Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
datadog-lambda-js
Advanced tools
The datadog-lambda-js npm package is designed to help you monitor and trace your AWS Lambda functions with Datadog. It provides tools to automatically collect and send metrics, logs, and traces from your Lambda functions to Datadog, enabling you to gain insights into the performance and behavior of your serverless applications.
Automatic Tracing
This feature allows you to automatically trace your Lambda function executions. By wrapping your handler with the `datadog` function, you can send traces to Datadog without manually instrumenting your code.
const { datadog } = require('datadog-lambda-js');
const handler = datadog(async (event, context) => {
// Your Lambda function code here
return { statusCode: 200, body: 'Hello, world!' };
});
module.exports.handler = handler;
Custom Metrics
This feature allows you to send custom metrics from your Lambda functions to Datadog. You can use the `sendDistributionMetric` function to send metrics with specific values and tags.
const { sendDistributionMetric } = require('datadog-lambda-js');
const handler = async (event, context) => {
// Your Lambda function code here
sendDistributionMetric('my_custom_metric', 42, 'tag:value');
return { statusCode: 200, body: 'Hello, world!' };
};
module.exports.handler = handler;
Log Forwarding
This feature enables you to forward logs from your Lambda functions to Datadog. By wrapping your handler with the `datadog` function, logs generated within your Lambda function will be automatically sent to Datadog.
const { datadog } = require('datadog-lambda-js');
const handler = datadog(async (event, context) => {
console.log('This is a log message');
return { statusCode: 200, body: 'Hello, world!' };
});
module.exports.handler = handler;
The aws-xray-sdk package is an AWS service that provides tracing capabilities for AWS Lambda functions. It allows you to trace requests as they travel through your entire application, including Lambda functions, and visualize the trace data in the AWS X-Ray console. While it offers tracing similar to datadog-lambda-js, it is specific to the AWS ecosystem and does not provide the same level of integration with Datadog.
The serverless-plugin-datadog package is a Serverless Framework plugin that automatically instruments your Lambda functions with Datadog. It provides similar functionality to datadog-lambda-js but is designed to work within the Serverless Framework, making it easier to integrate Datadog monitoring into your serverless applications.
Datadog Lambda Library for Node.js (16.x, 18.x, and 20.x) enables enhanced Lambda metrics, distributed tracing, and custom metric submission from AWS Lambda functions.
Follow the installation instructions, and view your function's enhanced metrics, traces and logs in Datadog.
Follow the configuration instructions to tag your telemetry, capture request/response payloads, filter or scrub sensitive information from logs or traces, and more.
For additional tracing configuration options, check out the official documentation for Datadog trace client.
Besides the environment variables supported by dd-trace-js, the datadog-lambda-js library added following environment variables.
Environment Variables | Description | Default Value |
---|---|---|
DD_ENCODE_AUTHORIZER_CONTEXT | When set to true for Lambda authorizers, the tracing context will be encoded into the response for propagation. Supported for NodeJS and Python. | true |
DD_DECODE_AUTHORIZER_CONTEXT | When set to true for Lambdas that are authorized via Lambda authorizers, it will parse and use the encoded tracing context (if found). Supported for NodeJS and Python. | true |
DD_COLD_START_TRACING | Set to false to disable Cold Start Tracing. Used in NodeJS and Python. | true |
DD_MIN_COLD_START_DURATION | Sets the minimum duration (in milliseconds) for a module load event to be traced via Cold Start Tracing. Number. | 3 |
DD_COLD_START_TRACE_SKIP_LIB | optionally skip creating Cold Start Spans for a comma-separated list of libraries. Useful to limit depth or skip known libraries. | ./opentracing/tracer |
DD_CAPTURE_LAMBDA_PAYLOAD | [Captures incoming and outgoing AWS Lambda payloads][1] in the Datadog APM spans for Lambda invocations. | false |
DD_CAPTURE_LAMBDA_PAYLOAD_MAX_DEPTH | Determines the level of detail captured from AWS Lambda payloads, which are then assigned as tags for the aws.lambda span. It specifies the nesting depth of the JSON payload structure to process. Once the specified maximum depth is reached, the tag's value is set to the stringified value of any nested elements beyond this level. For example, given the input payload: {If the depth is set to 2 , the resulting tag's key is set to function.request.lv1.lv2 and the value is {\"lv3\": \"val\"} . If the depth is set to 0 , the resulting tag's key is set to function.request and value is {\"lv1\":{\"lv2\":{\"lv3\": \"val\"}}} | 10 |
Datadog's Continuous Profiler is now available in beta for NodeJS in version 6.87.0 and layer version 87 and above. This optional feature is enabled by setting the DD_PROFILING_ENABLED
environment variable to true
. During the beta period, profiling is available at no additional cost.
The 5.x.x release introduces version 2 of the Datadog tracer, dd-trace-js. This includes a few breaking changes, and the migration guide found here.
The first 5.x.x version was released with Lambda Layer version 69
.
The 6.x.x release introduces support for the node 16 runtime and esm modules.
The 7.x.x release drops support for Node12, and upgrades dd-trace-js to version 3.x
The 9.x.x release changed how Lambda's traceID is hashed if the incoming payload contains Step Functions context object. This change only affects those who uses inject Step Functions context object into Lambda payload.
There is a full migration guide available here. Some changes are more likely to impact Serverless users:
HTTP Operation Name Changed
. HTTP requests will no longer appear as a separate client under *-http-client
, which polluted the APM service catalog.tracer.currentSpan()
has been deprecated for a long time, and is now removed.tracer.bindEmitter()
is similarly removed after being deprecated.If you encounter a bug with this package, we want to hear about it. Before opening a new issue, search the existing issues to avoid duplicates.
When opening an issue, include the Datadog Lambda Layer version, Node version, and stack trace if available. In addition, include the steps to reproduce when appropriate.
You can also open an issue for a feature request.
If you find an issue with this package and have a fix, please feel free to open a pull request following the procedures.
For product feedback and questions, join the #serverless
channel in the Datadog community on Slack.
Unless explicitly stated otherwise all files in this repository are licensed under the Apache License Version 2.0.
This product includes software developed at Datadog (https://www.datadoghq.com/). Copyright 2019 Datadog, Inc.
FAQs
Lambda client library that supports hybrid tracing in node js
The npm package datadog-lambda-js receives a total of 758,129 weekly downloads. As such, datadog-lambda-js popularity was classified as popular.
We found that datadog-lambda-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.