OpenTelemetry is an observability framework for cloud-native software to instrument, generate, collect, and export telemetry data (such as metrics, logs, and traces) for analysis. OpenTelemetry provides language-specific integrations automatically that capture relevant traces, metrics, and handle context propagation. For Node.js,
No matter how much you trust in the npmjs package registry in general and in packages you are using in particular, Bad Things™ always happen. They happen to the best of us. Even a small Node.js project may have thousands of dependencies, which makes it virtually impossible for a developer to monitor and audit them all.
An NPM package has two main ways to harm you: the first one is when you install it, and the second one is when you actually use it. The first way is possible because of the so-called “lifecycle scripts” run by npm. And even though one of the earliest attacks exploiting lifecycle scripts dates back to 2017, developers still do not take measures to protect their data.
This post explains how to protect sensitive information (such as authentication tokens) when running CI builds.
Sometimes you may need to integrate
debug with a high performance logger, such as
pino. And of course, there is an NPM package for that:
pino-debug. However, if you look at its source code, you will find out that it uses undocumented dirty hacks, which, in my opinion, make it quite fragile. This article demonstrates a much simpler solution.
I once had to work with a project which used MariaDB connector for Node.js, and for some reasons it was necessary to add Knex query builder to it. The main issue was that Knex supports only a few drivers, and MariaDB is unfortunately not one of them. I had to write a MariaDB client for Knex myself, and that was surprisingly easy.
A simple addon for Node.js that provides bindings to inet_ntop() and inet_pton() functions