Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Next generation observability. For Node compatible IUDEX, use iudex-node.
Instrumenting your code with IUDEX just takes a few steps.
npm install iudex-web
IUDEX_API_KEY
. You can manually add this to instrument
as well if you use something like a secrets manager.Search
to view your logs.We will follow the first half of NextJS's OpenTelemetry Guide then make a few changes to introduce IUDEX features and pipe the telemetry to the IUDEX backend which then can be viewed at https://app.iudex.ai/traces.
experimental.instrumentationHook = true
; in your next.config.js
npm install @vercel/otel iudex-web
instrumentation.ts
in your project source root (or src
if you're using one).instrumentation.ts
import { registerOTel } from '@vercel/otel';
import { registerOTelOptions } from 'iudex-web';
export function register() {
const options = registerOTelOptions({
serviceName: 'YOUR_SERVICE_NAME', // highly encouraged
publicWriteOnlyIudexApiKey: 'YOUR_PUBLIC_WRITE_ONLY_KEY', // only ever commit your WRITE ONLY key
});
registerOTel(options);
}
index.ts
).import { instrument } from 'iudex-web';
instrument({
serviceName: 'YOUR_SERVICE_NAME', // highly encouraged
publicWriteOnlyIudexApiKey: 'YOUR_PUBLIC_WRITE_ONLY_KEY', // only ever commit your WRITE ONLY key
});
console.log('Hello Iudex!'); // Test logging
Some functions are automatically tracked:
✅ console ✅ document.onload ✅ fetch ✅ addEventListener ✅ xmlHttpRequest
Add this code to the top your entrypoint file (likely index.ts
).
import { instrument } from 'iudex-web';
instrument({
serviceName: 'YOUR_SERVICE_NAME', // highly encouraged
publicWriteOnlyIudexApiKey: 'YOUR_PUBLIC_WRITE_ONLY_KEY', // only ever commit your WRITE ONLY key
});
You should be all set! IUDEX will now record logs and trace the entire life cycle for each request.
Go to https://app.iudex.ai/ to start viewing your logs and traces!
For libraries that are not autoinstrumented or if your project uses 'type': 'module'
, follow the instructions from the table of contents for that specific library.
Cloudflare workers operate differently than the browser environment due to how the environment is loaded and what global objects are available. Wrap your export handler object with trace
to trace all ExportHandler functions.
import { instrument, iudexCloudflare } from 'iudex-web';
instrument({
serviceName: 'YOUR_SERVICE_NAME', // highly encouraged
publicWriteOnlyIudexApiKey: 'YOUR_PUBLIC_WRITE_ONLY_KEY', // only ever commit your WRITE ONLY key
});
const { trace, withTracing } = iudexCloudflare;
import { ExportedHandler } from '@cloudflare/workers-types';
export default trace({
fetch: async (request, env, ctx) => {
// Your fetch handler goes here
},
} satisfies ExportedHandler, { name: <your_service_name> });
If you only want to trace specific ExportHandler functions, you can wrap the specific functions with withTracing
.
import { instrument, iudexCloudflare } from 'iudex-web';
instrument({
serviceName: 'YOUR_SERVICE_NAME', // highly encouraged
publicWriteOnlyIudexApiKey: 'YOUR_PUBLIC_WRITE_ONLY_KEY', // only ever commit your WRITE ONLY key
});
const { trace, withTracing } = iudexCloudflare;
import { ExportedHandler, ExportedHandlerFetchHandler } from '@cloudflare/workers-types';
export default {
fetch: withTracing(async (request, env, ctx) => {
// Your fetch handler goes here
}, { name: <your_service_name> }) satisfies ExportedHandlerFetchHandler,
} satisfies ExportedHandler;
Add this code snippet to the top your entry point file (likely index.ts
). Skip this step if you already call instrument
on your server.
import { instrument, iudexFastify } from 'iudex-web';
instrument({
serviceName: 'YOUR_SERVICE_NAME', // highly encouraged
publicWriteOnlyIudexApiKey: 'YOUR_PUBLIC_WRITE_ONLY_KEY', // only ever commit your WRITE ONLY key
});
Objects with the key ctx
will have values in ctx
added as attributes to the log. Example:
console.log('hello', { ctx: { userId: '123' } })
will create a log line with the userId
attribute set to 123
.
