Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@opentelemetry/core
Advanced tools
OpenTelemetry Core provides default and no-op implementations of the OpenTelemetry types for trace and metrics
The @opentelemetry/core package is part of the OpenTelemetry project, which provides a set of APIs, libraries, agents, and instrumentation to provide observability for applications. Specifically, the core package includes fundamental building blocks for creating and managing telemetry data (metrics, traces, logs) and is designed to be used by other OpenTelemetry packages to create a complete observability framework.
Context Management
This feature allows for the propagation of context information across asynchronous operations in your application. The context is used to store and access current execution-specific data, such as active span in tracing.
const { context, ROOT_CONTEXT } = require('@opentelemetry/core');
const ctx = context.active();
const newContext = context.with(ROOT_CONTEXT, () => {});
Propagation
Propagation is used to transmit context (e.g., traces and correlations) across process boundaries. It includes utilities to inject and extract context information from carriers in various formats.
const { propagation, defaultTextMapGetter } = require('@opentelemetry/core');
const carrier = {};
const context = propagation.extract(ROOT_CONTEXT, carrier, defaultTextMapGetter);
Instrumentation
Instrumentation is a core part of OpenTelemetry, allowing developers to collect telemetry data (metrics, logs, and traces) from their applications. This feature provides diagnostic logging capabilities.
const { diag } = require('@opentelemetry/core');
diag.setLogger(new DiagConsoleLogger(), DiagLogLevel.INFO);
Jaeger client is a distributed tracing system. It's similar to @opentelemetry/core in that it provides tracing capabilities, but it's specifically designed for use with the Jaeger backend. Unlike OpenTelemetry, which aims to be vendor-neutral, Jaeger client is tailored for Jaeger.
Prom-client is a client for the Prometheus monitoring system, focusing on gathering metrics. It's similar to the metrics collection part of @opentelemetry/core but is specifically designed for use with Prometheus rather than being part of a broader observability framework.
This package provides default implementations of the OpenTelemetry API for trace and metrics. It's intended for use both on the server and in the browser.
OpenTelemetry provides a text-based approach to propagate context to remote services using the W3C Trace Context HTTP headers.
const api = require("@opentelemetry/api");
const { HttpTraceContext } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new HttpTraceContext());
This is propagator for the B3 HTTP header format, which sends a SpanContext
on the wire in an HTTP request, allowing other services to create spans with the right context. Based on: https://github.com/openzipkin/b3-propagation
const api = require("@opentelemetry/api");
const { B3Propagator } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new B3Propagator());
Combines multiple propagators into a single propagator.
This is used as a default Propagator
const api = require("@opentelemetry/api");
const { CompositePropagator } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new CompositePropagator());
Provides a text-based approach to propagate correlation context to remote services using the OpenTelemetry CorrelationContext Propagation HTTP headers.
const api = require("@opentelemetry/api");
const { HttpCorrelationContext } = require("@opentelemetry/core");
/* Set Global Propagator */
api.propagation.setGlobalPropagator(new HttpCorrelationContext());
Sampler is used to make decisions on Span
sampling.
Samples every trace regardless of upstream sampling decisions.
This is used as a default Sampler
const { NodeTracerProvider } = require("@opentelemetry/node");
const { AlwaysOnSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new AlwaysOnSampler()
});
Doesn't sample any trace, regardless of upstream sampling decisions.
const { NodeTracerProvider } = require("@opentelemetry/node");
const { AlwaysOffSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new AlwaysOffSampler()
});
Samples some percentage of traces, calculated deterministically using the trace ID. Any trace that would be sampled at a given percentage will also be sampled at any higher percentage.
The TraceIDRatioSampler
may be used with the ParentBasedSampler
to respect the sampled flag of an incoming trace.
const { NodeTracerProvider } = require("@opentelemetry/node");
const { TraceIdRatioBasedSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
// See details of ParentBasedSampler below
sampler: new ParentBasedSampler({
// Trace ID Ratio Sampler accepts a positional argument
// which represents the percentage of traces which should
// be sampled.
root: new TraceIdRatioBasedSampler(0.5)
});
});
ParentBased
helps distinguished between the
following cases:
sampled
flag true
sampled
flag false
sampled
flag true
sampled
flag false
Required parameters:
root(Sampler)
- Sampler called for spans with no parent (root spans)Optional parameters:
remoteParentSampled(Sampler)
(default: AlwaysOn
)remoteParentNotSampled(Sampler)
(default: AlwaysOff
)localParentSampled(Sampler)
(default: AlwaysOn
)localParentNotSampled(Sampler)
(default: AlwaysOff
)Parent | parent.isRemote() | parent.isSampled() | Invoke sampler |
---|---|---|---|
absent | n/a | n/a | root() |
present | true | true | remoteParentSampled() |
present | true | false | remoteParentNotSampled() |
present | false | true | localParentSampled() |
present | false | false | localParentNotSampled() |
const { NodeTracerProvider } = require("@opentelemetry/node");
const { ParentBasedSampler, AlwaysOffSampler, TraceIdRatioBasedSampler } = require("@opentelemetry/core");
const tracerProvider = new NodeTracerProvider({
sampler: new ParentBasedSampler({
// By default, the ParentBasedSampler will respect the parent span's sampling
// decision. This is configurable by providing a different sampler to use
// based on the situation. See configuration details above.
//
// This will delegate the sampling decision of all root traces (no parent)
// to the TraceIdRatioBasedSampler.
// See details of TraceIdRatioBasedSampler above.
root: new TraceIdRatioBasedSampler(0.5)
})
});
Apache 2.0 - See LICENSE for more information.
FAQs
OpenTelemetry Core provides constants and utilities shared by all OpenTelemetry SDK packages.
The npm package @opentelemetry/core receives a total of 14,351,771 weekly downloads. As such, @opentelemetry/core popularity was classified as popular.
We found that @opentelemetry/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.