Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
lightstep-tracer
Advanced tools
[![npm version](https://badge.fury.io/js/lightstep-tracer.svg)](https://badge.fury.io/js/lightstep-tracer) [![Circle CI](https://circleci.com/gh/lightstep/lightstep-tracer-javascript.svg?style=shield)](https://circleci.com/gh/lightstep/lightstep-tracer-ja
LightStep distributed tracing library for Node.js and the browser.
npm install --save lightstep-tracer opentracing
All modern browsers and Node versions >= 0.12 are supported.
To use LightStep as the OpenTracing binding, initialize the global Tracer
with the LightStep implementation:
var opentracing = require('opentracing');
var lightstep = require('lightstep-tracer');
opentracing.initGlobalTracer(new lightstep.Tracer({
access_token : '{your_access_token}',
component_name : '{your_service_or_app_name}',
}));
The LightStep JavaScript Tracing Cookbook is a good next stop for information on how to quickly instrument your system. If you want to try something out quickly in your browser code, see the browser quick start example.
The browser version of the code can be explicitly included using the following, which can be helpful in some browserify
(or similar) setups:
var lightstep = require('lightstep-tracer/browser');
The OpenTracing standard JavaScript API is documented here. The following describes LightStep-specific options and methods.
Required options
access_token
string
required - the project access tokencomponent_name
string
required - the string identifier for the application, service, or processStandard options
verbosity
number
optional, default=1 - controls the level of logging to the console
0
- the client library will never log to the console1
- error reporting will be throttled to the first error per minute2
- all errors are logged to the console3
- all errors, warnings, and info statements are logged to the console4
- all log statements, including debugging detailscollector_host
string
optional - custom collector hostnamecollector_port
number
optional - custom collector portcollector_encryption
string
optional, default='tls'
tls
- use HTTPS encrypted connectionsnone
- use HTTP plain-text connectionsBrowser-specific initialization options
xhr_instrumentation
bool
- if false, disables automatic instrumentation of XMLHttpRequests (XHRs). This must be set at initialization; changes after initialization will have no effect. Defaults to false.
xhr_url_inclusion_patterns
RegExp[]
- an array of regular expressions used to whitelist URLs for XMLHttpRequest
auto-instrumentation. The default value is wildcard matching all strings. For a given URL to be instrumented, it must match at least one regular expression in xhr_url_inclusion_patterns
and not match any regular expressions in xhr_url_exclusion_patterns
.
xhr_url_exclusion_patterns
RegExp[]
- an array of regular expressions used to exclude URLs from XMLHttpRequest
auto-instrumentation. The default value is an empty array. For a given URL to be instrumented, it must match at least one regular expression in xhr_url_inclusion_patterns
and not match any regular expressions in xhr_url_exclusion_patterns
.
Non-standard options
NOTE: Future API compatibility on non-standard options is not guaranteed.
disable_reporting_loop
bool
optional, default=false - if true, the timer that automatically sends reports to the collector will be disabled. This option is independent of disable_report_on_exit
.disable_report_on_exit
bool
optional, default=false - if true, the final report that is automatically sent at process exit in Node or page unload in the browser will not be sent.report_timeout_millis
number
optional, default=30000 - the default timeout value, in milliseconds, for reports to the LightStep collectorgzip_json_requests
bool
optional, default=true - if true, the reports will be gzipped before sent to the collector.default_span_tags
string
optional - an associative array of tags to add to every span started by the tracer (e.g., the active user id in a browser client)delay_initial_report_millis
int
optional, default=1000 - maximum additional delay of the initial report in addition to the normal reporting interval. A value between zero and this maximum will be selected as the actual delay. This can be useful when concurrently launching a large number of new processes and there is a desire to distribute the initial reports over a window of time.error_throttle_millis
int
optional, default=60000 - when verbosity
is set to 1
, this the minimum time between logged errors.Returns an absolute URL to the LightStep application for the trace containing this span. It is safe to call this method after finish()
.
...
span.finish();
var url = span.generateTraceURL())
console.log('View the trace for this span at:', url);
Copyright (c) 2016, LightStep
FAQs
> ❗ **This instrumentation is no longer recommended**. Please review [documentation on setting up and configuring the OpenTelemetry Node.js Launcher](https://github.com/lightstep/otel-launcher-node) or [OpenTelemetry JS (Browser)](https://github.com/open-
The npm package lightstep-tracer receives a total of 38,921 weekly downloads. As such, lightstep-tracer popularity was classified as popular.
We found that lightstep-tracer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.