Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@alicloud/llnode-api
Advanced tools
An lldb plugin for Node.js and V8, which enables inspection of JavaScript states for insights into Node.js processes and their core dumps.
Node.js v4.x+ C++ plugin for the LLDB debugger.
The llnode plugin adds the ability to inspect JavaScript stack frames, objects, source code and more to the standard C/C++ debugging facilities when working with Node.js processes or core dumps in LLDB.
class LLNode {
/**
* @param {string} dump path to the coredump
* @param {string} executable path to the node executable
* @returns {LLNode} an LLNode instance
*/
constructor(dump, executable) {}
/**
* @desc LLDB load core dump
*/
loadCore() {}
/**
* @desc SBProcess information
*
* @typedef {object} Process
* @property {number} pid the pid of process
* @property {number} thread_count the count of threads in the process
* @property {string} state the state of process
* @property {string} executable executable path
*
* @return {Process} process data
*/
getProcessInfo() {}
/**
* @param {array|numver} thread_index ex: 1 or [0, 1, 2]
* @param {<optional>number} current_frame
* @param {<optional>number} limit limit of frames you want to get (start from current_frame)
*
* @typedef {object} JSObject
* @property {number} type see src/llnode-common.h InspectType
* @property {string} name
* @property {string} address address of context
* @property {string} map_address
* @property other unique property will depend on js object type, see src/llnode-common.h for more information.
*
* @typedef {object} NativeFrame
* @property {number} type 1
* @property {string} name Native
* @property {string} function function name
* @property {string} module path of library
* @property {string} compile_unit
*
* @typedef {object} JSFrame
* @property {number} type 2
* @property {string} name JavaScript
* @property {string} function function name
* @property {JSObject} context function call this
* @property {[JSObject]} arguments function call arguments
* @property {string} line function debug line
* @property {string} func_addr function address
*
* @typedef {object} UnknownJSFrame
* @property {number} 2
* @property {string} name Unknown
* @property {string} function function name
* @property {string} func_addr ''
*
* @typedef {object} ThreadInfo
* @property {boolean} frame_end
* @property {<optional>number} frame_left if frame_end is false, will have
* @property {NativeFrame|JSFrame|UnknownJSFrame} frame_list
*
* @returns {[ThreadInfo]} return threadinfo list
*/
getThreadByIds() {}
/**
* @param {<optional>number} current current js object index
* @param {<optional>number} limit limit of js objects you want to get (start from current)
*
* @typedef {object} TypedJSObject
* @property {number} index
* @property {string} name typed js object name
* @property {number} count typed js object count
* @property {number} size typed js object total size
*
* @typedef {object} TypedList
* @property {boolean} object_end
* @property {<optional>number} object_left if object_end is false, will have
* @property {[TypedJSObject]} object_list
*
* @return {TypedList} return typed object list
*/
getJsObjects() {}
/**
* @param {number} index js instance index
* @param {<optional>number} current current js instance index
* @param {<optional>number} limit limit of js instances you want to get (start from current)
*
* @typedef {object} JSInstance
* @property {string} address instance address
* @property {string} desc short description of instance
*
* @typedef {object} InstanceList
* @property {boolean} instance_end
* @property {<optional>number} instance_end if instance_end is false, will have
* @property {[JSInstance]} instance_list
*
* @return {InstanceList} return js instance list
*/
getJsInstances() {}
/**
* @param {string} address
*
* @typedef {object} JSObject
* @property {number} type see src/llnode-common.h InspectType
* @property {string} name
* @property {string} address address of context
* @property {string} map_address
* @property other unique property will depend on js object type, see src/llnode-common.h for more information.
*
* @return {JSObject} return inspected js object
*/
inspectJsObjectAtAddress() {}
}
Version | v6.x | v8.x | v10.x | master | v8-canary |
---|---|---|---|---|---|
Trusty | |||||
OS X | - | - |
We have nightly test runs against all Node.js active release lines. We also test against Node.js master and Node.js v8-canary nightly builds to help us identify breaking changes on Node.js and V8 before they land on an active release line.
Start an LLDB session with the llnode plugin automatically loaded:
npm install -g llnode
llnode `which node` -c /path/to/core/dump
To use llnode you need to have the LLDB debugger installed. The recommended version is LLDB 3.9 and above.
