Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
cpuprofile-to-flamegraph
Advanced tools
Convert a .cpuprofile
into a flameGraph tree to be renderable with D3-FlameGraph.
/**
* Compatible to the D3-FlameGraph input format
* https://github.com/spiermar/d3-flame-graph#input-format
*/
type FlameGraphNode FlameGraphNode = {
/**
* JavaScript function name.
*/
name: string;
/**
* Self execution time
*/
value: number;
/**
* Execution time including child nodes
*/
executionTime: number;
/**
* Child nodes
*/
children: Array<FlameGraphNode>;
/**
* Original cpu profiler node
*/
profileNode: {
/**
* Unique id of the node.
*/
id: number;
/**
* Runtime.CallFrame
* Function location
*/
callFrame: {
/**
* JavaScript function name.
*/
functionName?: string;
/**
* JavaScript script id.
*/
scriptId: string;
/**
* JavaScript script name or url.
*/
url: string;
/**
* JavaScript script line number (0-based).
*/
lineNumber: number;
/**
* JavaScript script column number (0-based).
*/
columnNumber: number;
};
/**
* Number of samples where this node was on top of the call stack.
*/
hitCount?: number;
/**
* Child node ids.
*/
children?: number[];
};
/**
* nodeModule name if known
*/
nodeModule?: string;
/**
* Parent node
*/
parent?: FlameGraphNode;
};
cpuprofile-to-flamegraph
is only able to transform a profile into a renderable structure.
To render it you have to combine it with D3-FlameGraph.
It will also calculate the execution timings and sort all nodes chronologically.
import { convertToMergedFlameGraph } from "cpuprofile-to-flamegraph";
const profile = JSON.parse(fs.readFileSync('demo.cpuprofile', "utf-8"));
const flameGraph = convertToMergedFlameGraph(profile);
FAQs
Convert a nodejs .cpuprofile to a flame graph node
We found that cpuprofile-to-flamegraph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.