@sentry/replay
Advanced tools
The @sentry/replay package is designed to capture and replay web application interactions to help in debugging and monitoring. It allows developers to record user sessions, including clicks, inputs, and navigation, which can be replayed to understand user behavior or diagnose issues.
Session Recording
This feature enables the recording of user sessions, capturing interactions such as clicks, inputs, and page navigation. The code snippet shows how to initialize Sentry with the Replay integration.
Sentry.init({
dsn: 'YOUR_SENTRY_DSN',
integrations: [new Sentry.Replay({})]
});Replay Events
Allows developers to capture and send replay events to Sentry. This can include a series of user interactions that led to an error or an interesting event.
Sentry.captureReplay({
url: window.location.href,
interactions: capturedInteractions
});rrweb stands for 'record and replay the web', which is a tool for recording and replaying users' interactions on the web. It offers similar functionalities to @sentry/replay by capturing user sessions and interactions for replay. However, rrweb is more focused on the recording aspect and can be used independently of error tracking systems.
LogRocket is a more comprehensive solution that combines session replay, performance monitoring, and error tracking. It offers similar session replay capabilities to @sentry/replay but is part of a larger suite of tools designed for debugging and monitoring web applications. LogRocket provides detailed insights into users' interactions, network requests, and console logs alongside the replay feature.
Note: Session Replay is currently in alpha.
For the sentry-replay integration to work, you must have the Sentry browser SDK package (minimum version 7.x), or an equivalent framework SDK (e.g. @sentry/react) installed.
with npm:
npm install --save @sentry/browser @sentry/replay
with yarn:
yarn add @sentry/browser @sentry/replay
To set up the integration, add the following to your Sentry initialization. Several options are supported and passable via the integration constructor. See the configuration section below for more details.
import * as Sentry from '@sentry/browser';
import { Replay } from '@sentry/replay';
Sentry.init({
dsn: '__DSN__',
integrations: [
new Replay({
// This sets the sample rate to be 10%. You may want this to be 100% while
// in development and sample at a lower rate in production
replaysSamplingRate: 0.1,
})
],
// ...
});
Replay recording only starts automatically when it is included in the integrations key when calling Sentry.init. Otherwise you can initialize the plugin and manually call the start() method on the integration instance. To stop recording you can call the stop().
const replay = new Replay(); // This will *NOT* begin recording replays
replay.start(); // Start recording
replay.stop(); // Stop recording
| key | type | default | description |
|---|---|---|---|
| captureOnlyOnError | boolean | false | Only capture the recording when an error happens. The recording is currently limited to up to the last 60 seconds before the error occurs and only records up to the error. |
| initialFlushDelay | number | 5000 | The amount of time to wait (in ms) before sending the initial recording payload. This helps drop recordings where users visit and close the page quickly. |
| replaysSamplingRate | number | 1.0 | The rate at which to sample replays. (1.0 will collect all replays, 0 will collect no replays). |
| stickySession | boolean | true | Keep track of the user across page loads. Note a single user using multiple tabs will result in multiple sessions. Closing a tab will result in the session being closed as well. |
| key | type | default | description |
|---|---|---|---|
| maskAllText | boolean | true | Mask all text content. Will pass text content through maskTextFn before sending to server. |
| blockAllMedia | boolean | true | Block all media elements (img, svg, video, object, picture, embed, map, audio) |
| maskTextFn | (text: string) => string | (text) => '*'.repeat(text.length) | Function to customize how text content is masked before sending to server. By default, masks text with *. |
| maskAllInputs | boolean | true | Mask values of <input> elements. Passes input values through maskInputFn before sending to server. |
| maskInputOptions | Record<string, boolean> | { password: true } | Customize which inputs type to mask. Available <input> types: color, date, datetime-local, email, month, number, range, search, tel, text, time, url, week, textarea, select, password. |
| maskInputFn | (text: string) => string | (text) => '*'.repeat(text.length) | Function to customize how form input values are masked before sending to server. By default, masks values with *. |
| blockClass | string | RegExp | 'sentry-block' | Redact all elements that match the class name. See privacy section for an example. |
| blockSelector | string | '[data-sentry-block]' | Redact all elements that match the DOM selector. See privacy section for an example. |
| ignoreClass | string | RegExp | 'sentry-ignore' | Ignores all events on the matching input field. See privacy section for an example. |
| maskTextClass | string | RegExp | 'sentry-mask' | Mask all elements that match the class name. See privacy section for an example. |
| key | type | default | description |
|---|---|---|---|
| collectFonts | boolean | false | Should collect fonts used on the website |
| inlineImages | boolean | false | Should inline <image> content |
| inlineStylesheet | boolean | true | Should inline stylesheets used in the recording |
| recordCanvas | boolean | false | Should record <canvas> elements |
| slimDOMOptions | Record<string, boolean> | {} | Remove unnecessary parts of the DOM Available keys: script, comment, headFavicon, headWhitespace, headMetaDescKeywords, headMetaSocial, headMetaRobots, headMetaHttpEquiv, headMetaAuthorship, headMetaVerification |
There are several ways to deal with PII. By default, the integration will mask all text content with * and block all media elements (img, svg, video, object, picture, embed, map, audio). This can be disabled by setting maskAllText to false. It is also possible to add the following CSS classes to specific DOM elements to prevent recording its contents: sentry-block, sentry-ignore, and sentry-mask. The following sections will show examples of how content is handled by the differing methods.
Masking replaces the text content with something else. The default masking behavior is to replace each character with a *. In this example the relevant html code is: <table class="sentry-mask">...</table>.
Blocking replaces the element with a placeholder that has the same dimensions. The recording will show an empty space where the content was. In this example the relevant html code is: <table data-sentry-block>...</table>.
Ignoring only applies to form inputs. Events will be ignored on the input element so that the replay does not show what occurs inside of the input. In the below example, notice how the results in the table below the input changes, but no text is visible in the input.
https://user-images.githubusercontent.com/79684/192815134-a6451c3f-d3cb-455f-a699-7c3fe04d0a2e.mov
FAQs
User replays for Sentry
The npm package @sentry/replay receives a total of 2,062,627 weekly downloads. As such, @sentry/replay popularity was classified as popular.
We found that @sentry/replay demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 11 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.