Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
@opentelemetry/node
Advanced tools
@opentelemetry/node
OpenTelemetry Node SDK provides automatic telemetry (tracing, metrics, etc) for Node.js applications
OpenTelemetry Node SDK
This module provides automated instrumentation and tracing for Node.js applications.
For manual instrumentation see the @opentelemetry/tracing package.
How auto instrumentation works
This package exposes a NodeTracerProvider.
For loading instrumentations please use registerInstrumentations function from opentelemetry-instrumentation
OpenTelemetry comes with a growing number of instrumentation plugins for well known modules (see supported modules) and an API to create custom instrumentation (see the instrumentation developer guide).
Please note: This module does not bundle any plugins. They need to be installed separately.
This is done by wrapping all tracing-relevant functions.
This instrumentation code will automatically
- extract a trace-context identifier from inbound requests to allow distributed tracing (if applicable)
- make sure that this current trace-context is propagated while the transaction traverses an application (see @opentelemetry/context-base for an in-depth explanation)
- add this trace-context identifier to outbound requests to allow continuing the distributed trace on the next hop (if applicable)
- create and end spans
Creating custom spans on top of auto-instrumentation
Additionally to automated instrumentation, NodeTracerProvider exposes the same API as @opentelemetry/tracing, allowing creating custom spans if needed.
Installation
npm install --save @opentelemetry/api
npm install --save @opentelemetry/node
# Install instrumentation plugins
npm install --save @opentelemetry/instrumentation-http
# and for example one additional
npm install --save instrumentation-graphql
Usage
The following code will configure the NodeTracerProvider to instrument http
(and any other installed supported
modules)
using @opentelemetry/plugin-http.
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { NodeTracerProvider } = require('@opentelemetry/node');
// Create and configure NodeTracerProvider
const provider = new NodeTracerProvider();
// Initialize the provider
provider.register();
// register and load instrumentation and old plugins - old plugins will be loaded automatically as previously
// but instrumentations needs to be added
registerInstrumentations({
});
// Your application code - http will automatically be instrumented if
// @opentelemetry/plugin-http is present
const http = require('http');
Instrumentation configuration
In the following example:
- the express instrumentation is enabled
- the http instrumentation has a custom config for a
requestHook
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { HttpInstrumentation } = require('@opentelemetry/instrumentation-http');
const { ExpressInstrumentation } = require('@opentelemetry/instrumentation-express');
const provider = new NodeTracerProvider();
provider.register();
// register and load instrumentation and old plugins - old plugins will be loaded automatically as previously
// but instrumentations needs to be added
registerInstrumentations({
instrumentations: [
new ExpressInstrumentation(),
new HttpInstrumentation({
requestHook: (span, request) => {
span.setAttribute("custom request hook attribute", "request");
},
}),
],
});
Examples
See how to automatically instrument http and gRPC / grpc-js using node-sdk.
Useful links
- For more information on OpenTelemetry, visit: https://opentelemetry.io/
- For more about OpenTelemetry JavaScript: https://github.com/open-telemetry/opentelemetry-js
- For help or feedback on this project, join us in GitHub Discussions
License
Apache 2.0 - See LICENSE for more information.
FAQs
OpenTelemetry Node SDK provides automatic telemetry (tracing, metrics, etc) for Node.js applications
The npm package @opentelemetry/node receives a total of 25,049 weekly downloads. As such, @opentelemetry/node popularity was classified as popular.
We found that @opentelemetry/node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 28 Jul 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding - Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding - Dec 11, 2025