Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
This is the core npm package for Zipkin. It contains the public API which is used by the various plugins (instrumentations and transports).
We include TypeScript definition file which you can also use as documentation.
Please always make sure that TypeScript type definitions match source code modifications.
const zipkin = require('zipkin');
// In Node.js, the recommended context API to use is zipkin-context-cls.
const CLSContext = require('zipkin-context-cls');
const ctxImpl = new CLSContext(); // if you want to use CLS
const xtxImpl = new zipkin.ExplicitContext(); // Alternative; if you want to pass around the context manually
// Tracer will be a one to many relationship with instrumentation that use it (like express)
const tracer = new zipkin.Tracer({
ctxImpl, // the in-process context
recorder: new zipkin.ConsoleRecorder(), // For easy debugging. You probably want to use an actual implementation, like Kafka or AWS SQS.
sampler: new zipkin.sampler.CountingSampler(0.01), // sample rate 0.01 will sample 1 % of all incoming requests
traceId128Bit: true, // to generate 128-bit trace IDs. 64-bit (false) is default
localServiceName: 'my-service' // indicates this node in your service graph
});
The event loop is what allows Node.js to perform non-blocking I/O operations, hence several operations are happening at the same time and we need a way to correlate different operations that happen at the same time to a specific trace. There are two options for this: explicit and implicit context.
In the explicit context, we pass around an object ctx
from the top layer of the application down to those operations we want to trace. For example, a ctx
will be handed from the HTTP handler down to the application layer and finally to a HTTP call that queries external resources.
In the implicit context, we don't need to pass anything, the in-process context is transparent for the user (see zipkin-context-cls).
Sometimes you have activity that precedes a remote request that you want to
capture in a trace. tracer.local
can time an operation, placing a
corresponding span ID in scope so that any downstream commands end up in the
same trace.
Here's an example tracing a synchronous function:
// A span representing checkout completes before result is returned
const result = tracer.local('checkout', () => {
return someComputation();
});
Here's an example tracing a function that returns a promise:
// A span is in progress and completes when the promise is resolved.
const result = tracer.local('checkout', () => {
return createAPromise();
});
FAQs
The core tracer for Zipkin JS
The npm package zipkin receives a total of 18,280 weekly downloads. As such, zipkin popularity was classified as popular.
We found that zipkin demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.