OS X/macOS
You can install Xcode and use the LLDB that comes with it.
Optionally, you can install newer versions of lldb using Homebrew with
brew update && brew install --with-lldb --with-toolchain llvm
and make sure /usr/local/opt/llvm/bin
gets searched before /usr/bin/
on your PATH
. llnode will link to the LLDB installation returned by
llvm-config
if available.
Linux
You can install the lldb package using the package manager of your
distribution. You may need to install additional packages for liblldb
as well.
For example, on Ubuntu 16.04 you can install the prerequisites with
apt-get install lldb-4.0 liblldb-4.0-dev
FreeBSD
# Install llvm with lldb and headers
pkg install llvm39
rm -f /usr/bin/lldb
ln -s /usr/local/bin/lldb39 /usr/bin/lldb
Windows
You can install a binary distribution of LLVM directly or using Chocolatey:
cinst -y visualstudio2017buildtools visualstudio2017-workload-vctools llvm git
Visual Studio is required for MSBuild and headers when building llnode. Git is required to download the lldb headers.
If you have lldb
available on your PATH
, simply run:
npm install -g llnode
To build llnode against a specific lldb version matching an lldb executable,
use the --lldb_exe
npm option. For example, on Linux the executable on the
PATH
might be lldb-3.9
:
npm install --lldb_exe=`which lldb-3.9` -g llnode
After installing with npm, llnode
should be available on your PATH
as a
shortcut for running LLDB with the llnode plugin.
brew install llnode
There are several ways to load the llnode plugin:
If you install llnode globally via npm (npm install -g llnode
), you can use
the llnode
shortcut script. This starts lldb
and automatically issues
the plugin load
command. All parameters to the llnode script are passed
directly to lldb. If you it's not a local installation, the shortcut will be in
node_modules/.bin/llnode
.
~/.lldbinit
to load the Plugin AutomaticallyTo tell LLDB to load llnode automatically regardless of the
version of lldb that you are running, add this line to ~/.lldbinit
:
plugin load /path/to/the/llnode/plugin
The path to the llnode plugin should be printed when the installation
is finished. On OS X/macOS the plugin is typically
node_modules/llnode/llnode.dylib
, on Linux it's
node_modules/llnode/llnode.so
.
The llnode plugin can also be manually loaded into LLDB using the
plugin load
command within lldb.
It does not matter whether the plugin load
command is issued before or after
loading a core dump or attaching to a process.
Similar to the ~/.lldbinit
approach, this way LLDB will also load the plugin
automatically on start-up. Doing this may require additional permissions
to be able to copy the plugin libary to the system plugin directory.
On Linux, run make install-linux
in the project directory, or if
installing with npm, copy node_modules/llnode/llnode.so
to /usr/lib/lldb/plugins
or create a link there.
On OS X/macOS, run make install-osx
in the project directory, or if
installing with npm, copy node_modules/llnode/llnode.dylib
to ~/Library/Application\ Support/LLDB/PlugIns/
or create a link there.
To use llnode with a core dump the core dump needs to be loaded into lldb along with the exact executable that created the core dump. The executable contains information that lldb and the llnode plugin need to make sense of the data in the core dump.
To load a core dump when starting llnode use:
llnode /path/to/bin/node -c /path/to/core
or to load the core dump after starting lldb:
(llnode) target create /path/to/bin/node -c /path/to/core
To use llnode against a live process:
llnode -- /path/to/bin/node script.js
(llnode) run
This is ideal for debugging an npm package with native code. To debug a Node.js crash on uncaught exception:
llnode -- /path/to/bin/node --abort_on_uncaught_exception script.js
(llnode) run
lldb will stop your process when it crashes. To see where it stopped use the v8 bt command. See the Commands section below for more commands.
(llnode) v8 help
Node.js helpers
Syntax: v8
The following subcommands are supported:
bt -- Show a backtrace with node.js JavaScript functions and their args. An optional argument is accepted; if
that argument is a number, it specifies the number of frames to display. Otherwise all frames will be
dumped.
Syntax: v8 bt [number]
findjsinstances -- List every object with the specified type name.
Use -v or --verbose to display detailed `v8 inspect` output for each object.
Accepts the same options as `v8 inspect`
findjsobjects -- List all object types and instance counts grouped by typename and sorted by instance count. Use
-d or --detailed to get an output grouped by type name, properties, and array length, as well as
more information regarding each type.
