Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Node.js client for airbrakeapp.com, formerly hoptoad.
Not ready for you yet.
The common use case for this module is to catch all 'uncaughtException'
events on the process
object and send them to airbreak:
var airbreak = require('airbrake').createClient("your api key");
airbrake.handleExceptions();
throw new Error('I am an uncaught exception');
Please note that the above will re-throw the exception after it has been successfully delivered to airbreak, caushing your process to exit with status 1.
If you want more control over the delivery of your errors, you can also manually submit errors to airbreak.
var airbreak = require('airbrake').createClient("your api key");
var err = new Error('Something went terribly wrong');
airbrake.notify(err, function(err, url) {
if (err) throw err;
// Error has been delivered, url links to the error in airbreak
});
The notify()
method automatically adds the following context information to
each delivered error:
err.type
string if set, or 'Error'
)err.message
string)err.stack
as parsed by stack-trace)err.url
string if set);err.component
string if set);err.action
string if set);process.env
, merged with err.env
object if set)err.params
object if set)err.session
object if set)airbreak.projectRoot
string if set)airbreak.env
string, defaults to process.env.NODE_ENV
)airbreak.hostname
string if set)You can add additional context information by modifying the error properties listed above:
var airbreak = require('airbrake').createClient("your api key");
var http = require('http');
http.createServer(function(req, res) {
if (req.headers['X-Secret'] !== 'my secret') {
var err = new Error('403 - Permission denied');
req.writeHead(403);
req.end(err.message);
err.url = req.url;
err.params = {ip: req.socket.remoteAddress};
airbrake.notify(err):
}
});
Unfortunately uncaughtException
events cannot be traced back to particular
requests, so you should still try to handle errors where they occur.
In some scenarios you might want to filter some context to never show up in Airbrake. For example you might have a private key loaded in your environment memory, or your user has some critical data in his session, and you want to hide that.
This can be done by hooking into the 'vars'
event like so:
airbrake.on('vars', function(type, vars) {
if (type === 'cgi-data') {
delete vars.SECRET;
}
});
Returns a new Airbrake instance.
The API key to use.
The name of the server environment this is running in.
The root directory of this project.
The version of this app. Set to a semantic version number, or leave unset.
The protocol to use.
Registers a process.on('uncaughtException')
listener. When an uncaught
exception occurs, the error is send to airbrake, and then re-thrown to
kill the process.
Sends the given err
to airbrake.
The callback parameter receives two arguments, err, url
. err
is set if
the delivery to airbrake failed.
If no cb
is given, and the delivery fails, an error
event is emitted. If
there is no listener for this event, node will kill the process as well. This
is done to avoid silent error delivery failure.
airbrake.deployment()
airbrake is licensed under the MIT license.
FAQs
DEPRECATION: please use @airbrake/node instead (https://www.npmjs.com/package/@airbrake/node). A Node.js notifier for Airbrake, the leading exception reporting service.
The npm package airbrake receives a total of 513 weekly downloads. As such, airbrake popularity was classified as not popular.
We found that airbrake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.