Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
seek-datadog-custom-metrics
Advanced tools
Helpers for sending Datadog custom metrics via hot-shots.
yarn add seek-datadog-custom-metrics
All custom metrics are prefixed by AppConfig.name
.
Two global tags are also added to every custom metric:
AppConfig.environment
becomes env:${value}
AppConfig.version
becomes version:${value}
These tags are consistent with tags sent by Gantry via Datadog's AWS integration.
createStatsDClient
createStatsDClient
creates a hot-shots client configured with our tagging convention.
This is intended for containerized services, particularly those deployed with Gantry.
import { StatsD } from 'hot-shots';
import { createStatsDClient } from 'seek-datadog-custom-metrics';
// Expects `name`, `version`, `environment` and `metricsServer` properties
import config from '../config';
// This example assumes Bunyan/pino
import { rootLogger } from '../logger';
const errorHandler = (err: Error) => {
rootLogger.error('StatsD error', err);
};
// Returns a standard hot-shots StatsD instance
const metricsClient = createStatsDClient(StatsD, config, errorHandler);
createLambdaExtensionClient
createLambdaExtensionClient
creates a Lambda extension client.
This is intended for AWS Lambda functions and is a replacement for createCloudWatchClient
.
This client will only submit metrics as a distribution which enables globally accurate aggregations for percentiles (p50, p75, p90, etc).
import { createLambdaExtensionClient } from 'seek-datadog-custom-metrics';
// Expects `name` and `metrics` properties
import config from '../config';
// Returns a standard hot-shots StatsD instance
const { metricsClient, withLambdaExtension } =
createLambdaExtensionClient(config);
export const handler = withLambdaExtension((event, _ctx) => {
try {
logger.info('request');
await lambdaFunction(event);
} catch (err) {
logger.error({ err }, 'request');
metricsClient.increment('invocation_error');
throw new Error('invoke error');
}
});
createNoOpClient
createNoOpClient
returns a no-op client.
This is intended for use where a MetricsClient interface is expected but you do not wish to provide one, e.g in tests.
import { createNoOpClient } from 'seek-datadog-custom-metrics';
// Returns a `MetricsClient` subset of the full StatsD interface
const metricsClient = createNoOpClient();
createTimedSpan
createTimedSpan
wraps an asynchronous closure and records custom Datadog metrics about its performance.
This is intended as a lightweight alternative to APM where nested spans aren't required.
import { createTimedSpan } from 'seek-datadog-custom-metrics';
// Takes a StatsD instance or `MetricsClient`
const timedSpan = createTimedSpan(metricsClient);
const loadPrivateKey = async (): Promise<PrivateKey> =>
await timedSpan(
// Prefix for the custom metrics
'secrets.load_private_key',
// Closure to be timed
() => client.getSecretValue({ SecretId }).promise(),
);
httpTracingConfig
The dd-trace package can instrument your application and trace its outbound HTTP requests.
However, its emitted trace.http.request
metric only captures the HTTP method against the resource.name
tag,
which is not useful if your application makes HTTP requests to multiple resources and you want to inspect latency by resource.
This configuration object adds a hook to replace the resource.name
with a HTTP method and semi-normalised URL.
For example, if your application makes the following HTTP request:
PUT https://www.example.com/path/to/123?idempotencyKey=c1083fb6-519c-42bf-8619-08dfd6229954
The trace.http.request
metric will see the following tag change:
- resource_name:put
+ resource_name:put_https://www.example.com/path/to/number?idempotencyKey=uuid
Apply the configuration object where you bootstrap your application with the Datadog tracer:
import { httpTracingConfig } from 'seek-datadog-custom-metrics';
// DataDog/dd-trace-js#1118
datadogTracer?.use('http', httpTracingConfig);
This configuration may be superseded in future if the underlying dd-trace implementation is corrected.
FAQs
Helpers for sending Datadog custom metrics
The npm package seek-datadog-custom-metrics receives a total of 2,374 weekly downloads. As such, seek-datadog-custom-metrics popularity was classified as popular.
We found that seek-datadog-custom-metrics demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.