With lldb < 3.9, requires the `LLNODE_RANGESFILE` environment variable to be set to a file
containing memory ranges for the core file being debugged.
There are scripts for generating this file on Linux and Mac in the scripts directory of the llnode
repository.
findrefs -- Finds all the object properties which meet the search criteria.
The default is to list all the object properties that reference the specified value.
Flags:
* -v, --value expr - all properties that refer to the specified JavaScript object (default)
* -n, --name name - all properties with the specified name
* -s, --string string - all properties that refer to the specified JavaScript string value
getactivehandles -- Print all pending handles in the queue. Equivalent to running process._getActiveHandles() on
the living process.
getactiverequests -- Print all pending handles in the queue. Equivalent to running process._getActiveHandles() on
the living process.
inspect -- Print detailed description and contents of the JavaScript value.
Possible flags (all optional):
* -F, --full-string - print whole string without adding ellipsis
* -m, --print-map - print object's map address
* -s, --print-source - print source code for function objects
* -l num, --length num - print maximum of `num` elements from string/array
Syntax: v8 inspect [flags] expr
nodeinfo -- Print information about Node.js
print -- Print short description of the JavaScript value.
Syntax: v8 print expr
source -- Source code information
For more help on any particular subcommand, type 'help <command> <subcommand>'.
The easiest way to build the plugin:
# Clone this repo
git clone https://github.com/nodejs/llnode.git && cd llnode
# Configure and build the plugin with npm
npm install
# To configure and build the plugin without npm
node scripts/configure.js && node scripts/install.js && node scripts/cleanup.js
# Or use make
make plugin
# To configure and build both the plugin and the addon
npm install --llnode_build_addon=true
# Without npm
LLNODE_BUILD_ADDON=true node scripts/configure.js && node scripts/install.js && node scripts/cleanup.js
# Or use make
make addon # Builds the addon
make # Builds both the addon and the plugin
To configure the build yourself:
# Detect available lldb installation and download headers if necessary
node scripts/configure.js
# To build the addon, set the environment variable LLNODE_BUILD_ADDON=true
# To configure with the detected lldb installation
node-gyp configure
# To configure with a specified path to headers, where `$lldb_include_dir`
# contains the <lldb/*/*.h> headers
node-gyp configure -- -Dlldb_include_dir=/usr/local/Cellar/llvm/5.0.0/include
# To configure with a specified path to the libraries, where `$lldb_lib_dir`
# contains `liblldb.so` or `liblldb.dylib`
node-gyp configure -- -Dlldb_lib_dir=/usr/lib/llvm-3.9/lib
# Build the plugin (and the addon if LLNODE_BUILD_ADDON=true)
node-gyp build
# Move the built plugin to the project directory
node scripts/cleanup.js
To run the tests, if lldb
is an executable on the PATH
:
npm run test-all # Run both addon and plugin tests
npm run test-plugin # Run plugin tests
npm run test-addon # Run addon tests
If the LLDB executable is named differently, point TEST_LLDB_BINARY
to it before running the tests:
TEST_LLDB_BINARY=`which lldb-4.0` npm run test-all
LLNODE_DEBUG=true
to see additional debug info from llnodeTEST_LLNODE_DEBUG=true
to see additional debug info coming from the testsLLNODE_CORE=/path/to/core/dump LLNODE_NODE_EXE=/path/to/node LLNODE_NO_RANGES=true
to use a prepared core dump instead of generating one on-the-fly when running
the tests.For example, to inspect the process of inspect-scenario.js
, run:
LLNODE_DEBUG=true lldb -- \
node --abort_on_uncaught_exception --expose_externalize_string \
test/fixtures/inspect-scenario.js
(lldb) run
To debug test/scan-test.js
with a prepared core dump:
LLNODE_DEBUG=true TEST_LLNODE_DEBUG=true \
LLNODE_CORE=/path/to/core/dump/of/inspect/scenario.js \
LLNODE_NODE_EXE=/path/to/node \
LLNODE_NO_RANGES=true \
node test/scan-test.js
This software is licensed under the MIT License.
Copyright Fedor Indutny, 2016.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
An lldb plugin for Node.js and V8, which enables inspection of JavaScript states for insights into Node.js processes and their core dumps.
We found that @alicloud/llnode-api demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.