express-prometheus-middleware
Advanced tools
This is a middleware for express servers, that expose metrics for prometheus.
The metrics exposed allows to calculate common RED (Request, Error rate, Duration of requests), and USE (Utilisation, Error rate, and Saturation), metrics
yarn add express-prometheus-middleware
# or
npm i --save express-prometheus-middleware
| Name | Description | Default |
|---|---|---|
| metricsPath | Url route that will expose the metrics for scraping. | /metrics |
| metricsApp | Express app that will expose metrics endpoint | same app as the middleware |
| collectDefaultMetrics | Whether or not to collect prom-client default metrics. These metrics are usefull for collecting saturation metrics, for example. | true |
| requestDurationBuckets | Buckets for the request duration metrics (in milliseconds) histogram | Uses prom-client utility: Prometheus.exponentialBuckets(0.05, 1.75, 8) |
| extraMasks | Optional, list of regexes to be used as argument to url-value-parser, this will cause extra route params, to be replaced with a #val placeholder. | no extra masks: [] |
| authenticate | Optional authentication callback, the function should receive as argument, the req object and return truthy for sucessfull authentication, or falsy, otherwise. This option supports Promise results. | null |
| prefix | Optional prefix for the metrics name | no prefix added |
const express = require('express');
const promMid = require('express-prometheus-middleware');
const app = express();
const PORT = 9091;
app.use(promMid({
metricsPath: '/metrics',
collectDefaultMetrics: true,
requestDurationBuckets: [0.1, 0.5, 1, 1.5],
/**
* Uncomenting the `authenticate` callback will make the `metricsPath` route
* require authentication. This authentication callback can make a simple
* basic auth test, or even query a remote server to validate access.
* To access /metrics you could do:
* curl -X GET user:password@localhost:9091/metrics
*/
// authenticate: req => req.headers.authorization === 'Basic dXNlcjpwYXNzd29yZA==',
/**
* Uncommenting the `extraMasks` config will use the list of regexes to
* reformat URL path names and replace the values found with a placeholder value
*/
// extraMasks: [/..:..:..:..:..:../],
}));
// curl -X GET localhost:9091/hello?name=Chuck%20Norris
app.get('/hello', (req, res) => {
console.log('GET /hello');
const { name = 'Anon' } = req.query;
res.json({ message: `Hello, ${name}!` });
});
app.listen(PORT, () => {
console.log(`Example api is listening on http://localhost:${PORT}`);
});
http_requests_total: Counter for total requests received, has labels route, method, statushttp_request_duration_seconds: - Duration of HTTP requests in seconds, has labels route, method, statusThe labels route and status are normalized:
route: will normalize id like route paramsstatus: will normalize to status code family groups, like 2XX or 4XX.In the examples below, Suppose you tagged your application as "myapp".
sum(up{app="myapp"})
Rate of http status code 5XX responses
sum(rate(http_requests_total{status="5XX", app="myapp"}[5m]))
histogram_quantile(0.95, sum(rate(http_request_duration_seconds_bucket{app="myapp"}[5m])) by (le))
sum(rate(http_request_duration_seconds_sum{app="myapp"}[5m])) by (instance) / sum(rate(http_request_duration_seconds_count{app="myapp"}[5m])) by (instance)
sum(rate(http_requests_total{app="myapp"}[5m])) by (instance)
In this example we are removing some health/status-check routes, replace them with your needs.
sum(rate(http_requests_total{app="myapp", route!~"/|/healthz"}[5m])) by (instance, route)
rate(process_cpu_system_seconds_total{app="myapp"}[5m])
rate(process_cpu_user_seconds_total{app="myapp"}[5m])
nodejs_heap_size_total_bytes{app="myapp"}
nodejs_heap_size_used_bytes{app="myapp"}
FAQs
RED/USE metrics for express applications
The npm package express-prometheus-middleware receives a total of 23,358 weekly downloads. As such, express-prometheus-middleware popularity was classified as popular.
We found that express-prometheus-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.