dd-trace 5.76.0 → 5.77.0

package/LICENSE-3rdparty.csv

@@ -11,7 +11,7 @@ require,@opentelemetry/api,Apache license 2.0,Copyright OpenTelemetry Authors
 require,@opentelemetry/api-logs,Apache license 2.0,Copyright OpenTelemetry Authors
 require,@opentelemetry/core,Apache license 2.0,Copyright OpenTelemetry Authors
 require,@opentelemetry/resources,Apache license 2.0,Copyright OpenTelemetry Authors
-require,@isaacs/ttlcache,ISC,Copyright (c) 2022-2023 - Isaac Z. Schlueter and Contributors
+require,@isaacs/ttlcache,Blue Oak,Copyright Isaac Z. Schlueter and Contributors
 require,crypto-randomuuid,MIT,Copyright 2021 Node.js Foundation and contributors
 require,dc-polyfill,MIT,Copyright 2023 Datadog Inc.
 require,escape-string-regexp,MIT,Copyright Sindre Sorhus

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dd-trace",
-  "version": "5.76.0",
+  "version": "5.77.0",
   "description": "Datadog APM tracing client for JavaScript",
   "main": "index.js",
   "typings": "index.d.ts",
@@ -125,15 +125,15 @@
     "@datadog/native-appsec": "10.3.0",
     "@datadog/native-iast-taint-tracking": "4.0.0",
     "@datadog/native-metrics": "3.1.1",
-    "@datadog/openfeature-node-server": "0.1.0-preview.13",
+    "@datadog/openfeature-node-server": "0.1.0-preview.15",
     "@datadog/pprof": "5.12.0",
     "@datadog/sketches-js": "2.1.1",
-    "@datadog/wasm-js-rewriter": "4.0.1",
-    "@isaacs/ttlcache": "^1.4.1",
+    "@datadog/wasm-js-rewriter": "5.0.1",
+    "@isaacs/ttlcache": "^2.0.1",
     "@opentelemetry/api": ">=1.0.0 <1.10.0",
     "@opentelemetry/api-logs": "<1.0.0",
     "@opentelemetry/core": ">=1.14.0 <1.31.0",
-    "@opentelemetry/resources": ">=1.0.0 <1.10.0",
+    "@opentelemetry/resources": ">=1.0.0 <1.31.0",
     "crypto-randomuuid": "^1.0.0",
     "dc-polyfill": "^0.1.10",
     "escape-string-regexp": "^5.0.0",
@@ -160,13 +160,13 @@
     "ttl-set": "^1.0.0"
   },
   "devDependencies": {
-    "@babel/helpers": "^7.27.6",
+    "@babel/helpers": "^7.28.4",
     "@eslint/eslintrc": "^3.3.1",
-    "@eslint/js": "^9.29.0",
+    "@eslint/js": "^9.39.0",
     "@msgpack/msgpack": "^3.1.2",
     "@openfeature/core": "^1.9.0",
     "@openfeature/server-sdk": "^1.20.0",
-    "@stylistic/eslint-plugin": "^5.0.0",
+    "@stylistic/eslint-plugin": "^5.5.0",
     "@types/chai": "^4.3.16",
     "@types/mocha": "^10.0.10",
     "@types/node": "^18.19.106",
@@ -175,15 +175,15 @@
     "axios": "^1.12.2",
     "benchmark": "^2.1.4",
     "body-parser": "^2.2.0",
-    "bun": "1.3.1",
+    "bun": "1.3.2",
     "chai": "^4.5.0",
-    "eslint": "^9.29.0",
-    "eslint-plugin-cypress": "^5.1.0",
+    "eslint": "^9.39.0",
+    "eslint-plugin-cypress": "^5.2.0",
     "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-mocha": "^11.1.0",
-    "eslint-plugin-n": "^17.20.0",
+    "eslint-plugin-mocha": "^11.2.0",
+    "eslint-plugin-n": "^17.23.1",
     "eslint-plugin-promise": "^7.2.1",
-    "eslint-plugin-unicorn": "^61.0.2",
+    "eslint-plugin-unicorn": "^62.0.0",
     "express": "^5.1.0",
     "glob": "^10.4.5",
     "globals": "^16.3.0",

package/packages/datadog-instrumentations/src/express.js

@@ -53,12 +53,21 @@ function wrapResponseRender (render) {
       return render.apply(this, arguments)
     }
 
+    const abortController = new AbortController()
     return responseRenderChannel.traceSync(
-      render,
+      function () {
+        if (abortController.signal.aborted) {
+          const error = abortController.signal.reason || new Error('Aborted')
+          throw error
+        }
+
+        return render.apply(this, arguments)
+      },
       {
         req: this.req,
         view,
-        options
+        options,
+        abortController
       },
       this,
       ...arguments
@@ -67,26 +76,28 @@ function wrapResponseRender (render) {
 }
 
 function wrapAppAll (all) {
-  return function wrappedAll (path, ...otherArgs) {
-    if (!routeAddedChannel.hasSubscribers) return all.call(this, path, ...otherArgs)
+  return function wrappedAll (...args) {
+    if (!routeAddedChannel.hasSubscribers) return all.apply(this, args)
 
+    const path = args[0]
     const paths = normalizeRoutePaths(path)
 
     for (const p of paths) {
       routeAddedChannel.publish({ method: '*', path: p })
     }
 
