Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
stacktrace-js
Advanced tools
Readme
Generate, parse and enhance JavaScript stack traces in all browsers
Debug and profile your JavaScript with a stack trace of function calls leading to an error (or any condition you specify).
stacktrace.js uses browsers' Error.stack
mechanism to generate stack traces, parses them, enhances them with
source maps and uses
Promises
to return an Array of StackFrames.
var callback = function(stackframes) {
var stringifiedStack = stackframes.map(function(sf) {
return sf.toString();
}).join('\n');
console.log(stringifiedStack);
};
var errback = function(err) { console.log(err.message); };
StackTrace.get().then(callback).catch(errback);
//===> Promise(Array[StackFrame], Error)
//===> callback([
// StackFrame({functionName: 'func1', args: [], fileName: 'file.js', lineNumber: 203, columnNumber: 9}),
// StackFrame({functionName: 'func2', args: [], fileName: 'http://localhost:3000/file.min.js', lineNumber: 1, columnNumber: 3284})
//])
HEADS UP: This method does not resolve source maps or guess anonymous function names.
StackTrace.getSync();
//==> [
// StackFrame({functionName: 'func1', args: [], fileName: 'file.js', lineNumber: 203, columnNumber: 9}),
// StackFrame({functionName: 'func2', args: [], fileName: 'http://localhost:3000/file.min.js', lineNumber: 1, columnNumber: 3284})
//]
Automatically handle errors
window.onerror = function(msg, file, line, col, error) {
// callback is called with an Array[StackFrame]
StackTrace.fromError(error).then(callback).catch(errback);
};
var error = new Error('BOOM!');
StackTrace.fromError(error).then(callback).catch(errback);
//===> Promise(Array[StackFrame], Error)
This might capture arguments information, but isn't supported in ES5 strict-mode
StackTrace.generateArtificially().then(callback).catch(errback);
//===> Promise(Array[StackFrame], Error)
// callback is called with an Array[StackFrame] every time wrapped function is called
var myFunc = function(arg) { return 'Hello ' + arg; };
var myWrappedFunc = StackTrace.instrument(myFunc, callback, errback);
//===> Instrumented Function
myWrappedFunc('world');
//===> 'Hello world'
// Use this if you overwrote you original function
myFunc = StackTrace.deinstrument(myFunc);
//===> De-instrumented Function
npm install stacktrace-js
bower install stacktrace-js
component install stacktracejs/stacktrace.js
http://cdnjs.com/libraries/stacktrace.js
StackTrace.get(/*optional*/ options)
=> Promise(Array[StackFrame])Generate a backtrace from invocation point, then parse and enhance it.
(Optional) options: Object
filter
returns true
true
to prevent all network requestsStackTrace.getSync(/*optional*/ options)
=> Array[StackFrame]Generate a backtrace from invocation point, then parse it. This method does not use source maps or guess anonymous functions.
(Optional) options: Object
filter
returns true
StackTrace.fromError(error, /*optional*/ options)
=> Promise(Array[StackFrame])Given an Error object, use error-stack-parser to parse it and enhance location information with stacktrace-gps.
error: Error
(Optional) options: Object
filter
returns true
true
to prevent all network requestsStackTrace.generateArtificially(/*optional*/ options)
=> Promise(Array[StackFrame])Use stack-generator to generate a backtrace by walking the arguments.callee.caller
chain.
(Optional) options: Object
filter
returns true
true
to prevent all network requestsStackTrace.instrument(fn, callback, /*optional*/ errback)
=> FunctionGiven a function, wrap it such that invocations trigger a callback that is called with a stack trace.
fn: Function - to wrap, call callback on invocation and call-through
callback: Function - to call with stack trace (generated by StackTrace.get()
) when fn is called
(Optional) errback: Function - to call with Error object if there was a problem getting a stack trace.
Fails silently (though fn
is still called) if a stack trace couldn't be generated.
StackTrace.deinstrument(fn)
=> FunctionGiven a function that has been instrumented, revert the function to it's original (non-instrumented) state.
StackTrace.report(stackframes, url, message, requestOptions)
=> Promise(String)Given an an error message and Array of StackFrames, serialize and POST to given URL. Promise is resolved with response text from POST request.
Example JSON POST data:
{
message: 'BOOM',
stack: [
{functionName: 'fn', fileName: 'file.js', lineNumber: 32, columnNumber: 1},
{functionName: 'fn2', fileName: 'file.js', lineNumber: 543, columnNumber: 32},
{functionName: 'fn3', fileName: 'file.js', lineNumber: 8, columnNumber: 1}
]
}
headers: {key: val}
is supported.HEADS UP: You won't get the benefit of source maps in IE9- or other very old browsers.
I recommend the stack-trace node package specifically built for node. It has a very similar API and also supports source maps.
This project adheres to the Open Code of Conduct. By participating, you are expected to honor this code.
Want to be listed as a Contributor? Start with the Contributing Guide!
This project is made possible due to the efforts of these fine people:
FAQs
Framework-agnostic, micro-library for getting stack traces in all environments
The npm package stacktrace-js receives a total of 2,363,039 weekly downloads. As such, stacktrace-js popularity was classified as popular.
We found that stacktrace-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.