Installations
npm install elastic-apm-nodeDeveloper Guide
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=14.17.0
Node Version
16.20.2
NPM Version
8.19.4
Score
83.6
Supply Chain
98.3
Quality
90.7
Maintenance
100
Vulnerability
92.2
License
Releases
Contributors
Languages
JavaScript (97.73%)
Shell (1.64%)
TypeScript (0.37%)
Makefile (0.18%)
Dockerfile (0.08%)
validate.email 🚀
Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.
Developer
Download Statistics
Total Downloads
63,288,786
Last Day
79,896
Last Week
380,180
Last Month
1,605,641
Last Year
19,761,822
GitHub Statistics
BSD-2-Clause License
586 Stars
3,820 Commits
230 Forks
263 Watchers
44 Branches
2,153 Contributors
Updated on Mar 13, 2025
Bundle Size
934.30 kB
Minified
249.88 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
4.11.1
Package Id
elastic-apm-node@4.11.1
Unpacked Size
907.79 kB
Size
235.18 kB
File Count
160
NPM Version
8.19.4
Node Version
16.20.2
Published on
Mar 13, 2025
Oops! Something went wrong.
Dependencies
37
Dev Dependencies
80
Elastic APM Node.js Agent
This is the official Node.js application performance monitoring (APM) agent for the Elastic Observability solution. It is a Node.js package that runs with your Node.js application to automatically capture errors, tracing data, and performance metrics. APM data is sent to your Elastic Observability deployment -- hosted in Elastic's cloud or in your own on-premises deployment -- where you can monitor your application, create alerts, and quick identify root causes of service issues.
If you have any feedback or questions, please post them on the Discuss forum.
Installation
npm install --save elastic-apm-node
Getting started
First, you will need an Elastic Stack deployment. This is a deployment of APM
Server (which receives APM data from the APM agent running in your application),
Elasticsearch (the database that stores all APM data), and Kibana (the
application that provides the interface to visualize and analyze the data). If
you do not already have an Elastic deployment to use, follow this APM Quick
Start guide
to create a free trial on Elastic's cloud. From this deployment you will need
the APM serverUrl and secretToken (or a configured apiKey) to use
for configuring the APM agent.
Next, the best and easiest way to see how to install and start the APM agent is to follow one of the "Get started" guides for the web framework or technology that you are using:
- Get started with Express
- Get started with Fastify
- Get started with Koa
- Get started with hapi
- Get started with Restify
- Get started with AWS Lambda
- Get started with Azure Functions
- Get started with TypeScript
Typically, the quick start steps are:
-
Install the APM agent package as a dependency:
npm install --save elastic-apm-node -
Configure and start the APM agent. For the APM agent's automatic instrumentation of popular modules to work, it must be started before your application imports its other dependencies. For example, if you use CommonJS, then put this at the very top of your main application file:
1require('elastic-apm-node').start({ 2 serverUrl: '<serverUrl from your Elastic Stack deployment>', 3 secretToken: '<secretToken from your Elastic Stack deployment>' 4 serviceName: '...', // https://www.elastic.co/guide/en/apm/agent/nodejs/current/configuration.html#service-name 5 environment: '...', // https://www.elastic.co/guide/en/apm/agent/nodejs/current/configuration.html#environment 6});
There are other ways to start the APM agent: for example, to support starting the APM agent without having to change application code; or to avoid certain surprises when using TypeScript or other transpilers like Babel or esbuild. See Starting the agent for a reference of all ways to start the agent and for details on gotchas with transpilers and bundlers (like Webpack and esbuild).
If your application is using ES modules, please see ECMAScript module support for the current experimental support.
Documentation
The full Node.js APM agent documentation is here. Some important links:
- Release notes
- Supported Technologies describes the supported Node.js versions, which modules (and version ranges) are automatically traced, and other technologies.
- Configuring the agent describes the different ways to configure the APM agent (via options to
apm.start(...), environment variables, or other mechanisms). - Configuration options is a full configuration reference.
- Troubleshooting describes some common issues and a way to get debugging output from the APM agent for bug reports.
- Upgrading includes a guide for upgrading from each past major version of the APM agent.
- Metrics describes the metrics that the APM agent automatically collects.
- The APM agent includes an OpenTelemetry Bridge that allows one to use the vendor-agnostic OpenTelemetry API for manual instrumentation in your application, should you require manual instrumentation.
Active release branches
The following git branches are active:
- The "main" branch is being used for 4.x releases.
