Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
restify-prom-bundle
Advanced tools
const promBundle = require('restify-prom-bundle');
const restify = require('restify');
const server = restify.createServer({ /* options */ });
server.pre(promBundle.preMiddleware(server, { /* options */ }));
server.get('/api', (req, res) => {
// Custom metrics can be added by using the client.
const counter = new promBundle.client.Gauge(
'my_custom_counter',
'My custom counter'
);
counter.inc();
res.end('OK');
});
server.listen(8000);
// The /metrics route is now available with metrics.
Since prom-client is a singleton, it can be accessed from everywhere by just require'ing / import the module, aggregated metrics will be exposed on the route.
Restify.Handler
Creates the restify pre-middleware to
Options :
Name | Type | Default | Description |
---|---|---|---|
route | string | '/metrics' | Exposed route (as GET) for metrics. If false no route will be exposed. |
defaults | string[] | All metrics | Name of default metrics (see table below) to add for each routes. |
exclude | string string[] RegExp Function | undefined | URI(s), uri that match regular expression or uri that passed to function returns true that will be excluded from default metrics. |
promBlacklist | string[] | undefined | process /node default metrics to blacklist |
promDefaultDelay | number | 10000 | How often (ms) should prom-client fire default probes |
maxPathsToCount | number | 100 | How many paths at max should we measure calls on (restify_path_count), use 0 for unlimited (See below. |
Default metrics :
Name | Metric Name | Type | Description |
---|---|---|---|
status | restify_status_codes | Counter | Number of response for each HTTP status code with status_code as label. |
pathDuration | restify_path_duration | Histogram | Duration (seconds) by percentiles taken by each restify-defined path to generate the response with the path , status_code and the method as labels. |
pathCount | restify_path_count | Counter | Number of calls to each path with the path , status_code and the method as labels. |
duration
metrics precision will depends on the pre-middleware registering order, the sooner you register (first server.pre()
call), the better it will be.
prom-client
: clientSingleton instance of prom-client to set custom metrics.
If a huge number of different non-routed requests (404) are sent to the server, the process will have to keep a restify_path_count
label for each one and the process memory will increase undefinitively.
In addition, the prometheus (and grafana) service that uses this probes will be flooded.
To prevent this situation, number of measured paths are limited to maxPathsToCount
.
This does not affect restify_path_duration
as it only measures the restify-defined paths, nor restify_status_codes
as it's limited to HTTP status codes.
Once maxPathsToMeasure
paths are measured, every new paths will be ignored for restify_path_duration
and restify_path_count
.
A sample grafana dashboard can be found here .
FAQs
Restify prometheus middleware to expose HTTP metrics
We found that restify-prom-bundle demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.