Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
restify-prom-bundle
Advanced tools
const promBundle = require('restify-prom-bundle');
const restify = require('restify');
const server = restify.createServer({ /* options */ });
server.pre(promBundle.preMiddleware(server, { /* options */ }));
server.get('/api', (req, res) => {
// Custom metrics can be added by using the client.
const counter = new promBundle.client.Gauge(
'my_custom_counter',
'My custom counter'
);
counter.inc();
res.end('OK');
});
server.listen(8000);
// The /metrics route is now available with metrics.
Since prom-client is a singleton, it can be accessed from everywhere by just require'ing / import the module, aggregated metrics will be exposed on the route.
Restify.Handler
Creates the restify pre-middleware to
Options :
Name | Type | Default | Description |
---|---|---|---|
route | string | '/metrics' | Exposed route (as GET) for metrics. If false no route will be exposed. |
defaults | string[] | All metrics | Name of default metrics (see table below) to add for each routes. |
exclude | string string[] RegExp Function | undefined | URI(s), uri that match regular expression or uri that passed to function returns true that will be excluded from default metrics. |
promDefaultDelay | number | 10000 | How often (ms) should prom-client fire default probes |
maxPathsToCount | number | 100 | How many paths at max should we measure calls on (restify_path_count), use 0 for unlimited (See below. |
Default metrics :
Name | Metric Name | Type | Description |
---|---|---|---|
status | restify_status_codes | Counter | Number of response for each HTTP status code with status_code as label. |
pathDuration | restify_path_duration | Histogram | Duration (seconds) by percentiles taken by each restify-defined path to generate the response with the path , status_code and the method as labels. |
pathCount | restify_path_count | Counter | Number of calls to each path with the path , status_code and the method as labels. |
duration
metrics precision will depends on the pre-middleware registering order, the sooner you register (first server.pre()
call), the better it will be.
prom-client
: clientSingleton instance of prom-client to set custom metrics.
If a huge number of different non-routed requests (404) are sent to the server, the process will have to keep a restify_path_count
label for each one and the process memory will increase undefinitively.
In addition, the prometheus (and grafana) service that uses this probes will be flooded.
To prevent this situation, number of measured paths are limited to maxPathsToCount
.
This does not affect restify_path_duration
as it only measures the restify-defined paths, nor restify_status_codes
as it's limited to HTTP status codes.
Once maxPathsToMeasure
paths are measured, every new paths will be ignored for restify_path_duration
and restify_path_count
.
A sample grafana dashboard can be found here .
FAQs
Restify prometheus middleware to expose HTTP metrics
The npm package restify-prom-bundle receives a total of 1 weekly downloads. As such, restify-prom-bundle popularity was classified as not popular.
We found that restify-prom-bundle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.