Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
opentelemetry-instrumentation-express
Advanced tools
enhanced open telemetry instrumentation for the `express` web framework
This module provide enhanced instrumentation for the express
web framework.
npm install --save opentelemetry-instrumentation-express
This instrumentation supports ^4.9.0
:
all versions >= 4.9.0
(released 2014) and < 5.0.0
(in alpha).
For further automatic instrumentation instruction see the @opentelemetry/instrumentation package.
const { NodeTracerProvider } = require('@opentelemetry/sdk-trace-node');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { ExpressInstrumentation } = require('opentelemetry-instrumentation-express');
const tracerProvider = new NodeTracerProvider();
tracerProvider.register();
registerInstrumentations({
tracerProvider,
instrumentations: [
new ExpressInstrumentation()
]
});
Express instrumentation has few options available to choose from. You can set the following:
Options | Type | Description |
---|---|---|
requestHook | RequestHook (function) | Hook for adding custom attributes before express start handling the request. Receives params: span, { moduleVersion, req, res } |
includeHttpAttributes | boolean | If set to true, plugin will include semantic http attributes in each express span |
Express auto instrumentation will create a single span per request with the following attributes. Detailed specification and cases can be found here.
http.route
This is a conventional http attribute, which is collected by express instead of the http module (which is not aware of the route). It will always contain path-parameterized data with low cardinality (no ids), but might be missing parts of the path in case of early termination or middlewares that accept any path.
Example: /api/users/:id
express.route.full
This attribute will always contain the entire path. The part of the path that has been consumed by express will be shown as is (parameterized), and the leftover will be concatenated after (due to early termination or middleware that accept any path).
Example: /api/users/:id/books/758734
(The :id
part was consumed, but the bookid
part was not).
express.route.configured
This attribute is relevant when user configures multi path options for the same middleware. It reduces even further the cardinality space compared to http.route
, and supply more info about how the app routing works.
Example: /api["/foo", /"bar"]
- meaning that the same endpoint is triggered by routes /api/foo
and /api/bar
.
express.route.params
This attribute holds a json stringified map, where the keys are the url path param names, and the values are the matched params from the actual url.
Example: {"id":"1234"}
.
express.unhandled
Set to true when request was not handled by any middleware in express, and got fallback to the default app finalhandler
. This can happen if client sent request with invalid path or method (resulting in 404). This can be useful to filter out requests from internet bots which try to call common routes on servers.
express.instrumentation.errors
In case of internal error in instrumentation, this attribute will contain the error description. There are no known valid use cases which are expected to produce this attribute.
route
data, in any valid express edge case. Contrib instrumentation does a good job for common cases, but miss nuances on complex setups.requestHook
for adding custom attributes to span, as well as ability to capture express version into user defined attribute.This extension (and many others) was developed by Aspecto with ❤️
FAQs
enhanced open telemetry instrumentation for the `express` web framework
The npm package opentelemetry-instrumentation-express receives a total of 23,361 weekly downloads. As such, opentelemetry-instrumentation-express popularity was classified as popular.
We found that opentelemetry-instrumentation-express demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.