-    return all.call(this, path, ...otherArgs)
+    return all.apply(this, args)
   }
 }
 
 // Wrap app.route() to instrument Route object
 function wrapAppRoute (route) {
-  return function wrappedRoute (path, ...otherArgs) {
-    const routeObj = route.call(this, path, ...otherArgs)
+  return function wrappedRoute (...args) {
+    const routeObj = route.apply(this, args)
 
     if (!routeAddedChannel.hasSubscribers) return routeObj
 
+    const path = args[0]
     const paths = normalizeRoutePaths(path)
 
     if (!paths.length) return routeObj

package/packages/datadog-instrumentations/src/jest.js

@@ -140,7 +140,7 @@ function getWrappedEnvironment (BaseEnvironment, jestVersion) {
       this.hasSnapshotTests = undefined
       this.testSuiteAbsolutePath = context.testPath
 
-      this.displayName = config.projectConfig?.displayName?.name
+      this.displayName = config.projectConfig?.displayName?.name || config.displayName
       this.testEnvironmentOptions = getTestEnvironmentOptions(config)
 
       const repositoryRoot = this.testEnvironmentOptions._ddRepositoryRoot
@@ -411,23 +411,19 @@ function getWrappedEnvironment (BaseEnvironment, jestVersion) {
             } else {
               originalHookFns.set(hook, hookFn)
             }
-            // The rule has a bug, see https://github.com/sindresorhus/eslint-plugin-unicorn/issues/2164
-            // eslint-disable-next-line unicorn/consistent-function-scoping
-            const wrapperHook = function () {
+            const newHookFn = shimmer.wrapFunction(hookFn, hookFn => function () {
               return testFnCh.runStores(ctx, () => hookFn.apply(this, arguments))
-            }
-            // If we don't do this, the timeout will not be triggered
-            Object.defineProperty(wrapperHook, 'length', { value: hookFn.length })
-            hook.fn = wrapperHook
+            })
+            hook.fn = newHookFn
           }
           const originalFn = event.test.fn
           originalTestFns.set(event.test, originalFn)
-          const wrapper = function () {
-            return testFnCh.runStores(ctx, () => originalFn.apply(this, arguments))
-          }
-          // If we don't do this, the timeout will be not be triggered
-          Object.defineProperty(wrapper, 'length', { value: originalFn.length })
-          event.test.fn = wrapper
+
+          const newFn = shimmer.wrapFunction(event.test.fn, testFn => function () {
+            return testFnCh.runStores(ctx, () => testFn.apply(this, arguments))
+          })
+
+          event.test.fn = newFn
         })
       }
 
@@ -1293,7 +1289,7 @@ addHook({
 
   shimmer.wrap(Runtime.prototype, '_createJestObjectFor', _createJestObjectFor => function (from) {
     const result = _createJestObjectFor.apply(this, arguments)
-    const suiteFilePath = this._testPath
+    const suiteFilePath = this._testPath || from
 
     shimmer.wrap(result, 'mock', mock => function (moduleName) {
       // If the library is mocked with `jest.mock`, we don't want to bypass jest's own require engine
@@ -1450,7 +1446,11 @@ addHook({
 }, (childProcessWorker) => {
   const ChildProcessWorker = childProcessWorker.default
   shimmer.wrap(ChildProcessWorker.prototype, 'send', sendWrapper)
-  shimmer.wrap(ChildProcessWorker.prototype, '_onMessage', onMessageWrapper)
+  if (ChildProcessWorker.prototype._onMessage) {
+    shimmer.wrap(ChildProcessWorker.prototype, '_onMessage', onMessageWrapper)
+  } else if (ChildProcessWorker.prototype.onMessage) {
+    shimmer.wrap(ChildProcessWorker.prototype, 'onMessage', onMessageWrapper)
+  }
   return childProcessWorker
 })
 

package/packages/datadog-instrumentations/src/router.js

@@ -146,33 +146,34 @@ function createWrapRouterMethod (name) {
   }
 
   function wrapMethod (original) {
-    return shimmer.wrapFunction(original, original => function methodWithTrace (fn, ...otherArgs) {
+    return shimmer.wrapFunction(original, original => function methodWithTrace (...args) {
       let offset = 0
       if (this.stack) {
         offset = Array.isArray(this.stack) ? this.stack.length : 1
       }
-      const router = original.call(this, fn, ...otherArgs)
+      const router = original.apply(this, args)
 
       if (typeof this.stack === 'function') {
         this.stack = [{ handle: this.stack }]
       }
 
       if (routeAddedChannel.hasSubscribers) {
-        routeAddedChannel.publish({ topOfStackFunc: methodWithTrace, layer: this.stack.at(-1) })
+        routeAddedChannel.publish({ topOfStackFunc: methodWithTrace, layer: this.stack?.at(-1) })
       }
 
+      const fn = args[0]
+
       // Publish only if this router was mounted by app.use() (prevents early '/sub/...')
       if (routeAddedChannel.hasSubscribers && isAppMounted(this) && this.stack?.length > offset) {
         // Handle nested router mounting for 'use' method
-        if (original.name === 'use' && otherArgs.length >= 1) {
+        if (original.name === 'use' && args.length >= 2) {
           const { mountPaths, startIdx } = extractMountPaths(fn)
 
           if (mountPaths.length) {
             const parentPaths = getRouterMountPaths(this)
-            const callArgs = [fn, ...otherArgs]
 
