Client-side JavaScript exception and tracing library for Apache SkyWalking APM.

Clone this repo:
  1. e36b33b build(deps-dev): bump ws from 8.12.1 to 8.17.1 (#126) by dependabot[bot] · 19 hours ago master
  2. 5ebefcc build(deps-dev): bump express from 4.18.2 to 4.19.2 (#124) by dependabot[bot] · 3 months ago
  3. 2ca38d5 build(deps-dev): bump webpack-dev-middleware from 5.3.3 to 5.3.4 (#123) by dependabot[bot] · 3 months ago
  4. 0b8b46f build(deps-dev): bump follow-redirects from 1.15.4 to 1.15.6 (#122) by dependabot[bot] · 3 months ago v0.11.0
  5. b19f2c1 docs: update changes for v0.11.0 (#121) by Fine0830 · 3 months ago

Apache SkyWalking Client JS

Apache SkyWalking Client-side JavaScript exception and tracing library.

  • Provide metrics and error collection to SkyWalking backend.
  • Lightweight
  • Make browser as a start of whole distributed tracing

NOTICE, SkyWalking Client JS 0.8.0 and later versions require SkyWalking v9.

Usage

Install

The skywalking-client-js runtime library is available at npm.

npm install skywalking-client-js --save

Quick Start

skywalking-client-js requires SkyWalking 8.2+

User could use register method to load and report data automatically.

import ClientMonitor from 'skywalking-client-js';
// Report collected data to `http:// + window.location.host + /browser/perfData` in default
ClientMonitor.register({
  # Use core/default/restPort in the OAP server.
  # If External Communication Channels are activated, `receiver-sharing-server/default/restPort`,
  # ref to https://skywalking.apache.org/docs/main/latest/en/setup/backend/backend-expose/
  collector: 'http://127.0.0.1:12800', 
  service: 'test-ui',
  pagePath: '/current/page/name',
  serviceVersion: 'v1.0.0',
});

Parameters

The register method supports the following parameters.

ParameterTypeDescriptionRequiredDefault Value
collectorStringIn default, the collected data would be reported to current domain(/browser/perfData. Then, typically, we recommend you use a Gateway/proxy to redirect the data to the OAP(resthost:restport). If you set this, the data could be reported to another domain, NOTE the Cross-Origin Resource Sharing (CORS) issuse and solution.false-
serviceStringproject ID.true-
serviceVersionStringproject verisontrue-
pagePathStringproject pathtrue-
jsErrorsBooleanSupport js errors monitoringfalsetrue
apiErrorsBooleanSupport API errors monitoringfalsetrue
resourceErrorsBooleanSupport resource errors monitoringfalsetrue
useFmpBooleanCollect FMP (first meaningful paint) data of the first screenfalsefalse
enableSPABooleanMonitor the page hashchange event and report PV, which is suitable for single page application scenarios.falsefalse
autoTracePerfBooleanSupport sending of performance data automatically.falsetrue
vueVueSupport vue2 errors monitoring. Deprecated: This is no longer recommended. Please use the Catching errors in frames scenario instead.falseundefined
traceSDKInternalBooleanSupport tracing SDK internal RPC.falsefalse
detailModeBooleanSupport tracing http method and url as tags in spans.falsetrue
noTraceOrigins(string | RegExp)[]Origin in the noTraceOrigins list will not be traced.false[]
traceTimeIntervalNumberSupport setting time interval to report segments.false60000
customTagsArrayCustom Tagsfalse-

Collect Metrics Manually

Use the setPerformance method to report metrics at the moment of page loaded or any other moment meaningful.

  1. Set the SDK configuration item autoTracePerf to false to turn off automatic reporting performance metrics and wait for manual triggering of escalation.
  2. Call ClientMonitor.setPerformance(object) method to report
  • Examples
import ClientMonitor from 'skywalking-client-js';

ClientMonitor.setPerformance({
  collector: 'http://127.0.0.1:12800',
  service: 'browser-app',
  serviceVersion: '1.0.0',
  pagePath: location.href,
  useFmp: true
});

Special scene

SPA Page

In spa (single page application) single page application, the page will be refreshed only once. The traditional method only reports PV once after the page loading, but cannot count the PV of each sub-page, and can't make other types of logs aggregate by sub-page.
The SDK provides two processing methods for spa pages:

