fix: Don't use require to load package.json files (#4593)

* fix: Don't use require to load package.json files * update changelog * Move changelog entry --------- Co-authored-by: Marc Pichler <[email protected]>
open-telemetry · Apr 15, 2024 · da02c8d · da02c8d
1 parent fab27d5
commit da02c8d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/experimental/CHANGELOG.md b/experimental/CHANGELOG.md
@@ -20,6 +20,7 @@ All notable changes to experimental packages in this project will be documented
 ### :bug: (Bug Fix)
 
 * fix(otlp-grpc-exporter-base): avoid TypeError on exporter shutdown [#4612](https://github.com/open-telemetry/opentelemetry-js/pull/4612)
+* fix(instrumentation): Don't use `require` to load `package.json` files
 
 ### :books: (Refine Doc)
 

diff --git a/experimental/packages/opentelemetry-instrumentation/src/platform/node/instrumentation.ts b/experimental/packages/opentelemetry-instrumentation/src/platform/node/instrumentation.ts
@@ -30,6 +30,7 @@ import { InstrumentationModuleDefinition } from '../../types';
 import { diag } from '@opentelemetry/api';
 import type { OnRequireFn } from 'require-in-the-middle';
 import { Hook } from 'require-in-the-middle';
+import { readFileSync } from 'fs';
 
 /**
  * Base abstract class for instrumenting node plugins
@@ -160,8 +161,10 @@ export abstract class InstrumentationBase<T = any>
 
   private _extractPackageVersion(baseDir: string): string | undefined {
     try {
-      // eslint-disable-next-line @typescript-eslint/no-var-requires
-      const version = require(path.join(baseDir, 'package.json')).version;
+      const json = readFileSync(path.join(baseDir, 'package.json'), {
+        encoding: 'utf8',
+      });
+      const version = JSON.parse(json).version;
       return typeof version === 'string' ? version : undefined;
     } catch (error) {
       diag.warn('Failed extracting version', baseDir);