-            for (let i = startIdx; i < callArgs.length; i++) {
-              const nestedRouter = callArgs[i]
+            for (let i = startIdx; i < args.length; i++) {
+              const nestedRouter = args[i]
 
               if (!nestedRouter || typeof nestedRouter !== 'function') continue
 
@@ -206,7 +207,7 @@ function createWrapRouterMethod (name) {
         }
       }
 
-      if (this.stack.length > offset) {
+      if (this.stack?.length > offset) {
         wrapStack(this.stack.slice(offset), extractMatchers(fn))
       }
 

package/packages/datadog-plugin-cucumber/src/index.js

@@ -51,7 +51,8 @@ const {
 } = require('../../dd-trace/src/ci-visibility/telemetry')
 
 const BREAKPOINT_HIT_GRACE_PERIOD_MS = 200
-const BREAKPOINT_SET_GRACE_PERIOD_MS = 200
+const BREAKPOINT_SET_GRACE_PERIOD_MS = 400
+
 const isCucumberWorker = !!getEnvironmentVariable('CUCUMBER_WORKER_ID')
 
 class CucumberPlugin extends CiPlugin {

package/packages/datadog-plugin-grpc/src/util.js

@@ -3,6 +3,10 @@
 const pick = require('../../datadog-core/src/utils/src/pick')
 const log = require('../../dd-trace/src/log')
 
+function getEmptyObject () {
+  return {}
+}
+
 module.exports = {
   getMethodMetadata (path, kind) {
     const tags = {
@@ -57,6 +61,6 @@ module.exports = {
       log.error('Expected \'%s\' to be an array or function.', filter)
     }
 
-    return () => ({})
+    return getEmptyObject
   }
 }

package/packages/datadog-plugin-http/src/client.js

@@ -183,13 +183,17 @@ function normalizeClientConfig (config) {
   }
 }
 
+function is400ErrorCode (code) {
+  return code < 400 || code >= 500
+}
+
 function getStatusValidator (config) {
   if (typeof config.validateStatus === 'function') {
     return config.validateStatus
   } else if (config.hasOwnProperty('validateStatus')) {
     log.error('Expected `validateStatus` to be a function.')
   }
-  return code => code < 400 || code >= 500
+  return is400ErrorCode
 }
 
 function getFilter (config) {

package/packages/datadog-plugin-http2/src/client.js

@@ -162,13 +162,17 @@ function hasAmazonSignature (headers, path) {
   return false
 }
 
+function is400ErrorCode (code) {
+  return code < 400 || code >= 500
+}
+
 function getStatusValidator (config) {
   if (typeof config.validateStatus === 'function') {
     return config.validateStatus
   } else if (config.hasOwnProperty('validateStatus')) {
     log.error('Expected `validateStatus` to be a function.')
   }
-  return code => code < 400 || code >= 500
+  return is400ErrorCode
 }
 
 function normalizeConfig (config) {

package/packages/dd-trace/src/appsec/api_security_sampler.js

@@ -1,6 +1,6 @@
 'use strict'
 
-const TTLCache = require('@isaacs/ttlcache')
+const { TTLCache } = require('@isaacs/ttlcache')
 const web = require('../plugins/util/web')
 const log = require('../log')
 const { AUTO_REJECT, USER_REJECT } = require('../../../../ext/priority')

package/packages/dd-trace/src/appsec/channels.js

@@ -12,6 +12,7 @@ module.exports = {
   cookieParser: dc.channel('datadog:cookie-parser:read:finish'),
   expressMiddlewareError: dc.channel('apm:express:middleware:error'),
   expressProcessParams: dc.channel('datadog:express:process_params:start'),
+  expressResponseRenderStart: dc.channel('tracing:datadog:express:response:render:start'),
   expressSession: dc.channel('datadog:express-session:middleware:finish'),
   fastifyBodyParser: dc.channel('datadog:fastify:body-parser:finish'),
   fastifyCookieParser: dc.channel('datadog:fastify-cookie:read:finish'),

package/packages/dd-trace/src/appsec/iast/analyzers/path-traversal-analyzer.js

@@ -68,6 +68,13 @@ class PathTraversalAnalyzer extends InjectionAnalyzer {
       }
       this.analyze(pathArguments)
     })
+
+    this.addSub('tracing:datadog:express:response:render:start', (ctx) => {
+      const store = storage('legacy').getStore()
+      if (!store) return
+
+      this.analyze([ctx.view])
+    })
   }
 
   _isExcluded (location) {

package/packages/dd-trace/src/appsec/iast/vulnerabilities-formatter/utils.js

@@ -8,8 +8,8 @@ const STRINGIFY_SENSITIVE_KEY = STRINGIFY_RANGE_KEY + 'SENSITIVE'
 const STRINGIFY_SENSITIVE_NOT_STRING_KEY = STRINGIFY_SENSITIVE_KEY + 'NOTSTRING'
 
