Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@opentelemetry/plugin-express
Advanced tools
@opentelemetry/plugin-express
OpenTelemetry express automatic instrumentation package.
OpenTelemetry Express Instrumentation for Node.js
This module provides automatic instrumentation for express.
For automatic instrumentation see the @opentelemetry/node package.
Installation
npm install --save @opentelemetry/plugin-express
Supported Versions
^4.0.0
Usage
OpenTelemetry Express Instrumentation allows the user to automatically collect trace data and export them to their backend of choice, to give observability to distributed systems.
To load a specific plugin (express in this case), specify it in the registerInstrumentations's configuration.
const { NodeTracerProvider } = require('@opentelemetry/node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
instrumentations: [
{
plugins: {
express: {
enabled: true,
// You may use a package name or absolute path to the file.
path: '@opentelemetry/plugin-express',
}
}
},
],
tracerProvider: provider,
});
To load all the supported plugins, use below approach. Each plugin is only loaded when the module that it patches is loaded; in other words, there is no computational overhead for listing plugins for unused modules.
const { NodeTracerProvider } = require('@opentelemetry/node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const provider = new NodeTracerProvider();
provider.register();
registerInstrumentations({
tracerProvider: provider,
});
See examples/express for a short example.
Caveats
Because of the way express works, it's hard to correctly compute the time taken by asynchronous middlewares and request handlers. For this reason, the time you'll see reported for asynchronous middlewares and request handlers will only represent the synchronous execution time, and not any asynchronous work.
Express Plugin Options
Express plugin has few options available to choose from. You can set the following:
| Options | Type | Description |
|---|---|---|
ignoreLayers | IgnoreMatcher[] | Express plugin will not trace all layers that match. |
ignoreLayersType | ExpressLayerType[] | Express plugin will ignore the layers that match based on their type. |
For reference, here are the three different layer type:
routeris the name ofexpress.Router()middlewarerequest_handleris the name for anything thats not a router or a middleware.
Useful links
- For more information on OpenTelemetry, visit: https://opentelemetry.io/
- For more about OpenTelemetry JavaScript: https://github.com/open-telemetry/opentelemetry-js
- For help or feedback on this project, join us in GitHub Discussions
License
Apache 2.0 - See LICENSE for more information.
0.15.0
:rocket: Enhancement
- Other
- #366 Add automated release workflows (@willarmiros)
auto-instrumentation-webauto-instrumentation-nodeopentelemetry-instrumentation-hapiopentelemetry-instrumentation-koa- #327 feat: enable root span to contain route (@DinaYakovlev)
opentelemetry-instrumentation-mysqlopentelemetry-instrumentation-netopentelemetry-host-metrics
:house: Internal
opentelemetry-host-metrics,opentelemetry-test-utils- Other
:memo: Documentation
Committers: 9
- Bartlomiej Obecny (@obecny)
- Daniel Dyla (@dyladan)
- Dina.Yakovlev (@DinaYakovlev)
- Gerhard Stöbich (@Flarna)
- Jakub Malinowski (@jtmalinowski)
- Siim Kallas (@seemk)
- Valentin Marchaud (@vmarchaud)
- William Armiros (@willarmiros)
- Wolfgang Ziegler (@z1c0)
FAQs
OpenTelemetry express automatic instrumentation package.
We found that @opentelemetry/plugin-express demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 05 Apr 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025