Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Node.js client for airbrakeapp.com, formerly known as hoptoadapp.com.
npm install airbrake
The common use case for this module is to catch all 'uncaughtException'
events on the process
object and send them to airbrake:
var airbrake = require('airbrake').createClient("your api key");
airbrake.handleExceptions();
throw new Error('I am an uncaught exception');
Please note that the above will re-throw the exception after it has been successfully delivered to airbrake, caushing your process to exit with status 1.
If you want more control over the delivery of your errors, you can also manually submit errors to airbrake.
var airbrake = require('airbrake').createClient("your api key");
var err = new Error('Something went terribly wrong');
airbrake.notify(err, function(err, url) {
if (err) throw err;
// Error has been delivered, url links to the error in airbrake
});
A custom error handler will need to be set for Express:
Express 3.X
var airbrake = require('airbrake').createClient("your api key");
app.use(airbrake.expressHandler())
Express 2.X
var airbrake = require('airbrake').createClient("your api key");
app.error(airbrake.expressHandler())
This screenshot shows an airbrake error send from this module:
process.env
as well as other information when sending notificationsuncaughtException
eventsnotify()
callbackThe notify()
method automatically adds the following context information to
each delivered error:
err.type
string if set, or 'Error'
)err.message
string)err.stack
as parsed by stack-trace)err.url
, see airbrake.url
);err.component
string if set);err.action
string if set);process.env
, merged all other properties of err
)err.params
object if set)err.session
object if set)airbrake.projectRoot
string if set)airbrake.env
string)airbrake.hostname
string if set)You can add additional context information by modifying the error properties listed above:
var airbrake = require('airbrake').createClient("your api key");
var http = require('http');
http.createServer(function(req, res) {
if (req.headers['X-Secret'] !== 'my secret') {
var err = new Error('403 - Permission denied');
req.writeHead(403);
req.end(err.message);
err.url = req.url;
err.params = {ip: req.socket.remoteAddress};
airbrake.notify(err);
}
});
Unfortunately uncaughtException
events cannot be traced back to particular
requests, so you should still try to handle errors where they occur.
In some scenarios you might want to filter some context to never show up in Airbrake. For example you might have a private key loaded in your environment memory, or your user has some critical data in his session, and you want to hide that.
This can be done by hooking into the 'vars'
event like so:
airbrake.on('vars', function(type, vars) {
if (type === 'cgi-data') {
delete vars.SECRET;
}
});
This client supports airbrake's deployment tracking:
var airbrake = require('airbrake').createClient("your api key");
var deployment = {
rev: '98103a8fa850d5eaf3666e419d8a0a93e535b1b2',
repo: 'git@github.com:felixge/node-airbrake.git',
};
airbrake.trackDeployment(deployment, function(err, params) {
if (err) {
throw err;
}
console.log('Tracked deployment of %s to %s', params.rev, params.env);
});
Check out the airbrake.trackDeployment()
API docs below for a list of all
options.
Returns a new Airbrake instance.
The API key to use.
The name of the server environment this is running in.
The base url for errors. If err.url
is not set, airbrake.host
is used
instead. If err.url
is a relative url starting with '/'
, it is appended
to airbrake.host
. If err.url
is an absolute url, airbrake.host
is ignored.
The root directory of this project.
The version of this app. Set to a semantic version number, or leave unset.
The protocol to use.
Do not post to Airbrake when running in these environments.
The timeout after which to give up trying to notify airbrake in ms.
Additional request options that are merged with the default set of options that are passed to request
during notify()
and trackDeployment()
.
Registers a process.on('uncaughtException')
listener. When an uncaught
exception occurs, the error is send to airbrake, and then re-thrown to
kill the process.
Sends the given err
to airbrake.
The callback parameter receives two arguments, err, url
. err
is set if
the delivery to airbrake failed.
If no cb
is given, and the delivery fails, an error
event is emitted. If
there is no listener for this event, node will kill the process as well. This
is done to avoid silent error delivery failure.
Notifies airbrake about a deployment. params
is an object with the following
options:
env:
The environment being deployed, defaults to airbrake.env
.user:
The user doing the deployment, defaults to process.env.USER
.repo:
The github url of this repository. Defaults to ''
.rev:
The revision of this deployment. Defaults to ''
.This module is meant as a replacement for hoptoad-notifier, which does not support all features of the 2.1 API.
Besides bug fixes, I'd be happy to accept patches for:
repo
and rev
from the local git repository when
calling airbrake.trackDeployment()
. This can be done via exec()
, but must
not be done when specifying repo
/ rev
by hand, or if they are set to
false
.If you have other feature ideas, please open an issue first, so we can discuss it.
airbrake is licensed under the MIT license.
FAQs
DEPRECATION: please use @airbrake/node instead (https://www.npmjs.com/package/@airbrake/node). A Node.js notifier for Airbrake, the leading exception reporting service.
We found that airbrake demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.