 // eslint-disable-next-line @stylistic/max-len
-const KEYS_REGEX_WITH_SENSITIVE_RANGES = new RegExp(`(?:"(${STRINGIFY_RANGE_KEY}_\\d+_))|(?:"(${STRINGIFY_SENSITIVE_KEY}_\\d+_(\\d+)_))|("${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\\d+_([\\s0-9.a-zA-Z]*)")`, 'gm')
-const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(`"(${STRINGIFY_RANGE_KEY}_\\d+_)`, 'gm')
+const KEYS_REGEX_WITH_SENSITIVE_RANGES = new RegExp(String.raw`(?:"(${STRINGIFY_RANGE_KEY}_\d+_))|(?:"(${STRINGIFY_SENSITIVE_KEY}_\d+_(\d+)_))|("${STRINGIFY_SENSITIVE_NOT_STRING_KEY}_\d+_([\s0-9.a-zA-Z]*)")`, 'gm')
+const KEYS_REGEX_WITHOUT_SENSITIVE_RANGES = new RegExp(String.raw`"(${STRINGIFY_RANGE_KEY}_\d+_)`, 'gm')
 
 const sensitiveValueRegex = new RegExp(DEFAULT_IAST_REDACTION_VALUE_PATTERN, 'gmi')
 

package/packages/dd-trace/src/appsec/iast/vulnerability-reporter.js

@@ -84,9 +84,10 @@ function sendVulnerabilities (vulnerabilities, span) {
     const jsonToSend = vulnerabilitiesFormatter.toJson(validatedVulnerabilities)
 
     if (jsonToSend.vulnerabilities.length > 0) {
-      const tags = {}
-      // TODO: Store this outside of the span and set the tag in the exporter.
-      tags[IAST_JSON_TAG_KEY] = JSON.stringify(jsonToSend)
+      const tags = {
+        // TODO: Store this outside of the span and set the tag in the exporter.
+        [IAST_JSON_TAG_KEY]: JSON.stringify(jsonToSend)
+      }
       span.addTags(tags)
     }
   }

package/packages/dd-trace/src/appsec/rasp/lfi.js

@@ -1,12 +1,13 @@
 'use strict'
 
-const { fsOperationStart, incomingHttpRequestStart } = require('../channels')
+const { isAbsolute } = require('path')
+
+const { fsOperationStart, incomingHttpRequestStart, expressResponseRenderStart } = require('../channels')
 const { storage } = require('../../../../datadog-core')
 const { enable: enableFsPlugin, disable: disableFsPlugin, RASP_MODULE } = require('./fs-plugin')
 const { FS_OPERATION_PATH } = require('../addresses')
 const waf = require('../waf')
 const { RULE_TYPES, handleResult } = require('./utils')
-const { isAbsolute } = require('path')
 
 let config
 let enabled
@@ -25,6 +26,7 @@ function enable (_config) {
 function disable () {
   if (fsOperationStart.hasSubscribers) fsOperationStart.unsubscribe(analyzeLfi)
   if (incomingHttpRequestStart.hasSubscribers) incomingHttpRequestStart.unsubscribe(onFirstReceivedRequest)
+  if (expressResponseRenderStart.hasSubscribers) expressResponseRenderStart.unsubscribe(analyzeLfiInResponseRender)
 
   disableFsPlugin(RASP_MODULE)
 
@@ -42,10 +44,18 @@ function onFirstReceivedRequest () {
 
   if (!analyzeSubscribed) {
     fsOperationStart.subscribe(analyzeLfi)
+    expressResponseRenderStart.subscribe(analyzeLfiInResponseRender)
     analyzeSubscribed = true
   }
 }
 
+function analyzeLfiInResponseRender (ctx) {
+  const store = storage('legacy').getStore()
+  if (!store) return
+
+  analyzeLfiPath(ctx.view, ctx.req, store.res, ctx.abortController)
+}
+
 function analyzeLfi (ctx) {
   const store = storage('legacy').getStore()
   if (!store) return
@@ -54,15 +64,19 @@ function analyzeLfi (ctx) {
   if (!req || !fs) return
 
   getPaths(ctx, fs).forEach(path => {
-    const ephemeral = {
-      [FS_OPERATION_PATH]: path
-    }
+    analyzeLfiPath(path, req, res, ctx.abortController)
+  })
+}
 
-    const raspRule = { type: RULE_TYPES.LFI }
+function analyzeLfiPath (path, req, res, abortController) {
+  const ephemeral = {
+    [FS_OPERATION_PATH]: path
+  }
 
-    const result = waf.run({ ephemeral }, req, raspRule)
-    handleResult(result, req, res, ctx.abortController, config, raspRule)
-  })
+  const raspRule = { type: RULE_TYPES.LFI }
+
+  const result = waf.run({ ephemeral }, req, raspRule)
+  handleResult(result, req, res, abortController, config, raspRule)
 }
 
