Skip to content

guardrails: bail out if esbuild bundle #5988

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

guardrails: bail out if esbuild bundle #5988

wants to merge 1 commit into from

Conversation

tlhunter
Copy link
Member

@tlhunter tlhunter commented Jun 27, 2025
edited
Loading

What does this PR do?

  • instructs guardrails to disable SSI if the application is an ESBuild bundle
    • we cannot properly instrument any bundle externally
    • we can only instrument ESBuild bundles and only if the user built it with our plugin

Motivation

  • if a user has bundled their application with our ESBuild plugin and...
    • included a copy of the tracer using require('dd-trace') then...
      • it can get into a weird double-tracer state
      • there will be an internal (bundled) copy and an external (--require via guardrails) tracer
      • they fight with each other
    • but without a copy of the tracer then...
      • it can get into a weird state where the bundle does emit diagnostic channel messages
      • but the external tracer doesn't properly handle them
      • we could possibly support this in the future but it will require a lot of edge case testing
  • if a user has bundled their application...
    • with Webpack or with ESBuild but without our ESBuild plugin or with another bundler then...
      • it can get into a weird state where the tracer only instruments internal module require('http') calls
      • but doesn't instrument userland module require('express') calls

@github-actions GitHub Actions
Copy link

Overall package size

Self size: 9.62 MB
Deduped: 106.12 MB
No deduping: 106.64 MB

Dependency sizes | name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.7.0 | 35.02 MB | 35.02 MB | | @datadog/native-appsec | 8.5.2 | 19.33 MB | 19.34 MB | | @datadog/native-iast-taint-tracking | 4.0.0 | 11.72 MB | 11.73 MB | | @datadog/pprof | 5.8.2 | 9.56 MB | 9.93 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.5.3 | 2.95 MB | 5.6 MB | | @datadog/wasm-js-rewriter | 4.0.1 | 2.85 MB | 3.58 MB | | @datadog/native-metrics | 3.1.1 | 1.02 MB | 1.43 MB | | @opentelemetry/api | 1.8.0 | 1.21 MB | 1.21 MB | | import-in-the-middle | 1.14.0 | 120.58 kB | 841.68 kB | | source-map | 0.7.4 | 226 kB | 226 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | lru-cache | 7.18.3 | 133.92 kB | 133.92 kB | | pprof-format | 2.1.0 | 111.69 kB | 111.69 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 5.3.2 | 53.63 kB | 53.63 kB | | istanbul-lib-coverage | 3.2.2 | 34.37 kB | 34.37 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | dc-polyfill | 0.1.9 | 25.11 kB | 25.11 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | shell-quote | 1.8.2 | 23.54 kB | 23.54 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | mutexify | 1.4.0 | 5.71 kB | 8.74 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | koalas | 1.0.2 | 6.47 kB | 6.47 kB | | module-details-from-path | 1.0.4 | 3.96 kB | 3.96 kB |

🤖 This report was automatically generated by heaviest-objects-in-the-universe

@codecov Codecov
Copy link

codecov bot commented Jun 27, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.56%. Comparing base (4423fb1) to head (8c2f6c9).
Report is 1 commits behind head on master.

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #5988   +/-   ##
=======================================
  Coverage   79.56%   79.56%           
=======================================
  Files         476      476           
  Lines       20306    20306           
=======================================
  Hits        16157    16157           
  Misses       4149     4149

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@datadog-datadog-prod-us1
Copy link

Datadog Report

Branch report: tlhunter/guardrails-esbuild
Commit report: dca3d88
Test service: dd-trace-js-integration-tests

✅ 0 Failed, 1258 Passed, 0 Skipped, 21m 37.58s Total Time

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bundler
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tlhunter