Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
opentracing
Advanced tools
This library is a JavaScript implementation of Open Tracing API. It is intended for use both on the server and in the browser.
The opentracing npm package provides a standard, vendor-neutral API for distributed tracing. It allows developers to add instrumentation to their applications, which is essential for understanding the performance and behavior of complex distributed systems. The package enables the tracking of request flows across various services and systems, making it easier to diagnose and optimize performance issues.
Starting a new trace
This code demonstrates how to start a new trace with a span named 'my_span' and then finish the span. This is the basic building block of distributed tracing.
const opentracing = require('opentracing');
const tracer = opentracing.globalTracer();
const span = tracer.startSpan('my_span');
span.finish();
Injecting and extracting span context
This code snippet shows how to inject a span context into a carrier (e.g., HTTP headers) and then extract it. This is crucial for propagating trace context across process boundaries.
const opentracing = require('opentracing');
const tracer = opentracing.globalTracer();
const spanContext = span.context();
const carrier = {};
tracer.inject(spanContext, opentracing.FORMAT_HTTP_HEADERS, carrier);
const extractedContext = tracer.extract(opentracing.FORMAT_HTTP_HEADERS, carrier);
Setting tags and logs
This example illustrates how to set tags and logs on a span. Tags are key-value pairs that provide additional context, such as HTTP method, while logs record timed events within a span.
const opentracing = require('opentracing');
const span = opentracing.globalTracer().startSpan('my_span');
span.setTag(opentracing.Tags.HTTP_METHOD, 'GET');
span.log({ event: 'request_sent' });
span.finish();
Jaeger Client is an open-source, end-to-end distributed tracing system that works with the OpenTracing API. It is similar to opentracing but is specifically designed to work with the Jaeger backend. It provides more specific implementations for trace collection and reporting.
Zipkin is another distributed tracing system that captures timing data needed to troubleshoot latency problems in service architectures. It has a different API compared to opentracing but serves a similar purpose in tracing requests through distributed systems.
LightStep Tracer is a distributed tracing library that implements the OpenTracing API, similar to opentracing. It is designed to integrate with LightStep's real-time analysis platform, providing more advanced features and integrations for monitoring and diagnosing distributed systems.
This library is a JavaScript implementation of Open Tracing API. It is intended for use both on the server and in the browser.
To fully understand this platform API, it's helpful to be familiar with the OpenTracing project and terminology more specifically.
Install the package using npm
:
npm install --save opentracing
The package contains a example using a naive MockTracer
implementation. To run the example:
make example
The output should look something like:
Spans:
parent_span - 1521ms
tag 'custom':'tag value'
tag 'alpha':'1000'
child_span - 503ms
tag 'alpha':'200'
tag 'beta':'50'
In your JavaScript code, add instrumentation to the operations to be tracked. This is composed primarily of using "spans" around operations of interest and adding log statements to capture useful data relevant to those operations.
var http = require('http');
var opentracing = require('opentracing');
// NOTE: the default OpenTracing tracer does not record any tracing information.
// Replace this line with the tracer implementation of your choice.
var tracer = new opentracing.Tracer();
var span = tracer.startSpan('http_request');
var opts = {
host : 'example.com',
method: 'GET',
port : '80',
path: '/',
};
http.request(opts, function (res) {
res.setEncoding('utf8');
res.on('error', function (err) {
span.logEvent('request_error', err);
span.finish();
});
res.on('data', function (chunk) {
span.logEvent('data_received', chunk);
});
res.on('end', function(err) {
span.logEvent('request_end', err);
span.finish();
});
}).end();
As noted in the source snippet, the default behavior of the opentracing
package is to act as a "no op" implementation. To capture and make the tracing data actionable, the tracer
object should be initialized with the OpenTracing implementation of your choice as in the pseudo-code below:
var CustomTracer = require('tracing-implementation-of-your-choice');
var tracer = new CustomTracer();
The package contains two bundles built with webpack that can be included using a standard <script>
tag. The library will be exposed under the global opentracing
symbol:
dist/opentracing-browser.min.js
- minified, no runtime checksdist/opentracing-browser.js
- debug version with runtime checksThe library also provides a global singleton tracer for convenience. This can be set and accessed via the following:
opentracing.initGlobalTracer(new CustomTracer());
var tracer = opentracing.globalTracer();
Note: globalTracer()
returns a wrapper on the actual tracer object. This is done for convenience of use as it ensures that the function will always return a non-null object. This can be helpful in cases where it is difficult or impossible to know precisely when initGlobalTracer
is called (for example, when writing a utility library that does not control the initialization process). For more precise control, individual Tracer
objects can be used instead of the global tracer.
var opentracing = require('opentracing/debug');
Requiring opentracing/debug
will include a version of the library with additional runtime checks that are useful for debugging but not desirable for production use.
There is a hosted copy of the current generated ESDoc API Documentation here.
See the OpenTracing website for general information on contributing to OpenTracing.
The project is built using a Makefile
. Run:
make build
creates the compiled, distributable codemake test
runs the testsThis section is intended for developers wishing to implement their own tracers. Developers who simply wish to use OpenTracing can safely ignore this information.
Implementations can subclass opentracing.Trace
, opentracing.Span
, and the other API classes to build a OpenTracing tracer.
Due to the dynamic nature of JavaScript, implementations can simply implement classes with the same signatures as the OpenTracing classes and use these directly as well (there's no need to subclass).
Lastly, optionally implementations may choose to subclass opentracing.Trace
, etc. and implement the underscore prefixed methods such as _addTag
to pick up a bit of common code implemented in the base classes. This is entirely optional.
If mocha
is being used for unit testing, the api_compatibility.js
file can be used to test the custom tracer. The file exports a single function that expects as an argument a function that will return a new instance of the tracer.
var apiCompatibilityChecks = require('opentracing/test/api_compatibility.js');
apiCompatibilityCheck(function() {
return new CustomTracer();
});
An minimal example tracer is provided in the src/mock_tracer
directory of the source code.
FAQs
[![Build Status][ci-img]][ci] [![Coverage Status][cov-img]][cov] [![NPM Published Version][npm-img]][npm] ![Node Version][node-img] [![Join the chat at https://gitter.im/opentracing/opentracing-javascript](https://badges.gitter.im/opentracing/opentracing-
The npm package opentracing receives a total of 3,533,535 weekly downloads. As such, opentracing popularity was classified as popular.
We found that opentracing demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.