Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
opentelemetry-instrumentation-express
Advanced tools
enhanced open telemetry instrumentation for the `express` web framework
This module provide enhanced instrumentation for the express
web framework.
npm install --save opentelemetry-instrumentation-express
This instrumentation supports ^4.9.0
:
all versions >= 4.9.0
(released 2014) and < 5.0.0
(in alpha).
For further automatic instrumentation instruction see the @opentelemetry/instrumentation package.
const { NodeTracerProvider } = require('@opentelemetry/node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { ExpressInstrumentation } = require('opentelemetry-instrumentation-express');
const traceProvider = new NodeTracerProvider();
traceProvider.register();
registerInstrumentations({
traceProvider,
instrumentations: [
new ExpressInstrumentation()
]
});
Express instrumentation has few options available to choose from. You can set the following:
Options | Type | Description |
---|---|---|
requestHook | RequestHook (function) | Hook for adding custom attributes before express start handling the request. Receives params: span, { moduleVersion, req, res } |
includeHttpAttributes | boolean | If set to true, plugin will include semantic http attributes in each express span |
Express auto instrumentation will create a single span per request with the following attributes. Detailed specification and cases can be found here.
http.route
This is a conventional http attribute, which is collected by express instead of the http module (which is not aware of the route). It will always contain path-parameterized data with low cardinality (no ids), but might be missing parts of the path in case of early termination or middlewares that accept any path.
Example: /api/users/:id
express.route.full
This attribute will always contain the entire path. The part of the path that has been consumed by express will be shown as is (parameterized), and the leftover will be concatenated after (due to early termination or middleware that accept any path).
Example: /api/users/:id/books/758734
(The :id
part was consumed, but the bookid
part was not).
express.route.configured
This attribute is relevant when user configures multi path options for the same middleware. It reduces even further the cardinality space compared to http.route
, and supply more info about how the app routing works.
Example: /api["/foo", /"bar"]
- meaning that the same endpoint is triggered by routes /api/foo
and /api/bar
.
express.route.params
This attribute holds a json stringified map, where the keys are the url path param names, and the values are the matched params from the actual url.
Example: {"id":"1234"}
.
express.unhandled
Set to true when request was not handled by any middleware in express, and got fallback to the default app finalhandler
. This can happen if client sent request with invalid path or method (resulting in 404). This can be useful to filter out requests from internet bots which try to call common routes on servers.
express.instrumentation.errors
In case of internal error in instrumentation, this attribute will contain the error description. There are no known valid use cases which are expected to produce this attribute.
route
data, in any valid express edge case. Contrib instrumentation does a good job for common cases, but miss nuances on complex setups.requestHook
for adding custom attributes to span, as well as ability to capture express version into user defined attribute.This extension (and many others) was developed by Aspecto with ❤️
FAQs
enhanced open telemetry instrumentation for the `express` web framework
We found that opentelemetry-instrumentation-express demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.