 function getPaths (ctx, fs) {

package/packages/dd-trace/src/appsec/stack_trace.js

@@ -42,9 +42,9 @@ function filterOutFramesFromLibrary (callSiteList) {
     if (globalThis.__DD_ESBUILD_IAST_WITH_SM) {
       // bundled with SourceMap, get original file and line to discriminate if comes from dd-trace or not
       const callSiteLocation = {
-        path: callSite.getFileName(),
-        line: callSite.getLineNumber(),
-        column: callSite.getColumnNumber()
+        path: callSite.getTranslatedFileName?.() ?? callSite.getFileName(),
+        line: callSite.getTranslatedLineNumber?.() ?? callSite.getLineNumber(),
+        column: callSite.getTranslatedColumnNumber?.() ?? callSite.getColumnNumber()
       }
       const { path } = getOriginalPathAndLineFromSourceMap(callSiteLocation)
       return !path?.startsWith(ddBasePath)
@@ -68,9 +68,9 @@ function getCallsiteFrames (maxDepth = 32, constructorOpt = getCallsiteFrames, c
     const callSite = filteredFrames[index]
     indexedFrames.push({
       id: index,
-      file: callSite.getFileName(),
-      line: callSite.getLineNumber(),
-      column: callSite.getColumnNumber(),
+      file: callSite.getTranslatedFileName?.() ?? callSite.getFileName(),
+      line: callSite.getTranslatedLineNumber?.() ?? callSite.getLineNumber(),
+      column: callSite.getTranslatedColumnNumber?.() ?? callSite.getColumnNumber(),
       function: callSite.getFunctionName(),
       class_name: callSite.getTypeName(),
       isNative: callSite.isNative()

package/packages/dd-trace/src/config.js

@@ -4,6 +4,7 @@ const fs = require('fs')
 const os = require('os')
 const uuid = require('crypto-randomuuid') // we need to keep the old uuid dep because of cypress
 const { URL } = require('url')
+
 const log = require('./log')
 const tagger = require('./tagger')
 const set = require('../../datadog-core/src/utils/src/set')
@@ -1507,4 +1508,12 @@ function getAgentUrl (url, options) {
   }
 }
 
-module.exports = Config
+let configInstance = null
+function getConfig (options) {
+  if (!configInstance) {
+    configInstance = new Config(options)
+  }
+  return configInstance
+}
+
+module.exports = getConfig

package/packages/dd-trace/src/debugger/devtools_client/index.js

@@ -58,6 +58,11 @@ if (SUPPORT_ARRAY_BUFFER_RESIZE) {
 session.on('Debugger.paused', async ({ params }) => {
   const start = process.hrtime.bigint()
 
+  if (params.reason !== 'other') {
+    // This error should not be caught, and should exit the worker thread, effectively stopping the debugging session
+    throw new Error(`Unexpected Debugger.paused reason: ${params.reason}`)
+  }
+
   let maxReferenceDepth, maxCollectionSize, maxFieldCount, maxLength
   let sampled = false
   let numberOfProbesWithSnapshots = 0
@@ -168,7 +173,9 @@ session.on('Debugger.paused', async ({ params }) => {
   await session.post('Debugger.resume')
   const diff = process.hrtime.bigint() - start // TODO: Recored as telemetry (DEBUG-2858)
 
-  log.debug(() => `[debugger:devtools_client] Finished processing breakpoints - main thread paused for: ${
+  // This doesn't measure the overhead of the CDP protocol. The actual pause time is slightly larger.
+  // On my machine I'm seeing around 1.7ms of overhead.
+  log.debug(() => `[debugger:devtools_client] Finished processing breakpoints - main thread paused for: ~${
     Number(diff) / 1_000_000
   } ms`)
 

package/packages/dd-trace/src/debugger/devtools_client/log.js

@@ -1,10 +1,15 @@
 'use strict'
 
+/** @typedef {'error'|'warn'|'info'|'debug'} Level */
+/** @typedef {(...args: unknown[]) => void} LogFn */
+/** @typedef {Record<Level, LogFn>} Logger */
+
 const { workerData } = require('node:worker_threads')
 
 // For testing purposes, we allow `workerData` to be undefined and fallback to a default config
-const { config: { debug, logLevel }, logPort } = workerData ?? { config: { debug: false } }
+const { config: { debug = false, logLevel } = {}, logPort } = workerData ?? {}
 
+/** @type {Level[]} */
 const LEVELS = ['error', 'warn', 'info', 'debug']
 const on = (level, ...args) => {
   if (typeof args[0] === 'function') {
@@ -14,6 +19,12 @@ const on = (level, ...args) => {
 }
 const off = () => {}
 
-for (const level of LEVELS) {
-  module.exports[level] = debug && LEVELS.indexOf(logLevel) >= LEVELS.indexOf(level) ? on.bind(null, level) : off
-}
+const threshold = LEVELS.indexOf(logLevel)
+
+/** @type {Logger} */
+module.exports = Object.fromEntries(
+  LEVELS.map(level => [
+    level,
+    debug && threshold >= LEVELS.indexOf(level) ? on.bind(null, level) : off
+  ])
+)

package/packages/dd-trace/src/debugger/devtools_client/snapshot/index.js

@@ -13,6 +13,10 @@ module.exports = {
   getLocalStateForCallFrame
 }
 
+function returnError () {
+  return new Error('Error getting local state')
+}
+
 async function getLocalStateForCallFrame (
   callFrame,
   {
@@ -37,7 +41,7 @@ async function getLocalStateForCallFrame (
     // TODO: We might be able to get part of the scope chain.
     // Consider if we could set errors just for the part of the scope chain that throws during collection.
     log.error('[debugger:devtools_client] Error getting local state for call frame', err)
-    return () => new Error('Error getting local state')
+    return returnError
   }
 
