Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Balaur
is a daemonizing manager for Node.js applications written in order to be able to create
systemctl
services for *nix
systems. It allows you to run the applications as services (daemons)
on *nix systems, with all the features attached to that (start, stop, restart and status).
npm install -g balaur
npm install balaur
Create a file in your project named balaur.config.mjs
Alternatively you can export an environment variable called BALAUR_CONFIG_FILE
with the path.
In this file you can specify the following values:
export default {
main: "index.mjs",
workers: 1,
pidfilePath: "pidfile.pid",
stdOutPath: "out.log",
stdErrPath: "err.log"
}
main
- default index.mjs
- represents the file that exports the default function that will be
daemonizedworkers
- default 1
on NODE_ENV === development
and cpu count on other values - the number
of spawned processes (see threads vs process Node.js and C10K problem)pidfilePath
- default pidfile.pid
- the file which maintains the pid
of the master processstdOutPath
- default out.log
- the file (or socket) where the stdout
will be redirectedstdErrPath
- default err.log
- the file (or socket) where the stderr
will be redirectedstart
starts a daemon and detaches it creating an IPC Channel for its stderr and stdoutstop
stops the daemon by sending a unix signal, can only be used on started daemonsrestart
restarts the daemon by sending a unix signal, can only be used on started daemonsAll daemons respect unix signals.
npx balaur [command]
balaur [command]
NOTE: On custom execution the config file does not apply.
Create a index.mjs
file with the code similar to the following:
import Balaur from 'balaur';
const config = {
workers: process.env.NODE_ENV !== 'development' ? cpus().length : 1,
pidfilePath: 'pidfile.pid',
stdOutPath: 'out.log',
stdErrPath: 'err.log'
};
const balaur = new Balaur(() => {
// Your daemonized code goes here
console.log('Hello, World!');
}, config);
balaur.processArgs();
In your project edit the package.json
and modify the following scripts:
{
"scripts": {
"start": "balaur start",
"stop": "balaur stop",
"restart": "balaur restart"
}
}
If you used custom execution
{
"scripts": {
"start": "node ./ start",
"stop": "node ./ stop",
"restart": "node ./ restart"
}
}
Create a user to run your service. This is important to protect your system in case the service can be hacked.
sudo adduser \
--system \
--shell /bin/bash \
--gecos 'node' \
--disabled-password \
--home /srv/www \
node
Create a file in /lib/systemd/system/myservice.service
where myservice
is the name of your
service
Paste the following inside:
[Unit]
Description=My Service
After=network-online.target
Wants=network-online.target
[Service]
User=node
Group=nogroup
WorkingDirectory=/srv/www/path/to/your/project
Type=forking
ExecStart=/usr/bin/npm start
ExecStop=/usr/bin/npm stop
LimitCPU=infinity
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo service myservice [start | stop | restart | status]
or
sudo systemctl [start | stop | restart | status] myservice
sudo systemctl enable myservice
sudo systemctl disable myservice
FAQs
A daemonizing manager for Node.js applications
The npm package balaur receives a total of 0 weekly downloads. As such, balaur popularity was classified as not popular.
We found that balaur demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.