Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
swagger-stats
Advanced tools
API Telemetry and APM. Trace API calls and Monitor API performance, health and usage statistics in Node.js Microservices, based on express routes and Swagger (Open API) specification
swagger-stats traces REST API requests and responses in Node.js Microservices, and collects statistics per API Operation. swagger-stats detects API operations based on express routes. You may also provide Swagger (Open API) specification, and swagger-stats will match API requests with API Operations defined in swagger specification.
swagger-stats exposes statistics and metrics per API Operation, such as GET /myapi/:parameter
, or GET /pet/{petId}
swagger-stats provides built-in Telemetry UX, so you may enable swagger-stats in your app, and start monitoring immediately, with no infrastructure requirements. Navigate to
http://<your app host:port>/swagger-stats/
swagger-stats stores details about each request/response in Elasticsearch, so you may use Kibana to perform detailed analysis of API usage over time, build visualizations and dashboards
See dashboards/elastic6
for swagger-stats Kibana visualizations and dashboards
swagger-stats exposes metrics in Prometheus format, so you may use Prometheus and Grafana to setup API monitoring and alerting
See dashboards/prometheus
for swagger-stats Grafana dashboards
With statistics and metrics exposed by swagger-stats you may spot problematic API endpoints, see where most of errors happens, catch long-running requests, analyze details of last errors, observe trends, setup alerting.
swagger-stats provides:
npm install swagger-stats --save
If you haven't added prom-client already, you should do this now. It's a peer dependency of swagger-stats as of version 0.95.19.
npm install prom-client@12 --save
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
app.use(swStats.getMiddleware({swaggerSpec:apiSpec}));
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
const fastify = require('fastify')({
logger: true
});
// Enable swagger-stats
fastify.register(require('fastify-express')).then(()=>{
fastify.register(swStats.getFastifyPlugin, {swaggerSpec:apiSpec});
});
express-to-koa
can be used which is just a simple Promise
wrapper.
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
const e2k = require('express-to-koa');
app.use(e2k(swStats.getMiddleware({ swaggerSpec:apiSpec })));
const swStats = require('swagger-stats');
const swaggerSpec = require('./petstore.json');
const init = async () => {
server = Hapi.server({
port: 3040,
host: 'localhost'
});
await server.register({
plugin: swStats.getHapiPlugin,
options: {
swaggerSpec:swaggerSpec
}
});
await server.start();
console.log('Server running on %s', server.info.uri);
};
const restify = require('restify');
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
const server = restify.createServer();
server.pre(swStats.getMiddleware({
swaggerSpec:apiSpec,
}));
See /examples
for sample apps
$ curl http://<your app host:port>/swagger-stats/stats
{
"startts": 1501647865959,
"all": {
"requests": 7,
"responses": 7,
"errors": 3,
"info": 0,
"success": 3,
"redirect": 1,
"client_error": 2,
"server_error": 1,
"total_time": 510,
"max_time": 502,
"avg_time": 72.85714285714286,
"total_req_clength": 0,
"max_req_clength": 0,
"avg_req_clength": 0,
"total_res_clength": 692,
"max_res_clength": 510,
"avg_res_clength": 98,
"req_rate": 1.0734549915657108,
"err_rate": 0.4600521392424475
},
"sys": {
"rss": 59768832,
"heapTotal": 36700160,
"heapUsed": 20081776,
"external": 5291923,
"cpu": 0
},
"name": "swagger-stats-testapp",
"version": "0.90.1",
"hostname": "hostname",
"ip": "127.0.0.1"
}
Take a look at Documentation for more details on API and returned statistics.
$ curl http://<your app host:port>/swagger-stats/metrics
# HELP api_all_request_total The total number of all API requests received
# TYPE api_all_request_total counter
api_all_request_total 88715
# HELP api_all_success_total The total number of all API requests with success response
# TYPE api_all_success_total counter
api_all_success_total 49051
# HELP api_all_errors_total The total number of all API requests with error response
# TYPE api_all_errors_total counter
api_all_errors_total 32152
# HELP api_all_client_error_total The total number of all API requests with client error response
# TYPE api_all_client_error_total counter
api_all_client_error_total 22986
. . . . . . . . . .
To collect prom-client default metrics:
const swaggerStats = require('swagger-stats');
const promClient = require('prom-client');
promClient.collectDefaultMetrics();
Some Node.js specific metrics are included, such as event loop lag:
# HELP nodejs_eventloop_lag_seconds Lag of event loop in seconds.
# TYPE nodejs_eventloop_lag_seconds gauge
nodejs_eventloop_lag_seconds 0.000193641 1597303877464
. . . . . . . . . .
See Changelog
If you find a bug, or have an enhancement in mind please post issues on GitHub.
MIT
FAQs
API Telemetry and APM. Trace API calls and Monitor API performance, health and usage statistics in Node.js Microservices, based on express routes and Swagger (Open API) specification
The npm package swagger-stats receives a total of 18,989 weekly downloads. As such, swagger-stats popularity was classified as popular.
We found that swagger-stats demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.