Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
swagger-stats
Advanced tools
API Telemetry and APM. Trace API calls and Monitor API performance, health and usage statistics in Node.js Microservices, based on express routes and Swagger (Open API) specification
swagger-stats traces REST API requests and responses in Node.js Microservices, and collects statistics per API Operation. swagger-stats detects API operations based on express routes. You may also provide Swagger (Open API) specification, and swagger-stats will match API requests with API Operations defined in swagger specification.
swagger-stats exposes statistics and metrics per API Operation, such as GET /myapi/:parameter
, or GET /pet/{petId}
swagger-stats provides built-in Telemetry UX, so you may enable swagger-stats in your app, and start monitoring immediately, with no infrastructure requirements. Navigate to
http://<your app host:port>/swagger-stats/
swagger-stats stores details about each request/response in Elasticsearch, so you may use Kibana to perform detailed analysis of API usage over time, build visualizations and dashboards
See dashboards/elastic6
for swagger-stats Kibana visualizations and dashboards
swagger-stats exposes metrics in Prometheus format, so you may use Prometheus and Grafana to setup API monitoring and alerting
See dashboards/prometheus
for swagger-stats Grafana dashboards
With statistics and metrics exposed by swagger-stats you may spot problematic API endpoints, see where most of errors happens, catch long-running requests, analyze details of last errors, observe trends, setup alerting.
swagger-stats provides:
npm install swagger-stats --save
If you haven't added prom-client already, you should do this now. It's a peer dependency of swagger-stats as of version 0.95.19.
npm install prom-client@12 --save
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
app.use(swStats.getMiddleware({swaggerSpec:apiSpec}));
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
const fastify = require('fastify')({
logger: true
});
// Enable swagger-stats
fastify.register(require('fastify-express')).then(()=>{
fastify.register(swStats.getFastifyPlugin, {swaggerSpec:apiSpec});
});
express-to-koa
can be used which is just a simple Promise
wrapper.
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
const e2k = require('express-to-koa');
app.use(e2k(swStats.getMiddleware({ swaggerSpec:apiSpec })));
const swStats = require('swagger-stats');
const swaggerSpec = require('./petstore.json');
const init = async () => {
server = Hapi.server({
port: 3040,
host: 'localhost'
});
await server.register({
plugin: swStats.getHapiPlugin,
options: {
swaggerSpec:swaggerSpec
}
});
await server.start();
console.log('Server running on %s', server.info.uri);
};
const restify = require('restify');
const swStats = require('swagger-stats');
const apiSpec = require('swagger.json');
const server = restify.createServer();
server.pre(swStats.getMiddleware({
swaggerSpec:apiSpec,
}));
See /examples
for sample apps
$ curl http://<your app host:port>/swagger-stats/stats
{
"startts": 1501647865959,
"all": {
"requests": 7,
"responses": 7,
"errors": 3,
"info": 0,
"success": 3,
"redirect": 1,
"client_error": 2,
"server_error": 1,
"total_time": 510,
"max_time": 502,
"avg_time": 72.85714285714286,
"total_req_clength": 0,
"max_req_clength": 0,
"avg_req_clength": 0,
"total_res_clength": 692,
"max_res_clength": 510,
"avg_res_clength": 98,
"req_rate": 1.0734549915657108,
"err_rate": 0.4600521392424475
},
"sys": {
"rss": 59768832,
"heapTotal": 36700160,
"heapUsed": 20081776,
"external": 5291923,
"cpu": 0
},
"name": "swagger-stats-testapp",
"version": "0.90.1",
"hostname": "hostname",
"ip": "127.0.0.1"
}
Take a look at Documentation for more details on API and returned statistics.
$ curl http://<your app host:port>/swagger-stats/metrics
# HELP api_all_request_total The total number of all API requests received
# TYPE api_all_request_total counter
api_all_request_total 88715
# HELP api_all_success_total The total number of all API requests with success response
# TYPE api_all_success_total counter
api_all_success_total 49051
# HELP api_all_errors_total The total number of all API requests with error response
# TYPE api_all_errors_total counter
api_all_errors_total 32152
# HELP api_all_client_error_total The total number of all API requests with client error response
# TYPE api_all_client_error_total counter
api_all_client_error_total 22986
. . . . . . . . . .
To collect prom-client default metrics:
const swaggerStats = require('swagger-stats');
const promClient = require('prom-client');
promClient.collectDefaultMetrics();
Some Node.js specific metrics are included, such as event loop lag:
# HELP nodejs_eventloop_lag_seconds Lag of event loop in seconds.
# TYPE nodejs_eventloop_lag_seconds gauge
nodejs_eventloop_lag_seconds 0.000193641 1597303877464
. . . . . . . . . .
See Changelog
If you find a bug, or have an enhancement in mind please post issues on GitHub.
MIT
v0.99.7
FAQs
API Telemetry and APM. Trace API calls and Monitor API performance, health and usage statistics in Node.js Microservices, based on express routes and Swagger (Open API) specification
The npm package swagger-stats receives a total of 32,311 weekly downloads. As such, swagger-stats popularity was classified as popular.
We found that swagger-stats demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.