   // Delay calling `processRawState` so the caller gets a chance to resume the main thread before processing `rawState`

package/packages/dd-trace/src/exporters/common/docker.js

@@ -12,7 +12,7 @@ const uuidSource =
 const containerSource = '[0-9a-f]{64}'
 const taskSource = String.raw`[0-9a-f]{32}-\d+`
 const lineReg = /^(\d+):([^:]*):(.+)$/m
-const entityReg = new RegExp(`.*(${uuidSource}|${containerSource}|${taskSource})(?:\\.scope)?$`, 'm')
+const entityReg = new RegExp(String.raw`.*(${uuidSource}|${containerSource}|${taskSource})(?:\.scope)?$`, 'm')
 
 let inode = 0
 let cgroup = ''

package/packages/dd-trace/src/exporters/span-stats/writer.js

@@ -36,13 +36,12 @@ function makeRequest (data, url, cb) {
       'Datadog-Meta-Lang': 'javascript',
       'Datadog-Meta-Tracer-Version': pkg.version,
       'Content-Type': 'application/msgpack'
-    }
+    },
+    protocol: url.protocol,
+    hostname: url.hostname,
+    port: url.port
   }
 
-  options.protocol = url.protocol
-  options.hostname = url.hostname
-  options.port = url.port
-
   log.debug('Request to the intake: %j', options)
 
   request(data, options, (err, res) => {

package/packages/dd-trace/src/format.js

@@ -32,13 +32,13 @@ const map = {
   'resource.name': 'resource'
 }
 
-function format (span) {
+function format (span, isChunkRoot) {
   const formatted = formatSpan(span)
 
   extractSpanLinks(formatted, span)
   extractSpanEvents(formatted, span)
   extractRootTags(formatted, span)
-  extractChunkTags(formatted, span)
+  extractChunkTags(formatted, span, isChunkRoot)
   extractTags(formatted, span)
 
   return formatted
@@ -192,11 +192,10 @@ function extractRootTags (formattedSpan, span) {
   addTag({}, formattedSpan.metrics, TOP_LEVEL_KEY, 1)
 }
 
-function extractChunkTags (formattedSpan, span) {
+function extractChunkTags (formattedSpan, span, isChunkRoot) {
   const context = span.context()
-  const isLocalRoot = span === context._trace.started[0]
 
-  if (!isLocalRoot) return
+  if (!isChunkRoot) return
 
   for (const [key, value] of Object.entries(context._trace.tags)) {
     addTag(formattedSpan.meta, formattedSpan.metrics, key, value)

package/packages/dd-trace/src/llmobs/plugins/ai/index.js

@@ -82,7 +82,9 @@ class VercelAILLMObsPlugin extends BaseLLMObsPlugin {
    * @param {string} toolDescription
    * @returns {string | undefined}
    */
-  findToolName (toolDescription) {
+  findToolName (toolName, toolDescription) {
+    if (Number.isNaN(Number.parseInt(toolName))) return toolName
+
     for (const availableTool of this.#availableTools) {
       const description = availableTool.description
       if (description === toolDescription && availableTool.id) {
@@ -260,16 +262,17 @@ class VercelAILLMObsPlugin extends BaseLLMObsPlugin {
 
     const formattedToolCalls = []
     for (const toolCall of outputMessageToolCalls) {
-      const toolCallArgs = getJsonStringValue(toolCall.args, {})
+      const toolArgs = toolCall.args ?? toolCall.input
+      const toolCallArgs = typeof toolArgs === 'string' ? getJsonStringValue(toolArgs, {}) : toolArgs
       const toolDescription = toolsForModel?.find(tool => toolCall.toolName === tool.name)?.description
-      const name = this.findToolName(toolDescription)
+      const name = this.findToolName(toolCall.toolName, toolDescription)
       this.#toolCallIdsToName[toolCall.toolCallId] = name
 
       formattedToolCalls.push({
         arguments: toolCallArgs,
         name,
         toolId: toolCall.toolCallId,
-        type: 'function'
+        type: toolCall.toolCallType ?? 'function'
       })
     }
 
@@ -317,10 +320,10 @@ class VercelAILLMObsPlugin extends BaseLLMObsPlugin {
           finalContent += part.text ?? part.data
         } else if (type === 'tool-call') {
           const toolDescription = toolsForModel?.find(tool => part.toolName === tool.name)?.description
-          const name = this.findToolName(toolDescription)
+          const name = this.findToolName(part.toolName, toolDescription)
 
           toolCalls.push({
-            arguments: part.args,
+            arguments: part.args ?? part.input,
             name,
             toolId: part.toolCallId,
             type: 'function'

package/packages/dd-trace/src/llmobs/plugins/anthropic.js

@@ -242,12 +242,9 @@ class AnthropicLLMObsPlugin extends LLMObsPlugin {
     const cacheWriteTokens = usage.cache_creation_input_tokens
     const cacheReadTokens = usage.cache_read_input_tokens
 
