Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@krakenjs/grabthar

Package Overview
Dependencies
Maintainers
6
Versions
9
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@krakenjs/grabthar

Periodic npm installs in production

latest
Source
npmnpm
Version
6.2.0
Version published
Weekly downloads
57
90%
Maintainers
6
Weekly downloads
 
Created
Source

build status code coverage npm version apache license

Do it live

Because npm installing in production every 30 seconds is a great idea, right? ...right?

Quick Start

npm install --save @krakenjs/grabthar

Examples

Hot deploy and serve up static files:

import { poll } from "@krakenjs/grabthar";

let watcher = poll({
  name: "my-live-updating-module",
});

app.get("/foo.js", async function handleRequest(req, res) {
  const { modulePath } = await watcher.get();
  res.sendFile(`${modulePath}/dist/foo.js`);
});

Or if you're feeling really brave, hot deploy and require new code:

import { poll } from "@krakenjs/grabthar";

let watcher = poll({
  name: "my-live-updating-module",
});

app.get("/api/foo", async function handleRequest(req, res) {
  const { getFoo } = await watcher.import();
  res.json(getFoo());
});

Deploying

By default grabthar will use the current latest tag of your chosen module, from npm.

So, to deploy and activate new code, just:

npm version patch;
npm publish;

This will automatically set the latest tag to the latest version.

Deploying and activating in different steps

To separate out the deployment and activation of new code, you can make use of different npm dist-tags:

import { poll } from "@krakenjs/grabthar";

let watcher = poll({
  name: "my-live-updating-module",
  tags: ["latest", "release"],
});

app.get("/foo.js", async function handleRequest(req, res) {
  const { modulePath } = await watcher.get("release");
  res.sendFile(`${modulePath}/dist/foo.js`);
});

To deploy:

npm version patch;
npm publish;

To activate:

npm dist-tag add my-live-updating-module@x.x.x release

grabthar will monitor and install anything passed in tags, but the activated version will only change when you set a new release dist tag.

Rolling back to old versions

Just change the dist-tag to whatever version you want to roll back to:

npm dist-tag add my-live-updating-module@x.x.x latest

or:

npm dist-tag add my-live-updating-module@x.x.x release

What else will watcher.get() return?

const {
  // The root directory where the module is installed, e.g.
  // /Users/zippy/__live_modules__/my-live-updating-module_1.3.53
  moduleRoot,

  // The full path to the node_modules installed, e.g.
  // /Users/zippy/__live_modules__/my-live-updating-module_1.3.53/node_modules/
  nodeModulesPath,

  // The full path to your module, e.g.
  // /Users/zippy/__live_modules__/my-live-updating-module_1.3.53/node_modules/my-live-updating-module
  modulePath,

  // The semver version of your module that is currently installed and activated, e.g.
  // 1.3.53
  version,

  // A map of the dependencies of your module, e.g.
  // { foo: '1.2.3', bar: '0.45.2' }
  dependencies,
} = await watcher.get();

How can I cancel a watcher?

watcher.cancel();

Tests

  • Run the tests:

    npm test

Keywords

hot install
node

FAQs

Package last updated on 02 Aug 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys

Research

Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys

Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.

By Kirill Boychenko  -  Sep 24, 2025