- The "3.x" branch is being used for 3.x maintenance releases. The 3.x line will be supported until 2024-03-07 -- for 6 months after the release of v4.0.0.
Contributing
Contributions are very welcome. You can get in touch with us through our Discuss forum. If you have found an issue, you can open an issue at https://github.com/elastic/apm-agent-nodejs/issues.
If you are considering contributing code to the APM agent, please read our contribution guide.
Please see TESTING.md for instructions on how to run the test suite.
License
Made with ♥️ by Elastic and our community.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: BSD 2-Clause "Simplified" License: LICENSE:0
Reason
no binaries found in the repo
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:17
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: 'branch protection settings apply to administrators' is disabled on branch 'main'
- Warn: 'stale review dismissal' is disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is required - but no codeowners file found in repo
- Warn: 'last push approval' is disabled on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/edge.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/edge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/edge.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/edge.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/labeler.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/labeler.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/labeler.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/labeler.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/microbenchmark.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/microbenchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/release.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:141: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/release.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/slack-lite.yml:122: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/slack-lite.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav-command.yml:144: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav-command.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav-command.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav-command.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav-command.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav-command.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav-command.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav-command.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tav.yml:73: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/tav.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-fips.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test-fips.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test-fips.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test-fips.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-fips.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test-fips.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:169: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:170: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:182: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:183: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:207: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/updatecli.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/updatecli.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/updatecli.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/updatecli.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/updatecli.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/elastic/apm-agent-nodejs/updatecli.yml/main?enable=pin
- Warn: containerImage not pinned by hash: .ci/docker/node-container/Dockerfile:2
- Warn: containerImage not pinned by hash: .ci/docker/node-edge-container/Dockerfile:1: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8e5c4f0285ecbb4ead070431d29b576a530d3166df73ec44affc1cd27555141b
- Warn: containerImage not pinned by hash: test/Dockerfile:2
- Warn: downloadThenRun not pinned by hash: .ci/docker/node-edge-container/Dockerfile:27
- Warn: downloadThenRun not pinned by hash: .ci/scripts/prepare-benchmarks-env.sh:22
- Info: 3 out of 23 GitHub-owned GitHubAction dependencies pinned
- Info: 9 out of 21 third-party GitHubAction dependencies pinned
- Info: 2 out of 5 containerImage dependencies pinned
- Info: 0 out of 2 downloadThenRun dependencies pinned
- Info: 6 out of 6 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/docs-build.yml:18
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/docs-build.yml:19
- Warn: jobLevel 'deployments' permission set to 'write': .github/workflows/docs-build.yml:16
- Info: found token with 'none' permissions: .github/workflows/docs-cleanup.yml:12
- Warn: jobLevel 'deployments' permission set to 'write': .github/workflows/docs-cleanup.yml:14
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/updatecli.yml:15
- Info: jobLevel 'packages' permission set to 'read': .github/workflows/updatecli.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/addToProject.yml:7
- Warn: no topLevel permission defined: .github/workflows/docs-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs-cleanup.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/edge.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/labeler.yml:10
- Info: topLevel 'contents' permission set to 'read': .github/workflows/microbenchmark.yml:16
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:12
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/release.yml:14
- Warn: no topLevel permission defined: .github/workflows/slack-lite.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/tav-command.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/tav.yml:20
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-docs.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test-fips.yml:16
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yml:30
- Info: topLevel 'contents' permission set to 'read': .github/workflows/updatecli.yml:9
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
12 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-rrr8-f88r-h8q6
- Warn: Project is vulnerable to: GHSA-9pv7-vfvm-6vr7
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-c59h-r6p8-q9wc
- Warn: Project is vulnerable to: GHSA-7m27-7ghc-44w9
- Warn: Project is vulnerable to: GHSA-g77x-44xx-532m
- Warn: Project is vulnerable to: GHSA-7gfc-8cq8-jh5f
- Warn: Project is vulnerable to: GHSA-7fh5-64p2-3v2j
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6
/10
Last Scanned on 2025-03-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to elastic-apm-node
elastic-apm-node-opentracing
An OpenTracing bridge for the Elastic APM Node.js Agent
elastic-apm-node-logger
As of 25th Aug 2022, the official `elastic-apm-node` NPM library does not send the STDOUT logs of the nodejs application that it is installed on to back to your designated Elastic Stack, hence this NPM library aims to bridge this gap. it also enables your
@types/elastic-apm-node
Stub TypeScript definitions entry for elastic-apm-node, which provides its own types definitions
elastic-apm-node-with-metrics
The Elastic APM agent for Node.js with ability to read raw metrics.