-    const metrics = {}
-
-    metrics.inputTokens =
-      (inputTokens ?? 0) +
-      (cacheWriteTokens ?? 0) +
-      (cacheReadTokens ?? 0)
+    const metrics = {
+      inputTokens: (inputTokens ?? 0) + (cacheWriteTokens ?? 0) + (cacheReadTokens ?? 0)
+    }
 
     if (outputTokens) metrics.outputTokens = outputTokens
     const totalTokens = metrics.inputTokens + (outputTokens ?? 0)

package/packages/dd-trace/src/llmobs/plugins/langchain/handlers/index.js

@@ -37,8 +37,9 @@ class LangChainLLMObsHandler {
       return message
     }
     try {
-      const messageContent = {}
-      messageContent.content = message.content || ''
+      const messageContent = {
+        content: message.content || ''
+      }
 
       const role = this.getRole(message)
       if (role) messageContent.role = role

package/packages/dd-trace/src/llmobs/span_processor.js

@@ -203,8 +203,8 @@ class LLMObsSpanProcessor {
   // This function can be reused for other fields if needed
   // Messages, Documents, and Metrics are safeguarded in `llmobs/tagger.js`
   #addObject (obj, carrier) {
-    const seenObjects = new WeakSet()
-    seenObjects.add(obj) // capture root object
+    // Capture root object by default
+    const seenObjects = new WeakSet([obj])
 
     const isCircular = value => {
       if (typeof value !== 'object') return false

package/packages/dd-trace/src/llmobs/util.js

@@ -6,7 +6,7 @@ function encodeUnicode (str = '') {
   let result = ''
   for (let i = 0; i < str.length; i++) {
     const code = str.charCodeAt(i)
-    result += code > 127 ? `\\u${code.toString(16).padStart(4, '0')}` : str[i]
+    result += code > 127 ? String.raw`\u${code.toString(16).padStart(4, '0')}` : str[i]
   }
   return result
 }

package/packages/dd-trace/src/openfeature/writers/exposures.js

@@ -27,7 +27,7 @@ const {
 
 /**
  * @typedef {Object} ExposureContext
- * @property {string} service_name - Service name
+ * @property {string} service - Service name
  * @property {string} [version] - Service version
  * @property {string} [env] - Service environment
  */
@@ -127,7 +127,7 @@ class ExposuresWriter extends BaseFFEWriter {
    */
   _buildContext () {
     const context = {
-      service_name: this._config.service || 'unknown'
+      service: this._config.service || 'unknown'
     }
 
     // Only include version and env if they are defined

package/packages/dd-trace/src/opentelemetry/span.js

@@ -10,7 +10,7 @@ const { timeInputToHrTime } = require('@opentelemetry/core')
 const tracer = require('../../')
 const DatadogSpan = require('../opentracing/span')
 const { ERROR_MESSAGE, ERROR_TYPE, ERROR_STACK, IGNORE_OTEL_ERROR } = require('../constants')
-const { SERVICE_NAME, RESOURCE_NAME } = require('../../../../ext/tags')
+const { SERVICE_NAME, RESOURCE_NAME, SPAN_KIND } = require('../../../../ext/tags')
 const kinds = require('../../../../ext/kinds')
 
 const SpanContext = require('./span_context')
@@ -146,7 +146,8 @@ class Span {
       integrationName: parentTracer?._isOtelLibrary ? 'otel.library' : 'otel',
       tags: {
         [SERVICE_NAME]: _tracer._service,
-        [RESOURCE_NAME]: spanName
+        [RESOURCE_NAME]: spanName,
+        [SPAN_KIND]: spanKindNames[kind]
       },
       links
     }, _tracer._debug)

package/packages/dd-trace/src/plugins/util/serverless.js

@@ -3,7 +3,6 @@
 const types = require('../../../../../ext/types')
 const web = require('./web')
 
-const serverless = { ...web }
-serverless.TYPE = types.SERVERLESS
+const serverless = { ...web, TYPE: types.SERVERLESS }
 
 module.exports = serverless

package/packages/dd-trace/src/plugins/util/test.js

@@ -627,20 +627,29 @@ function getCodeOwnersFileEntries (rootDir) {
   return entries.reverse()
 }
 
+const codeOwnersPerFileName = new Map()
+
 function getCodeOwnersForFilename (filename, entries) {
   if (!entries) {
     return null
   }
+  if (codeOwnersPerFileName.has(filename)) {
+    return codeOwnersPerFileName.get(filename)
+  }
   for (const entry of entries) {
     try {
       const isResponsible = ignore().add(entry.pattern).ignores(filename)
       if (isResponsible) {
-        return JSON.stringify(entry.owners)
+        const codeOwners = JSON.stringify(entry.owners)
+        codeOwnersPerFileName.set(filename, codeOwners)
+        return codeOwners
       }
     } catch {
+      codeOwnersPerFileName.set(filename, null)
       return null
     }
   }
+  codeOwnersPerFileName.set(filename, null)
   return null
 }
 

package/packages/dd-trace/src/plugins/util/web.js

@@ -577,13 +577,17 @@ function getHeadersToRecord (config) {
   return []
 }
 
+function isNot500ErrorCode (code) {
+  return code < 500
+}
+
 function getStatusValidator (config) {
   if (typeof config.validateStatus === 'function') {
     return config.validateStatus
   } else if (config.hasOwnProperty('validateStatus')) {
     log.error('Expected `validateStatus` to be a function.')
   }
-  return code => code < 500
+  return isNot500ErrorCode
 }
 
