Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@datadog/pprof
Advanced tools
The @datadog/pprof package is a Node.js module provided by Datadog for profiling Node.js applications. It allows developers to generate and analyze CPU and heap profiles to understand the performance characteristics of their applications and identify bottlenecks or memory leaks.
CPU Profiling
This feature enables CPU profiling, allowing developers to understand where their application spends most of its execution time. The code sample demonstrates how to start CPU profiling with a specified duration and sampling rate.
const profiler = require('@datadog/pprof');
profiler.start({
service: 'my-service',
// 10 minutes profiling duration
duration: 600,
// Profile CPU every 1000 milliseconds
sampleRate: 1000
});
Heap Profiling
Heap profiling helps in identifying memory leaks and understanding memory allocation patterns. The code sample shows how to start heap profiling with a specified interval between snapshots.
const profiler = require('@datadog/pprof');
profiler.heap.start({
service: 'my-service',
// Take a snapshot every 600 seconds
snapshotInterval: 600
});
v8-profiler-next is a Node.js package for profiling the V8 JavaScript engine. It provides similar functionalities for CPU and heap profiling. Compared to @datadog/pprof, it focuses more on the V8 engine specifically and might offer more detailed insights for applications heavily relying on V8's features.
node-memwatch is another Node.js package designed for memory leak detection and heap diffing. While it provides valuable insights into memory usage and leaks, it does not offer CPU profiling, making it less comprehensive than @datadog/pprof for overall performance analysis.
pprof support for Node.js.
The profiler should not be enabled when using earlier versions of Node 10, since versions of Node.js 10 prior to 10.4.1 are impacted by this issue, which can cause garbage collection to take several minutes when heap profiling is enabled.
The pprof
module has a native component that is used to collect profiles
with v8's CPU and Heap profilers. You may need to install additional
dependencies to build this module.
pprof
has prebuilt binaries available for Linux and Alpine
Linux for Node 10, 12 and 14. No additional dependencies are required.@google-cloud/profiler
on environments
that pprof
does not have prebuilt binaries for, the module
node-gyp
will be used to
build binaries. See node-gyp
's
documentation
for information on dependencies required to build binaries with node-gyp
.The pprof
CLI can be used to view profiles collected with
this module. Instructions for installing the pprof
CLI can be found
here.
Install pprof
with npm
or add to your package.json
.
# Install through npm while saving to the local 'package.json'
npm install --save pprof
Update code to collect and save a profile:
const profile = await pprof.time.profile({
durationMillis: 10000, // time in milliseconds for which to
// collect profile.
});
const buf = await pprof.encode(profile);
fs.writeFile('wall.pb.gz', buf, (err) => {
if (err) throw err;
});
View the profile with command line pprof
:
pprof -http=: wall.pb.gz
Start program from the command line:
node --require pprof app.js
A wall time profile for the job will be saved in
pprof-profile-${process.pid}.pb.gz
. View the profile with command line
pprof
:
pprof -http=: pprof-profile-${process.pid}.pb.gz
Enable heap profiling at the start of the application:
// The average number of bytes between samples.
const intervalBytes = 512 * 1024;
// The maximum stack depth for samples collected.
const stackDepth = 64;
heap.start(intervalBytes, stackDepth);
Collect heap profiles:
Collecting and saving a profile in profile.proto format:
const profile = await pprof.heap.profile();
const buf = await pprof.encode(profile);
fs.writeFile('heap.pb.gz', buf, (err) => {
if (err) throw err;
})
View the profile with command line pprof
.
pprof -http=: heap.pb.gz
Collecting a heap profile with V8 allocation profile format:
const profile = await pprof.heap.v8Profile();
FAQs
pprof support for Node.js
The npm package @datadog/pprof receives a total of 2,848,996 weekly downloads. As such, @datadog/pprof popularity was classified as popular.
We found that @datadog/pprof demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.