Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@dwelle/pm2
Advanced tools
Production process manager for Node.JS applications with a built-in load balancer.
PM2 is a production process manager for Node.js applications with a built-in load balancer. It allows you to keep applications alive forever, to reload them without downtime and to facilitate common system admin tasks.
Starting an application in production mode is as easy as:
$ pm2 start app.js
PM2 is constantly assailed by more than 1800 tests.
Official website: https://pm2.keymetrics.io/
Works on Linux (stable) & macOS (stable) & Windows (stable). All Node.js versions are supported starting Node.js 12.X.
With NPM:
$ npm install pm2 -g
Or if you don't have Node.js installed:
wget -qO- https://getpm2.com/install.sh | bash
You can start any application (Node.js, Python, Ruby, binaries in $PATH...) like that:
$ pm2 start app.js
Your app is now daemonized, monitored and kept alive forever.
Once applications are started you can manage them easily:
To list all running applications:
$ pm2 list
Managing apps is straightforward:
$ pm2 stop <app_name|namespace|id|'all'|json_conf>
$ pm2 restart <app_name|namespace|id|'all'|json_conf>
$ pm2 delete <app_name|namespace|id|'all'|json_conf>
To have more details on a specific application:
$ pm2 describe <id|app_name>
To monitor logs, custom metrics, application information:
$ pm2 monit
The Cluster mode is a special mode when starting a Node.js application, it starts multiple processes and load-balance HTTP/TCP/UDP queries between them. This increase overall performance (by a factor of x10 on 16 cores machines) and reliability (faster socket re-balancing in case of unhandled errors).
Starting a Node.js application in cluster mode that will leverage all CPUs available:
$ pm2 start api.js -i <processes>
<processes>
can be 'max'
, -1
(all cpu minus 1) or a specified number of instances to start.
Zero Downtime Reload
Hot Reload allows to update an application without any downtime:
$ pm2 reload all
Seamlessly supported by all major Node.js frameworks and any Node.js applications without any code change:
More informations about how PM2 make clustering easy
With the drop-in replacement command for node
, called pm2-runtime
, run your Node.js application in a hardened production environment.
Using it is seamless:
RUN npm install pm2 -g
CMD [ "pm2-runtime", "npm", "--", "start" ]
Read More about the dedicated integration
Monitor all processes launched straight from the command line:
$ pm2 monit
To consult logs just type the command:
$ pm2 logs
Standard, Raw, JSON and formated output are available.
Examples:
$ pm2 logs APP-NAME # Display APP-NAME logs
$ pm2 logs --json # JSON output
$ pm2 logs --format # Formated output
$ pm2 flush # Flush all logs
$ pm2 reloadLogs # Reload all logs
PM2 can generates and configure a Startup Script to keep PM2 and your processes alive at every server restart.
Init Systems Supported: systemd, upstart, launchd, rc.d
# Generate Startup Script
$ pm2 startup
# Freeze your process list across server restart
$ pm2 save
# Remove Startup Script
$ pm2 unstartup
More about Startup Scripts Generation
PM2 embeds a simple and powerful module system. Installing a module is straightforward:
$ pm2 install <module_name>
Here are some PM2 compatible modules (standalone Node.js applications managed by PM2):
pm2-logrotate automatically rotate logs and limit logs size
pm2-server-monit monitor the current server with more than 20+ metrics and 8 actions
# Install latest PM2 version
$ npm install pm2@latest -g
# Save process list, exit old PM2 & restore all processes
$ pm2 update
PM2 updates are seamless
If you manage your apps with PM2, PM2+ makes it easy to monitor and manage apps across servers.
Feel free to try it:
Discover the monitoring dashboard for PM2
Thanks in advance and we hope that you like PM2!
PM2 is made available under the terms of the GNU Affero General Public License 3.0 (AGPL 3.0). For other licenses contact us.
FAQs
Production process manager for Node.JS applications with a built-in load balancer.
The npm package @dwelle/pm2 receives a total of 4 weekly downloads. As such, @dwelle/pm2 popularity was classified as not popular.
We found that @dwelle/pm2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.