
Research
/Security News
Weaponizing Discord for Command and Control Across npm, PyPI, and RubyGems.org
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
@openprofiling/inspector-cpu-profiler
Advanced tools
This profiler is the recomended one to profile the CPU usage of your NodeJS application. It has a almost-zero impact on performance and specially suited for long-lived application.
This profiler is the recomended one to profile the CPU usage of your NodeJS application. It has a almost-zero impact on performance and specially suited for long-lived application.
inspector
module means that it's available out of the box without installing any dependency.inspector
module can have only one session for a given process, means that if another dependency (generally APM vendors) already use it, you will have errors either in openprofiling
or the other module.In the following example, you will need to send the SIGUSR2
signal to the process to start the profiling and again when do you want to end it:
import { ProfilingAgent } from '@openprofiling/nodejs'
import { FileExporter } from '@openprofiling/exporter-file'
import { InspectorCPUProfiler } from '@openprofiling/inspector-cpu-profiler'
import { SignalTrigger } from '@openprofiling/trigger-signal'
const profilingAgent = new ProfilingAgent()
profilingAgent.register(new SignalTrigger({ signal: 'SIGUSR2' }), new InspectorCPUProfiler())
profilingAgent.start({ exporter: new FileExporter() })
If you are using Node 8 and multiple profilers (ex: using both heap and cpu profiler), you will need to share a inspector
session like this:
import { ProfilingAgent } from '@openprofiling/nodejs'
import { FileExporter } from '@openprofiling/exporter-file'
import { InspectorCPUProfiler } from '@openprofiling/inspector-cpu-profiler'
import { InspectorHeapProfiler } from '@openprofiling/inspector-heap-profiler'
import { SignalTrigger } from '@openprofiling/trigger-signal'
import * as inspector from 'inspector'
const profilingAgent = new ProfilingAgent()
// creation a session
const session = new inspector.Session()
// give it as parameters to the constructor
profilingAgent.register(new SignalTrigger({ signal: 'SIGUSR1' }), new InspectorHeapProfiler({ session }))
profilingAgent.register(new SignalTrigger({ signal: 'SIGUSR2' }), new InspectorCPUProfiler({ session }))
profilingAgent.start({ exporter: new FileExporter() })
After starting your process, you just need to send to it the configured signal:
kill -s USR2 <pid>
kubectl exec -ti <name-of-pod> /bin/kill -s USR2 1
(assuming your process is the pid 1)You can find the pid either by console.log(process.pid)
when your process start or use ps aux | grep node
and looking for your process.
The first time you send the signal, it will start the profiler which will start recording memory allocation, you should then wait for your memory leak to happen again.
When you think you collected enough data (either you reproduced the leak or you believe there enought data), you just need to send the same signal as above.
The profiling agent will then write the file to the disk (by default in /tmp
), it should start with cpu-profile
.
After retrieving the cpu profile file where it has been exported, it should have a .cpuprofile
extension. Which is the standard extension for this type of data.
You have multiple ways to read the output, here the list of (known) tools that you can use :
FAQs
This profiler is the recomended one to profile the CPU usage of your NodeJS application. It has a almost-zero impact on performance and specially suited for long-lived application.
The npm package @openprofiling/inspector-cpu-profiler receives a total of 7 weekly downloads. As such, @openprofiling/inspector-cpu-profiler popularity was classified as not popular.
We found that @openprofiling/inspector-cpu-profiler demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
Socket researchers uncover how threat actors weaponize Discord across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Socket now integrates with Bun 1.3’s Security Scanner API to block risky packages at install time and enforce your organization’s policies in local dev and CI.
Research
The Socket Threat Research Team is tracking weekly intrusions into the npm registry that follow a repeatable adversarial playbook used by North Korean state-sponsored actors.