Use emitOtelLog
to send logs to iudex
. You have have called instrument
somewhere before emitOtelLog
.
import { emitOtelLog } from 'iudex-web';
/**
* Custom logger example
*/
function createLogger(level: keyof typeof console) {
return function logger(body: string, attributes: Record<string, any>) {
console[level](body, attributes);
emitOtelLog({ level, body, attributes })
};
}
Its recommended that you trace functions that are not called extremely frequently and that tends to be an 'entry point' for complex functionality. Examples of this are API routes, service controllers, and database clients. You can trace your function by wrapping it with withTracing
.
import { withTracing } from 'iudex-web';
const myFunction = withTracing(async () => {
console.log('I am traced');
}, { name: 'myFunction', trackArgs: true });
await myFunction();
// console: I am traced
Anytime myFunction
is called, it will create a span layer in a trace. trackArgs
will also track the arguments for the function. Tracked arguments will be truncated at 5000 characters. If you want to track specific parameters, it is recommended that you log them at the beginning of the function.
You can easily configure Slack alerts on a per-log basis with custom filters an logic by adding it in code.
Visit https://app.iudex.ai/logs and click on the Add to Slack
button in the top right.
Once installed to your workspace, tag your logs with the iudex.slack_channel_id
attribute.
// Example using logger
logger.info({ 'iudex.slack_channel_id': 'YOUR_SLACK_CHANNEL_ID' }, 'Hello from Slack!');
// Example using console, you must set { ctx }
console.log('Hello from Slack!', { ctx: { 'iudex.slack_channel_id': 'YOUR_SLACK_CHANNEL_ID' } });
Your channel ID can be found by clicking the name of the channel in the top left, then at the bottom of the dialog that pops up.
As long as the channel is public or you've invited the IUDEX app, logs will be sent as messages to their tagged channel any time they are logged.
The iudex
package contains the function instrument
which automatically attaches to libraries you use
and starts sending trace data to iudex
. Separately, logs sent via console are also sent. If you use another
logger library, find its instrumentation instructions or manually call emitOtelLog
to send a log.
instrument
is a function that automatically attaches to libraries you use and starts sending trace data to iudex
.
baseUrl?: string
api.iudex.ai
.iudexApiKey?: string
process.env.IUDEX_API_KEY
.publicWriteOnlyIudexApiKey?: string
process.env.PUBLIC_WRITE_ONLY_IUDEX_API_KEY
.serviceName?: string
instanceId?: string
gitCommit?: string
githubUrl?: string
env?: string
process.env.NODE_ENV
headers?: Record<string, string>
baseUrl
.settings?: Record<string, boolean>
false
.
emitOtelLog
is a function that sends a log to iudex
.
level: string
INFO
, WARN
, ERROR
, FATAL
, DEBUG
) of the log.body: any
severityNumber?: number
level
overwrites this.attributes?: Record<string, any>
trackAttribute
adds an attribute to the current active span.
key: string
value: any
withTracing
instruments a function by wrapping with a trace context. Wrapped functions can be called elsewhere and will always be traced.
import { withTracing } from 'iudex-web';
const myFunction = withTracing(async () => {
console.log('I am traced');
}, { name: 'myFunction' });
await myFunction();
// console: I am traced
fn: Function
opts
name?: string
trackArgs?: boolean
attributes.arg
or attributes.args
if there are multiple arguments.attributes?: Record<string, any>
setSpan?: (span: Span, ret: ReturnType<Function>) => void
useTracing
instruments and runs a function with trace context. The arguments are the same as withTracing
import { useTracing } from 'iudex-web';
await useTracing(async () => {
console.log('I am traced');
}, { name: 'myFunction' });
// console: I am traced
FAQs
Iudex web client
The npm package iudex-web receives a total of 10 weekly downloads. As such, iudex-web popularity was classified as not popular.
We found that iudex-web demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.