  1. Enable spa automatic parsing
    This method is suitable for most single page application scenarios with URL hash as the route.
    In the initialized configuration item, set enableSPA to true, which will turn on the page's hashchange event listening (trigger re reporting PV), and use URL hash as the page field in other data reporting.
  2. Manual reporting
    This method can be used in all single page application scenarios. This method can be used if the first method is invalid.
    The SDK provides a set page method to manually update the page name when data is reported. When this method is called, the page PV will be re reported by default. For details, see setPerformance().
app.on('routeChange', function (next) {
  ClientMonitor.setPerformance({
    collector: 'http://127.0.0.1:12800',
    service: 'browser-app',
    serviceVersion: '1.0.0',
    pagePath: location.href,
    useFmp: true
  });
});   

Tracing range of data requests in the browser

Support tracking these(XMLHttpRequest and Fetch API) two modes of data requests. At the same time, Support tracking libraries and tools that base on XMLHttpRequest and fetch, such as Axios, SuperAgent, OpenApi and so on.

Catching errors in frames, including React, Angular, Vue.

// Angular
import { ErrorHandler } from '@angular/core';
import ClientMonitor from 'skywalking-client-js';
export class AppGlobalErrorhandler implements ErrorHandler {
  handleError(error) {
    ClientMonitor.reportFrameErrors({
      collector: 'http://127.0.0.1:12800',
      service: 'angular-demo',
      pagePath: '/app',
      serviceVersion: 'v1.0.0',
    }, error);
  }
}
@NgModule({
  ...
  providers: [{provide: ErrorHandler, useClass: AppGlobalErrorhandler}]
})
class AppModule {}
// React
class ErrorBoundary extends React.Component {
  constructor(props) {
    super(props);
    this.state = { hasError: false };
  }

  static getDerivedStateFromError(error) {
    // Update state so the next render will show the fallback UI.
    return { hasError: true };
  }

  componentDidCatch(error, errorInfo) {
    // You can also log the error to an error reporting service
    ClientMonitor.reportFrameErrors({
      collector: 'http://127.0.0.1:12800',
      service: 'react-demo',
      pagePath: '/app',
      serviceVersion: 'v1.0.0',
    }, error);
  }

  render() {
    if (this.state.hasError) {
      // You can render any custom fallback UI
      return <h1>Something went wrong.</h1>;
    }

    return this.props.children; 
  }
}
<ErrorBoundary>
  <MyWidget />
</ErrorBoundary>
// Vue
Vue.config.errorHandler = (error) => {
  ClientMonitor.reportFrameErrors({
    collector: 'http://127.0.0.1:12800',
    service: 'vue-demo',
    pagePath: '/app',
    serviceVersion: 'v1.0.0',
  }, error);
}

According to different pages or modules, add custom tags to spans.

app.on('routeChange', function () {
  ClientMonitor.setCustomTags([
    { key: 'key1', value: 'value1' },
    { key: 'key2', value: 'value2' },
  ]);
});

Security Notice

The SkyWalking client-js agent would be deployed and running outside of your datacenter. This means when you introduce this component you should be aware of the security impliciations. There are various kinds of telemetry relative data would be reported to backend separately or through your original HTTP requests.

In order to implement distributed tracing from the browser, an HTTP header with the name sw8 will be added to HTTP requests according to Cross Process Propagation Headers Protocol v3. client-js will also report spans and browser telemetry data through Trace Data Protocol v3 and Browser Protocol.

Because all of this data is reported from an unsecured environment, users should make sure to:

  1. Not expose OAP server to the internet directly.
  2. Set up TLS/HTTPs between browser and OAP server.
  3. Set up authentification(such as TOKEN based) for client-js reporting.
  4. Validate all fields in the body of the HTTP headers and telemetry data mentioned above to detect and reject malicious data. Without such protections, an attacker could embed executable Javascript code in those fields, causing XSS or even Remote Code Execution (RCE) issues.

Please consult your security team before introducing this feature in your production environment. Don‘t expose the OAP server’s IP/port(s) and URI without a security audit.

Demo project

Demo project provides instrumented web application with necessary environment, you could just simple use it to see the data SkyWalking collected and how SkyWalking visualizes on the UI. See more information, click here.

Contact Us

Release Guide

All committers should follow Release Guide to publish the official release.

License

Apache 2.0