Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Automatic and enhanced Google Analytics tracking for common user interactions on the web
The default JavaScript tracking snippet for Google Analytics runs when a web page is first loaded and sends a pageview hit to Google Analytics. If you want to know about more than just pageviews (e.g. events, social interactions), you have to write code to capture that information yourself.
Since most website owners care about a lot of the same types of user interactions, web developers end up writing the same code over and over again for every new site they build.
Autotrack was created to solve this problem. It provides default tracking for the interactions most people care about, and it provides several convenience features (e.g. declarative event tracking) to make it easier than ever to understand how people are using your site.
The autotrack.js
library is small (6K gzipped), and includes the following plugins. By default all plugins are bundled together, but they can be included and configured separately as well. This table includes a brief description of each plugin; you can click on the plugin name to see the full documentation and usage instructions:
Plugin | Description |
---|---|
cleanUrlTracker | Ensures consistency in the URL paths that get reported to Google Analytics; avoiding the problem where separate rows in your pages reports actually point to the same page. |
eventTracker | Enables declarative event tracking, via HTML attributes in the markup. |
impressionTracker | Allows you to track when elements are visible within the viewport. |
mediaQueryTracker | Enables tracking media query matching and media query changes. |
outboundFormTracker | Automatically tracks form submits to external domains. |
outboundLinkTracker | Automatically tracks link clicks to external domains. |
pageVisibilityTracker | Tracks page visibility state changes, which enables much more accurate session, session duration, and pageview metrics. |
socialWidgetTracker | Automatically tracks user interactions with the official Facebook and Twitter widgets. |
urlChangeTracker | Automatically tracks URL changes for single page applications. |
Disclaimer: autotrack is maintained by members of the Google Analytics developer platform team and is primarily intended for a developer audience. It is not an official Google Analytics product and does not qualify for Google Analytics 360 support. Developers who choose to use this library are responsible for ensuring that their implementation meets the requirements of the Google Analytics Terms of Service and the legal obligations of their respective country.
To add autotrack to your site, you have to do two things:
autotrack.js
script file on your page.If your site already includes the default JavaScript tracking snippet, you can modify it too look something like this:
<script>
window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)};ga.l=+new Date;
ga('create', 'UA-XXXXX-Y', 'auto');
// Replace the following lines with the plugins you want to use.
ga('require', 'eventTracker');
ga('require', 'outboundLinkTracker');
ga('require', 'urlChangeTracker');
// ...
ga('send', 'pageview');
</script>
<script async src='https://www.google-analytics.com/analytics.js'></script>
<script async src='path/to/autotrack.js'></script>
Of course, you'll have to make the following modifications to customize autotrack to your needs:
UA-XXXXX-Y
with your tracking IDrequire
statements with the plugins you want to use.path/to/autotrack.js
with the actual location of the autotrack.js
file hosted on your server.Note: the analytics.js plugin system is designed to support asynchronously loaded scripts, so it doesn't matter if autotrack.js
is loaded before or after analytics.js
. It also doesn't matter if the autotrack.js
library is loaded individually or bundled with the rest of your JavaScript code.
If you use npm and a module loader like Browserify, Webpack, or SystemJS, you can include autotrack in your build by requiring it as you would any other npm module:
npm install autotrack
// In your JavaScript code
require('autotrack');
The above code will include all autotrack plugins in your generated source file. If you only want to include a specific set of plugins, you can require them individually:
// In your JavaScript code
require('autotrack/lib/plugins/clean-url-tracker');
require('autotrack/lib/plugins/outbound-link-tracker');
require('autotrack/lib/plugins/url-change-tracker');
// ...
The above examples show how to include the plugin source code in your final, generated JavaScript file, which accomplishes the first step of the two-step installation process.
You still have to update your tracking snippet and require the plugins you want to use:
// In the analytics.js tracking snippet
ga('create', 'UA-XXXXX-Y', 'auto');
// Replace the following lines with the plugins you want to use.
ga('require', 'cleanUrlTracker');
ga('require', 'outboundLinkTracker');
ga('require', 'urlChangeTracker');
// ...
ga('send', 'pageview');
Note: be careful not to confuse the node module require
statement with the analytics.js
require
command. When loading autotrack with an npm module loader, both requires must be used.
All autotrack plugins accept a configuration object as the third parameter to the require
command.
Some of the plugins (e.g. outboundLinkTracker
, socialWidgetTracker
, urlChangeTracker
) have a default behavior that works for most people without specifying any configuration options. Other plugins (e.g. cleanUrlTracker
, impressionTracker
, mediaQueryTracker
) require certain configuration options to be set in order to work.
See the individual plugin documentation to reference what options each plugin accepts (and what the default value is, if any).
The autotrack library is built modularly and each plugin includes its own dependencies, so you can create a custom build of the library using a script bundler such as Browserify.
The following example shows how to create a build that only includes the eventTracker
and outboundLinkTracker
plugins:
browserify lib/plugins/event-tracker lib/plugins/outbound-link-tracker
When making a custom build, be sure to update the tracking snippet to only require plugins included in your build. Requiring a plugin that's not included in the build will create an unmet dependency, which will prevent subsequent commands from running.
If you're already using a module loader like Browserify, Webpack, or SystemJS to build your JavaScript, you can skip the above step and just require the plugins as described in the loading autotrack via npm section.
All autotrack plugins support multiple trackers and work by specifying the tracker name in the require
command. The following example creates two trackers and requires various autotrack plugins on each.
// Creates two trackers, one named `tracker1` and one named `tracker2`.
ga('create', 'UA-XXXXX-Y', 'auto', 'tracker1');
ga('create', 'UA-XXXXX-Z', 'auto', 'tracker2');
// Requires plugins on tracker1.
ga('tracker1.require', 'eventTracker');
ga('tracker1.require', 'socialWidgetTracker');
// Requires plugins on tracker2.
ga('tracker2.require', 'eventTracker');
ga('tracker2.require', 'outboundLinkTracker');
ga('tracker2.require', 'pageVisibilityTracker');
// Sends the initial pageview for each tracker.
ga('tracker1.send', 'pageview');
ga('tracker2.send', 'pageview');
Autotrack will safely run in any browser without errors, as feature detection is always used with any potentially unsupported code. However, autotrack will only track features supported in the browser running it. For example, a user running Internet Explorer 8 will not be able to track media query usage, as media queries themselves aren't supported in Internet Explorer 8.
All autotrack plugins are tested via Sauce Labs in the following browsers:
✔ |
✔ |
6+ |
✔ |
9+ |
✔ |
The following translations have been graciously provided by the community. Please note that these translations are unofficial and may be inaccurate or out of date:
If you discover issues with a particular translation, please file them with the appropriate repository. To submit your own translation, follow these steps:
1.0.1 (2016-08-10)
FAQs
Automatic and enhanced Google Analytics tracking for common user interactions on the web
The npm package autotrack receives a total of 8,828 weekly downloads. As such, autotrack popularity was classified as popular.
We found that autotrack demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.