保護DataHogo
Security Encyclopedia/Deployment Best Practices
lowCWE-778A09:2021

No Error Monitoring

Without error monitoring, production errors are invisible until a user reports them — which most never do.

How It Works

Studies show only 1 in 26 unhappy customers actually complain. The rest just leave. Without tools like Sentry, Datadog APM, or Bugsnag capturing production exceptions automatically, you're flying blind. You also lose the context (stack trace, user ID, request data) needed to reproduce and fix issues quickly.

Vulnerable Code
// BAD: errors caught and silently dropped, or only logged to console
try {
  await processPayment(order);
} catch (error) {
  console.error('Payment failed:', error); // only visible in server logs
  // No alert, no tracking, no context saved for debugging
}
Secure Code
// GOOD: errors captured with context in a monitoring tool
import * as Sentry from '@sentry/node';

try {
  await processPayment(order);
} catch (error) {
  Sentry.captureException(error, {
    extra: { orderId: order.id, userId: order.userId, amount: order.amount }
  });
  throw error; // still surface the error to the caller
}

Real-World Example

Sentry's own research found that 80% of production errors go unreported by users. Applications without error monitoring often discover major bugs only when revenue drops or a vocal user complains on social media — sometimes days after the bug was introduced.

How to Prevent It

  • Add Sentry, Datadog, or Bugsnag to both your frontend and backend
  • Configure alerts for error spikes so you're notified within minutes of a new production error
  • Capture user context with errors (user ID, plan, browser) so you can prioritize and reproduce
  • Review your error dashboard weekly — it's the fastest way to find reliability issues

Affected Technologies

Node.jsjavascript

Data Hogo detects this vulnerability automatically.

Scan Your Repo Free

Related Vulnerabilities

NODE_ENV Not Set to Production

medium

Running Node.js without NODE_ENV=production enables verbose error messages, disables caching optimizations, and can activate development-only middleware.

CWE-16A05:2021

Debug Mode Active in Production

medium

Debug mode enabled in production exposes internal state, enables verbose logging, and sometimes activates interactive debugging endpoints that attackers can exploit.

CWE-215A05:2021

No Health Check Endpoint

low

Without a /health endpoint, load balancers and orchestrators can't verify your application is actually working before routing traffic to it.

CWE-778

Dev Environment Variables in Production

high

Using development credentials (test API keys, local database URLs, sandbox payment keys) in production puts real users at risk.

CWE-547A05:2021