Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@opentelemetry/instrumentation-mongodb
Advanced tools
OpenTelemetry instrumentation for `mongodb` database client for MongoDB
@opentelemetry/instrumentation-mongodb is an npm package that provides automatic tracing for MongoDB operations using the OpenTelemetry framework. It helps in monitoring and collecting performance metrics and distributed traces for MongoDB operations, which can be useful for debugging and optimizing database interactions.
Automatic Tracing
This feature allows you to automatically trace MongoDB operations. The code sample shows how to set up the NodeTracerProvider and register the MongoDB instrumentation to start collecting traces.
const { NodeTracerProvider } = require('@opentelemetry/node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
instrumentations: [
new MongoDBInstrumentation(),
],
});
Custom Span Attributes
This feature allows you to add custom attributes to the spans created for MongoDB operations. The code sample demonstrates how to use the `responseHook` to add the MongoDB operation result as a span attribute.
const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
const mongoInstrumentation = new MongoDBInstrumentation({
responseHook: (span, result) => {
span.setAttribute('mongodb.result', JSON.stringify(result));
},
});
Error Handling
This feature allows you to handle errors in MongoDB operations and set the span status accordingly. The code sample shows how to use the `responseHook` to check if the result is an error and set the span status.
const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
const mongoInstrumentation = new MongoDBInstrumentation({
responseHook: (span, result) => {
if (result instanceof Error) {
span.setStatus({ code: 2, message: result.message });
}
},
});
The `mongodb` package is the official MongoDB driver for Node.js. While it does not provide automatic tracing, it is often used in conjunction with tracing libraries like OpenTelemetry to manually instrument MongoDB operations.
Mongoose is an ODM (Object Data Modeling) library for MongoDB and Node.js. It provides a higher-level abstraction for MongoDB operations but does not include built-in tracing capabilities. However, it can be instrumented using OpenTelemetry for tracing.
This package provides automatic tracing for HTTP requests. While it is not specific to MongoDB, it can be used alongside @opentelemetry/instrumentation-mongodb to provide a more comprehensive tracing solution for applications that interact with MongoDB over HTTP.
This module provides automatic instrumentation for the mongodb
module, which may be loaded using the @opentelemetry/sdk-trace-node
package and is included in the @opentelemetry/auto-instrumentations-node
bundle.
If total installation size is not constrained, it is recommended to use the @opentelemetry/auto-instrumentations-node
bundle with @opentelemetry/sdk-node for the most seamless instrumentation experience.
Compatible with OpenTelemetry JS API and SDK 1.0+
.
npm install --save @opentelemetry/instrumentation-mongodb
mongodb
version >=3.3.0 <7
OpenTelemetry MongoDB Instrumentation allows the user to automatically collect trace data and export them to their backend of choice, to give observability to distributed systems.
To load a specific instrumentation (mongodb in this case), specify it in the Node Tracer's configuration.
const { MongoDBInstrumentation } = require('@opentelemetry/instrumentation-mongodb');
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
instrumentations: [
new MongoDBInstrumentation({
// see under for available configuration
}),
],
});
See examples/mongodb
for a short example.
Mongodb instrumentation has few options available to choose from. You can set the following:
Options | Type | Description |
---|---|---|
enhancedDatabaseReporting | string | If true, additional information about query parameters and results will be attached (as attributes ) to spans representing database operations |
responseHook | MongoDBInstrumentationExecutionResponseHook (function) | Function for adding custom attributes from db response |
dbStatementSerializer | DbStatementSerializer (function) | Custom serializer function for the db.statement tag |
This package uses @opentelemetry/semantic-conventions
version 1.22+
, which implements Semantic Convention Version 1.7.0
Attributes collected:
Attribute | Short Description |
---|---|
db.system | An identifier for the database management system (DBMS) product being used. |
db.connection_string | The connection string used to connect to the database. |
db.name | This attribute is used to report the name of the database being accessed. |
db.operation | The name of the operation being executed. |
db.mongodb.collection | The collection being accessed within the database stated in db.name . |
net.peer.name | Remote hostname or similar. |
net.peer.port | Remote port number. |
Apache 2.0 - See LICENSE for more information.
FAQs
OpenTelemetry instrumentation for `mongodb` database client for MongoDB
We found that @opentelemetry/instrumentation-mongodb demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.