttribute('foo2', 'bar2');
},
},
}),
],
});
APACHE 2.0 - See LICENSE for more information.
FAQs
Metapackage which bundles opentelemetry node core and contrib instrumentations
The npm package @opentelemetry/auto-instrumentations-node receives a total of 655,738 weekly downloads. As such, @opentelemetry/auto-instrumentations-node popularity was classified as popular.
We found that @opentelemetry/auto-instrumentations-node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.