dd-trace-js
dd-trace-js copied to clipboard
DataDog
iast support llm
What does this PR do?
Motivation
Plugin Checklist
- [ ] Unit tests.
- [ ] TypeScript definitions.
- [ ] TypeScript tests.
- [ ] API documentation.
- [ ] CircleCI jobs/workflows.
- [ ] Plugin is exported.
Additional Notes
Security
Datadog employees:
- [ ] If this PR touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from
@DataDog/security-design-and-guidance. - [ ] This PR doesn't touch any of that.
Unsure? Have a question? Request a review!
Overall package size
Self size: 6.27 MB Deduped: 60.76 MB No deduping: 61.04 MB
Dependency sizes
| name | version | self size | total size |
|---|---|---|---|
| @datadog/native-iast-taint-tracking | 1.7.0 | 16.71 MB | 16.72 MB |
| @datadog/native-appsec | 7.1.1 | 14.39 MB | 14.4 MB |
| @datadog/pprof | 5.2.0 | 8.84 MB | 9.21 MB |
| protobufjs | 7.2.5 | 2.77 MB | 6.56 MB |
| @datadog/native-iast-rewriter | 2.3.0 | 2.15 MB | 2.24 MB |
| @opentelemetry/core | 1.14.0 | 872.87 kB | 1.47 MB |
| @datadog/native-metrics | 2.0.0 | 898.77 kB | 1.3 MB |
| @opentelemetry/api | 1.4.1 | 780.32 kB | 780.32 kB |
| import-in-the-middle | 1.7.3 | 67.62 kB | 731.01 kB |
| msgpack-lite | 0.1.26 | 201.16 kB | 281.59 kB |
| opentracing | 0.14.7 | 194.81 kB | 194.81 kB |
| semver | 7.5.4 | 93.4 kB | 123.8 kB |
| pprof-format | 2.1.0 | 111.69 kB | 111.69 kB |
| @datadog/sketches-js | 2.1.0 | 109.9 kB | 109.9 kB |
| lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB |
| lru-cache | 7.14.0 | 74.95 kB | 74.95 kB |
| ipaddr.js | 2.1.0 | 60.23 kB | 60.23 kB |
| ignore | 5.2.4 | 51.22 kB | 51.22 kB |
| int64-buffer | 0.1.10 | 49.18 kB | 49.18 kB |
| shell-quote | 1.8.1 | 44.96 kB | 44.96 kB |
| istanbul-lib-coverage | 3.2.0 | 29.34 kB | 29.34 kB |
| tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB |
| limiter | 1.1.5 | 23.17 kB | 23.17 kB |
| dc-polyfill | 0.1.4 | 23.1 kB | 23.1 kB |
| retry | 0.13.1 | 18.85 kB | 18.85 kB |
| node-abort-controller | 3.1.1 | 16.89 kB | 16.89 kB |
| jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB |
| crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB |
| path-to-regexp | 0.1.7 | 6.78 kB | 6.78 kB |
| koalas | 1.0.2 | 6.47 kB | 6.47 kB |
| methods | 1.1.2 | 5.29 kB | 5.29 kB |
| module-details-from-path | 1.0.3 | 4.47 kB | 4.47 kB |
🤖 This report was automatically generated by heaviest-objects-in-the-universe
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
Attention: Patch coverage is 15.15152% with 28 lines in your changes missing coverage. Please review.
Project coverage is 77.89%. Comparing base (
fc3daf5) to head (ff196cf). Report is 1031 commits behind head on master.
Additional details and impacted files
@@ Coverage Diff @@
## master #4210 +/- ##
==========================================
- Coverage 84.39% 77.89% -6.51%
==========================================
Files 242 247 +5
Lines 10705 10992 +287
Branches 33 33
==========================================
- Hits 9035 8562 -473
- Misses 1670 2430 +760
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
- :package: JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Benchmarks
Benchmark execution time: 2024-04-04 09:50:04
Comparing candidate commit ff196cf1e14c8a4cdaf2184a4cb463bc57626658 in PR branch ugaitz/iast-llm with baseline commit fc3daf59bc3543a78b9d59eb99ff129c98d239e0 in branch master.
Found 0 performance improvements and 0 performance regressions! Performance is the same for 258 metrics, 8 unstable metrics.
![pr-commenter[bot] avatar](https://avatars.githubusercontent.com/u/365230?v=4 "Published by a pub.dev verified publisher"){kind=small}
I just had a brief look and it seems to me this would need to be reworked from scratch, since we implemented langchain support by now, just without the iast support.
@uurien I am closing this for now while I believe it would be valuable to get the PR again to support iast with llm. I just think it would likely be best to start with a new PR.
