Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@opentelemetry/core
Advanced tools
OpenTelemetry Core provides default and no-op implementations of the OpenTelemetry types for trace and metrics
The @opentelemetry/core package is part of the OpenTelemetry project, which provides a set of APIs, libraries, agents, and instrumentation to provide observability for applications. Specifically, the core package includes fundamental building blocks for creating and managing telemetry data (metrics, traces, logs) and is designed to be used by other OpenTelemetry packages to create a complete observability framework.
Context Management
This feature allows for the propagation of context information across asynchronous operations in your application. The context is used to store and access current execution-specific data, such as active span in tracing.
const { context, ROOT_CONTEXT } = require('@opentelemetry/core');
const ctx = context.active();
const newContext = context.with(ROOT_CONTEXT, () => {});
Propagation
Propagation is used to transmit context (e.g., traces and correlations) across process boundaries. It includes utilities to inject and extract context information from carriers in various formats.
const { propagation, defaultTextMapGetter } = require('@opentelemetry/core');
const carrier = {};
const context = propagation.extract(ROOT_CONTEXT, carrier, defaultTextMapGetter);
Instrumentation
Instrumentation is a core part of OpenTelemetry, allowing developers to collect telemetry data (metrics, logs, and traces) from their applications. This feature provides diagnostic logging capabilities.
const { diag } = require('@opentelemetry/core');
diag.setLogger(new DiagConsoleLogger(), DiagLogLevel.INFO);
Jaeger client is a distributed tracing system. It's similar to @opentelemetry/core in that it provides tracing capabilities, but it's specifically designed for use with the Jaeger backend. Unlike OpenTelemetry, which aims to be vendor-neutral, Jaeger client is tailored for Jaeger.
Prom-client is a client for the Prometheus monitoring system, focusing on gathering metrics. It's similar to the metrics collection part of @opentelemetry/core but is specifically designed for use with Prometheus rather than being part of a broader observability framework.
This package provides default implementations of the OpenTelemetry API for trace and metrics. It's intended for use both on the server and in the browser.
OpenTelemetry provides a text-based approach to propagate context to remote services using the W3C Trace Context HTTP headers.
const api = require("@opentelemetry/api");
const { HttpTraceContext } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new HttpTraceContext());
This is propagator for the B3 HTTP header format, which sends a SpanContext
on the wire in an HTTP request, allowing other services to create spans with the right context. Based on: https://github.com/openzipkin/b3-propagation
const api = require("@opentelemetry/api");
const { B3Propagator } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new B3Propagator());
Combines multiple propagators into a single propagator.
This is used as a default Propagator
const api = require("@opentelemetry/api");
const { CompositePropagator } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new CompositePropagator());
Provides a text-based approach to propagate correlation context to remote services using the OpenTelemetry CorrelationContext Propagation HTTP headers.
const api = require("@opentelemetry/api");
const { HttpCorrelationContext } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new HttpCorrelationContext());
Sampler is used to make decisions on Span
sampling.
Samples every trace regardless of upstream sampling decisions.
This is used as a default Sampler
const { NodeTracerProvider } = require("@opentelemetry/node");
const { AlwaysOnSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new AlwaysOnSampler()
});
Doesn't sample any trace, regardless of upstream sampling decisions.
const { NodeTracerProvider } = require("@opentelemetry/node");
const { AlwaysOffSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new AlwaysOffSampler()
});
Samples a configurable percentage of traces, and additionally samples any trace that was sampled upstream.
const { NodeTracerProvider } = require("@opentelemetry/node");
const { ProbabilitySampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new ProbabilitySampler(0.5)
});
A composite sampler that either respects the parent span's sampling decision or delegates to delegateSampler
for root spans.
const { NodeTracerProvider } = require("@opentelemetry/node");
const { ParentOrElseSampler, AlwaysOffSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new ParentOrElseSampler(new AlwaysOffSampler())
});
Apache 2.0 - See LICENSE for more information.
FAQs
OpenTelemetry Core provides constants and utilities shared by all OpenTelemetry SDK packages.
The npm package @opentelemetry/core receives a total of 8,620,220 weekly downloads. As such, @opentelemetry/core popularity was classified as popular.
We found that @opentelemetry/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.