
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
@heroku-cli/plugin-run
Advanced tools
[](https://oclif.io) [](https://npmjs.org/package/@heroku-cli/plugin-run) [
@heroku-cli/plugin-run/8.1.4 darwin-x64 node-v16.19.0
$ heroku --help [COMMAND]
USAGE
$ heroku COMMAND
...
heroku logs
display recent log output
USAGE
$ heroku logs -a <value> [-r <value>] [-n <value>] [-d <value>] [-s <value>] [-t] [--force-colors]
FLAGS
-a, --app=<value> (required) app to run command against
-d, --dyno=<value> only show output from this dyno type (such as "web" or "worker")
-n, --num=<value> number of lines to display
-r, --remote=<value> git remote of app to use
-s, --source=<value> only show output from this source (such as "app" or "heroku")
-t, --tail continually stream logs
--force-colors force use of colors (even on non-tty output)
DESCRIPTION
display recent log output
disable colors with --no-color, HEROKU_LOGS_COLOR=0, or HEROKU_COLOR=0
EXAMPLES
$ heroku logs --app=my-app
$ heroku logs --num=50
$ heroku logs --dyno=web --app=my-app
$ heroku logs --app=my-app --tail
See code: src/commands/logs.ts
heroku run
run a one-off process inside a heroku dyno
USAGE
$ heroku run -a <value> [-r <value>] [-s <value>] [--type <value>] [-x] [-e <value>] [--no-tty]
[--no-notify]
FLAGS
-a, --app=<value> (required) parent app used by review apps
-e, --env=<value> environment variables to set (use ';' to split multiple vars)
-r, --remote=<value> git remote of app to use
-s, --size=<value> dyno size
-x, --exit-code passthrough the exit code of the remote command
--no-notify disables notification when dyno is up (alternatively use HEROKU_NOTIFICATIONS=0)
--no-tty force the command to not run in a tty
--type=<value> process type
DESCRIPTION
run a one-off process inside a heroku dyno
Shows a notification if the dyno takes more than 20 seconds to start.
EXAMPLES
$ heroku run bash
$ heroku run -s standard-2x -- myscript.sh -a arg1 -s arg2
See code: src/commands/run/index.ts
heroku run:detached
run a detached dyno, where output is sent to your logs
USAGE
$ heroku run:detached -a <value> [-r <value>] [-e <value>] [-s <value>] [-t] [--type <value>]
FLAGS
-a, --app=<value> (required) app to run command against
-e, --env=<value> environment variables to set (use ';' to split multiple vars)
-r, --remote=<value> git remote of app to use
-s, --size=<value> dyno size
-t, --tail continually stream logs
--type=<value> process type
DESCRIPTION
run a detached dyno, where output is sent to your logs
EXAMPLES
$ heroku run:detached ls
See code: src/commands/run/detached.ts
8.1.4 (2023-05-24)
Note: Version bump only for package heroku
FAQs
[](https://oclif.io) [](https://npmjs.org/package/@heroku-cli/plugin-run) [.
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.