Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@sentry/node
Advanced tools
The @sentry/node package is a tool designed for real-time monitoring and fixing crashes in Node.js applications. It provides error tracking and performance monitoring, helping developers to quickly identify, diagnose, and fix problems in their applications. Sentry integrates seamlessly with your existing codebase, offering a range of features to enhance application reliability and user experience.
Error Tracking
Automatically capture exceptions and errors in your Node.js applications. The code initializes Sentry with your project's DSN and demonstrates how an uncaught exception is automatically reported to Sentry.
const Sentry = require('@sentry/node');
Sentry.init({ dsn: 'YOUR_DSN_HERE' });
app.get('/', function mainHandler(req, res) {
throw new Error('Broke!');
});
Performance Monitoring
Track the performance of your application, including request times and slow operations. This code sample starts a transaction, simulates an operation with a timeout, and then finishes the transaction, which is then reported to Sentry for performance analysis.
const Sentry = require('@sentry/node');
const transaction = Sentry.startTransaction({ op: 'test', name: 'My First Test Transaction' });
setTimeout(() => {
transaction.finish();
}, 99);
Custom Event Capturing
Send custom messages or events to Sentry. This is useful for capturing non-exception events that are significant for your application's health monitoring and diagnostics.
const Sentry = require('@sentry/node');
Sentry.captureMessage('Something went wrong', 'error');
Bugsnag provides error monitoring for web, mobile, and server applications. Similar to @sentry/node, it offers real-time error reporting and allows for detailed error diagnostics and performance monitoring. Bugsnag differentiates itself with features tailored to mobile app monitoring.
Rollbar offers real-time error tracking and debugging tools for developers. Like @sentry/node, it supports multiple programming languages and frameworks, including Node.js. Rollbar emphasizes its ability to help teams with workflow integrations and automated error grouping for efficient management.
Raygun provides crash reporting, real-user monitoring, and deployment tracking. It's similar to @sentry/node in its core functionalities of error tracking and performance monitoring but also offers unique features like user journey tracking and version comparisons to understand the impact of deployments.
npm install @sentry/node
# Or yarn
yarn add @sentry/node
Sentry should be initialized as early in your app as possible. It is essential that you call Sentry.init
before you
require any other modules in your application, otherwise auto-instrumentation of these modules will not work.
You need to create a file named instrument.js
that imports and initializes Sentry:
// CJS Syntax
const Sentry = require('@sentry/node');
// ESM Syntax
import * as Sentry from '@sentry/node';
Sentry.init({
dsn: '__DSN__',
// ...
});
You need to require or import the instrument.js
file before importing any other modules in your application. This is
necessary to ensure that Sentry can automatically instrument all modules in your application:
// Import this first!
import './instrument';
// Now import other modules
import http from 'http';
// Your application code goes here
When running your application in ESM mode, you should use the Node.js
--import
command line option to ensure that Sentry is loaded before
the application code is evaluated.
Adjust the Node.js call for your application to use the --import
parameter and point it at instrument.js
, which
contains your Sentry.init
() code:
# Note: This is only available for Node v18.19.0 onwards.
node --import ./instrument.mjs app.mjs
If it is not possible for you to pass the --import
flag to the Node.js binary, you can alternatively use the
NODE_OPTIONS
environment variable as follows:
NODE_OPTIONS="--import ./instrument.mjs" npm run start
FAQs
Sentry Node SDK using OpenTelemetry for performance instrumentation
We found that @sentry/node demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.