Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@splunk/otel
Advanced tools
The Splunk distribution of OpenTelemetry Node Instrumentation provides a Node agent that automatically instruments your Node application to capture and report distributed traces to Splunk APM.
The Splunk Distribution of OpenTelemetry JS integrates with Splunk APM and automatically instruments your Node application to capture traces, collect runtime metrics, and CPU and memory profiles.
This distribution comes with the following defaults:
If you're using the SignalFx Tracing Library for Node and want to migrate to the Splunk Distribution of OpenTelemetry Node, see Migrate from the SignalFx Tracing Library for NodeJS in the official documentation.
For complete instructions on how to get started with the Splunk Distribution of OpenTelemetry JS, see Instrument a Node application for Splunk Observability Cloud in the official documentation.
The Splunk Distribution of OpenTelemetry JS automatically injects trace metadata into logs so that Node.js logging libraries can access it. You can use trace metadata to correlate traces with log events and explore logs in Observability Cloud.
For more information, see Connect Node.js trace data with logs for Splunk Observability Cloud in the official documentation.
By default, the following instrumentations are active:
@opentelemetry/instrumentation-amqplib
@opentelemetry/instrumentation-aws-sdk
@opentelemetry/instrumentation-bunyan
@opentelemetry/instrumentation-cassandra-driver
@opentelemetry/instrumentation-connect
@opentelemetry/instrumentation-dataloader
@opentelemetry/instrumentation-dns
@opentelemetry/instrumentation-express
@opentelemetry/instrumentation-fastify
@opentelemetry/instrumentation-generic-pool
@opentelemetry/instrumentation-graphql
@opentelemetry/instrumentation-grpc
@opentelemetry/instrumentation-hapi
@opentelemetry/instrumentation-http
@opentelemetry/instrumentation-ioredis
@opentelemetry/instrumentation-kafkajs
@opentelemetry/instrumentation-knex
@opentelemetry/instrumentation-koa
@opentelemetry/instrumentation-memcached
@opentelemetry/instrumentation-mongodb
@opentelemetry/instrumentation-mongoose
@opentelemetry/instrumentation-mysql
@opentelemetry/instrumentation-mysql2
@opentelemetry/instrumentation-nestjs-core
@opentelemetry/instrumentation-net
@opentelemetry/instrumentation-pg
@opentelemetry/instrumentation-pino
@opentelemetry/instrumentation-redis
@opentelemetry/instrumentation-redis-4
@opentelemetry/instrumentation-restify
@opentelemetry/instrumentation-router
@opentelemetry/instrumentation-tedious
@opentelemetry/instrumentation-winston
opentelemetry-instrumentation-elasticsearch
opentelemetry-instrumentation-sequelize
opentelemetry-instrumentation-typeorm
You can find more instrumentation packages in the OpenTelemetry Registry.
For troubleshooting issues with the Splunk Distribution of OpenTelemetry JS, see Troubleshoot Node.js instrumentation for Splunk Observability Cloud in the official documentation.
Examples and developer documentation for version 1.x is available at /tree/1.x.
The Splunk distribution of OpenTelemetry JS Instrumentation is a distribution of OpenTelemetry JS. It is licensed under the terms of the Apache Software License version 2.0. See the license file for more details.
ℹ️ SignalFx was acquired by Splunk in October 2019. See Splunk SignalFx for more information.
FAQs
The Splunk distribution of OpenTelemetry Node Instrumentation provides a Node agent that automatically instruments your Node application to capture and report distributed traces to Splunk APM.
The npm package @splunk/otel receives a total of 16,322 weekly downloads. As such, @splunk/otel popularity was classified as popular.
We found that @splunk/otel demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.