Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
@opentelemetry/context-async-hooks
Advanced tools
OpenTelemetry AsyncHooks-based Context Manager
The @opentelemetry/context-async-hooks package is part of the OpenTelemetry project, which provides a set of APIs, libraries, agents, and instrumentation to create and manage telemetry data (metrics, logs, and traces) for cloud-native software. Specifically, this package leverages Node.js' async_hooks module to implement context propagation for asynchronous operations. This is crucial for tracing and logging in asynchronous applications, as it allows developers to maintain context across asynchronous boundaries.
Context Management
This feature allows for the management of context across asynchronous operations. It uses the AsyncLocalStorage class to create a new context storage, run a function within this context, and retrieve values from this context later in the async flow.
const { AsyncLocalStorage } = require('@opentelemetry/context-async-hooks');
const asyncLocalStorage = new AsyncLocalStorage();
asyncLocalStorage.run(new Map(), () => {
asyncLocalStorage.getStore().set('key', 'value');
someAsyncOperation().then(() => {
console.log(asyncLocalStorage.getStore().get('key')); // Outputs: 'value'
});
});
Context Propagation
This feature demonstrates how to set up the AsyncLocalStorageContextManager to work with OpenTelemetry's API for global context propagation. This setup is essential for tracing asynchronous operations across different parts of an application.
const { propagation } = require('@opentelemetry/api');
const { AsyncLocalStorageContextManager } = require('@opentelemetry/context-async-hooks');
const contextManager = new AsyncLocalStorageContextManager();
propagation.setGlobalPropagator(contextManager);
// Now, the context is propagated across asynchronous calls automatically.
The cls-hooked package provides a similar functionality to @opentelemetry/context-async-hooks by using the async_hooks module to create context-like namespaces that are preserved across asynchronous calls. It differs in its API and is not specifically tailored for OpenTelemetry or tracing but can be used for general context propagation purposes.
While not a separate npm package, Node.js' built-in async_hooks module is the underlying technology that both @opentelemetry/context-async-hooks and cls-hooked rely on for tracking asynchronous operations. It provides the primitives for creating hooks that monitor the lifecycle of asynchronous operations, which can be used directly for custom context propagation implementations.
This package provides async-hooks based context manager which is used internally by OpenTelemetry plugins to propagate specific context between function calls and async operations. It only targets NodeJS since async-hooks is only available there.
The definition and why they exist is available on the readme of the context-base package.
NodeJS has a specific API to track async context: async-hooks, it allows to track creation of new async operation and their respective parent. This package only handle storing a specific object for a given async hooks context.
Even if the API is native to NodeJS, it doesn't cover all possible cases of context propagation but there is a big effort from the NodeJS team to fix those. That's why we generally advise to be on the latest LTS to benefit from performance and bug fixes.
There are known modules that break context propagation (some of them are listed there), so it's possible that the context manager doesn't work with them.
Context propagation is a big subject when talking about tracing in NodeJS, if you want more information about that here are some resources:
Apache 2.0 - See LICENSE for more information.
FAQs
OpenTelemetry AsyncHooks-based Context Manager
The npm package @opentelemetry/context-async-hooks receives a total of 4,099,270 weekly downloads. As such, @opentelemetry/context-async-hooks popularity was classified as popular.
We found that @opentelemetry/context-async-hooks demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.