Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
zipkin-context-cls
Advanced tools
A Context API implementation that uses continuation-local-storage under the hood
This module implements a context API on top of CLS/continuation-local-storage.
The primary objective of CLS is to implement a transparent context API, that is, you don't need to pass around a ctx
variable everywhere in your application code.
const CLSContext = require('zipkin-context-cls');
const tracer = new Tracer({
ctxImpl: new CLSContext('zipkin'),
recorder, // typically Kafka or Scribe
localServiceName: 'service-a' // name of this application
});
There are known issues and limitations with CLS, so some people might prefer to use ExplicitContext
instead;
the drawback then is that you have to pass around a context object manually.
This package is not suitable if your code inside the context uses promises. The context is then not properly propagated. There is work underway called async_hooks, but is at the time of this writing (node v10) in Experimental state.
The package will create a namespace called 'zipkin' by default, if it does not exist yet. In this namespace the code sets the context with the key 'zipkin'. This does not mean that the context is overwritten at every request. The namespace is tied to the call-chain. Data stored within that namespace is unique to that request and namespace. For reference see: here.
FAQs
A Context API implementation that uses continuation-local-storage under the hood
The npm package zipkin-context-cls receives a total of 3,943 weekly downloads. As such, zipkin-context-cls popularity was classified as popular.
We found that zipkin-context-cls demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.