Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
@schibsted/niche-tracking
Advanced tools
Package containing tracking logic reused between multiple Schibsted niche sites
This repository contains code we use for tracking. The goal of niche-tracking is to be used in all of our products. Currently it's used by tek-web, godt-web and pent-web.
Nothing fancy here. First install dependencies clone repository, open terminal and run.
npm i
Next start transpiling the source code:
npm run transpile:watch
Note: order of command execution is important.
In order to make your project available as package locally:
npm link
And in project you need:
npm link @schibsted/niche-tracking
And now you are all good. Your project will now use the local version of niche-tracking instead of the one in node_modules.
After you end working on the package you need to unlink it.
First, in the project where the package was used:
npm unlink --no-save @schibsted/niche-tracking
Second, in the niche-tracking package:
npm unlink
Currently pulse, google analytics and mbl trackers are implemented.
Package exports Tracker
class and all implemented tracker objects. You can import it like this:
import { Tracker, pulse, googleAnalytics, mbl } from '@schibsted/niche-tracking';
Next you need to create tracker instance with proper parameters
const tracker = new Tracker({
pageViewTrackerMappers,
eventTrackerMappers,
pageLeaveTrackerMappers,
enabled,
trackers: [pulse, googleAnalytics, mbl],
});
When you have the tracker instance you will have to initialize it with proper config. Calling this method will download all tracking scripts and actually make them work. Don't worry, you can call
tracker.pageView
and tracker.event
methods before calling tracker.initialize
as all build in trackers have event queue that will be unloaded after initialization.
tracker.initialize
methods takes config with tracker specific options. You can see them here:
Let's discuss Tracker constructor parameters
Array with trackers you want to use. You can import those from package or provide your own. They must be objects with three methods:
These are objects with following format:
{
[TYPE]: {
[TRACKERNAME]: optionTransormFunction
}
}
This flag lets you disable the tracking. Please keep in mind that even if you set enabled: false
mappers will still be called to keep the behaviour as close to production as it can be.
Where TYPE
is unique name of event type you want to track (defined by you), TRACKERNAME
is (who would have guessed?) tracker name and optionTransformFunction
is function that transforms data from option
object to data that specific tracker needs for that event.
For example it could look like this:
const pageViewTrackerMappers = {
[SCREENS.SECTION]: {
pulse: (options) => ({
object: {
name: window.document.title,
id: options.category,
type: 'Listing',
category: options.category,
filters: {
query: options.location.search,
},
},
}),
googleAnalytics: (options) => ({
page_path: options.location.pathname,
}),
mbl: (options) => ({
url: window.location.toString(),
title: window.document.title,
image: options.image.url,
referrer: document.referrer,
}),
},
};
Remember out tracker instance? Just to remind you:
const tracker = new Tracker({
pageViewTrackerMappers,
eventTrackerMappers,
pageLeaveTrackerMappers,
enabled,
trackers: [pulse, googleAnalytics, mbl],
});
Now each time you call tracker.pageView(SCREENS.SECTION, options)
the tracker will create:
according to transform functions you provided in pageViewTrackerMappers
.
Next it will call pulse.pagewiew(pulseSpecificOptions)
, googleAnalytics.pageView(googleAnalyticsSpecificOptions)
, mbl.pagewiew(mblSpecificOptions)
.
As you can see it enables you to implement most of the tracking in declarative way. All you need is choose which trackers you need and provide proper options mapping.
As a recommendation I suggest providing redux state as options and using selectors in option transorm function.
Experiments is a field used for A/B tests tracking. It should be passed during tracker
initalization and contain list of all A/B tests that user is part of.
For example it could look like this:
const tracker = new Tracker({
pageViewTrackerMappers,
eventTrackerMappers,
enabled,
trackers: [pulse],
});
const experiments = [
{
id: 'experimentId', // unique identifier of A/B test
name: 'Readable explanation of A/B test',
variant: 'variant-b', // identifier of a variant which will be served to user
},
{
id: 'anotherExperimentId',
name: 'Readable explanation of another A/B test',
variant: 'another-variant-a',
},
];
tracker.initalize({
...trackersConfig,
clientId,
experiments,
});
In the case of the pulse
tracker, this list will be added to every page view and engagement event.
NOTE:
Use this method for internal navigation only.
It can fire only ONE (latest)
navigationEvent
perpageView
invocation.
What this method does is:
pageView
invocation,pageView
is invoked the pending event will have tracker
property value set to whatever the object
property of current pageView
event is.In short: it will remove necessity of manual creation of target
property of an event in case of internal navigation.
Deployment is done using Travis CI
The new version of the package is deployed by Travis after you push a semver tag (e.g. v1.0.1
to Github).
The make the process as smooth as possible we're using release-it package.
To make the release work you need to do the following:
repo
credentials.GITHUB_TOKEN
environment variable.npm run release
and follow the wizard there (mostly pick the patch/minor/major release type and confirm everything else).Release-it does the following:
GITHUB_TOKEN
setpackage.json
and package-lock.json
This package requires only one polyfill: Promise.
To get more general idea of how tracking works check our team docs
FAQs
Package containing tracking logic reused between multiple Schibsted niche sites
The npm package @schibsted/niche-tracking receives a total of 7 weekly downloads. As such, @schibsted/niche-tracking popularity was classified as not popular.
We found that @schibsted/niche-tracking demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.