 const noop = () => {}

package/packages/dd-trace/src/proxy.js

@@ -1,7 +1,7 @@
 'use strict'
 const NoopProxy = require('./noop/proxy')
 const DatadogTracer = require('./tracer')
-const Config = require('./config')
+const getConfig = require('./config')
 const runtimeMetrics = require('./runtime_metrics')
 const log = require('./log')
 const { setStartupLogPluginManager } = require('./startup-log')
@@ -98,7 +98,7 @@ class Tracer extends NoopProxy {
     this._initialized = true
 
     try {
-      const config = new Config(options) // TODO: support dynamic code config
+      const config = getConfig(options) // TODO: support dynamic code config
 
       if (config.crashtracking.enabled) {
         require('./crashtracking').start(config)

package/packages/dd-trace/src/runtime_metrics/runtime_metrics.js

@@ -22,7 +22,7 @@ let nativeMetrics = null
 let gcObserver = null
 let interval = null
 let client = null
-let lastTime = 0n
+let lastTime = 0
 let lastCpuUsage = null
 let eventLoopDelayObserver = null
 
@@ -103,7 +103,6 @@ module.exports = {
     interval = null
 
     client = null
-    lastTime = 0n
     lastCpuUsage = null
 
     gcObserver?.disconnect()
@@ -339,6 +338,7 @@ function startGCObserver () {
 
   gcObserver = new PerformanceObserver(list => {
     for (const entry of list.getEntries()) {
+      // @ts-expect-error - entry.detail?.kind and entry.kind are not typed
       const type = gcType(entry.detail?.kind || entry.kind)
       const duration = entry.duration * 1_000_000
 

package/packages/dd-trace/src/span_processor.js

@@ -47,11 +47,14 @@ class SpanProcessor {
       this._spanSampler.sample(spanContext)
       this._gitMetadataTagger.tagGitMetadata(spanContext)
 
+      let isChunkRoot = true
+
       for (const span of started) {
         if (span._duration === undefined) {
           active.push(span)
         } else {
-          const formattedSpan = format(span)
+          const formattedSpan = format(span, isChunkRoot)
+          isChunkRoot = false
           this._stats?.onSpanFinished(formattedSpan)
           formatted.push(formattedSpan)
 

package/packages/dd-trace/src/startup-log.js

@@ -10,18 +10,10 @@ const tracerVersion = require('../../../package.json').version
 const errors = {}
 let config
 let pluginManager
+/** @type {import('./sampling_rule')[]} */
 let samplingRules = []
 let alreadyRan = false
 
-/**
- * @returns {Record<string, unknown>}
- */
-function getIntegrationsAndAnalytics () {
-  return {
-    integrations_loaded: Object.keys(pluginManager._pluginsByName)
-  }
-}
-
 /**
  * @param {{ agentError: { code: string, message: string } }} [options]
  */
@@ -70,36 +62,30 @@ function tracerInfo () {
       return JSON.stringify(this, (_key_, value) => {
         return typeof value === 'bigint' || typeof value === 'symbol' ? String(value) : value
       })
-    }
-  }
-
-  out.date = new Date().toISOString()
-  out.os_name = os.type()
-  out.os_version = os.release()
-  out.architecture = os.arch()
-  out.version = tracerVersion
-  out.lang = 'nodejs'
-  out.lang_version = process.versions.node
-  out.env = config.env
-  out.enabled = config.enabled
-  out.service = config.service
-  out.agent_url = url
-  out.debug = !!config.debug
-  out.sample_rate = config.sampler.sampleRate
-  out.sampling_rules = samplingRules
-  out.tags = config.tags
-  if (config.tags && config.tags.version) {
-    out.dd_version = config.tags.version
+    },
+    date: new Date().toISOString(),
+    os_name: os.type(),
+    os_version: os.release(),
+    architecture: os.arch(),
+    version: tracerVersion,
+    lang: 'nodejs',
+    lang_version: process.versions.node,
+    env: config.env,
+    enabled: config.enabled,
+    service: config.service,
+    agent_url: url,
+    debug: !!config.debug,
+    sample_rate: config.sampler.sampleRate,
+    sampling_rules: samplingRules,
+    tags: config.tags,
+    ...(config.tags && config.tags.version && { dd_version: config.tags.version }),
+    log_injection_enabled: !!config.logInjection,
+    runtime_metrics_enabled: !!config.runtimeMetrics,
+    profiling_enabled: config.profiling?.enabled === 'true' || config.profiling?.enabled === 'auto',
+    integrations_loaded: Object.keys(pluginManager._pluginsByName),
+    appsec_enabled: !!config.appsec.enabled,
   }
 
-  out.log_injection_enabled = !!config.logInjection
-  out.runtime_metrics_enabled = !!config.runtimeMetrics
-  const profilingEnabled = config.profiling?.enabled
-  out.profiling_enabled = profilingEnabled === 'true' || profilingEnabled === 'auto'
-  Object.assign(out, getIntegrationsAndAnalytics())
-
-  out.appsec_enabled = !!config.appsec.enabled
-
   return out
 }
 
@@ -118,7 +104,7 @@ function setStartupLogPluginManager (thePluginManager) {
 }
 
 /**
- * @param {import('./sampling_rule')} theRules
+ * @param {import('./sampling_rule')[]} theRules
  */
 function setSamplingRules (theRules) {
   samplingRules = theRules