Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@contrast/perf
Advanced tools
The perf module is intended for developers to be able to measure the performance of code.
Although the code is relatively efficient, it is not intended to be used in production code.
The primary design goal of the perf module is that it not introduce any cost when it is not in use. Practically, this is impossible in an interpreted language, so perf is designed to have no cost after startup when it is not in use. Perf does not introduce any cost after startup if it is not enabled.
A secondary design goal is that perf is efficient enough that, if desired, it could be used in production code in order to troubleshoot a performance issue. To this end, minimal aggregation and no analysis is performed at runtime. The perf log is very simple and can be analyzed offline.
To enable perf, the environment variable CSI_PERF
must be set to 1
.
The logging interval can be set with the environment variable CSI_PERF_INTERVAL
. The value is in milliseconds. The default is 60000, but after startup logging only occurs every 5 intervals. This is to avoid logging but should change if the request generators all complete in less than a minute.
The log is written to agent-perf.jsonl
in the current working directory.
The log is one JSON object per line (JSONL).
Histograms that store complex objects?
FAQs
Performance measurement
The npm package @contrast/perf receives a total of 12,213 weekly downloads. As such, @contrast/perf popularity was classified as popular.
We found that @contrast/perf demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.