
Security News
New CNA Scorecard Tool Ranks CVE Data Quality Across the Ecosystem
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
devtools-timeline-model
Advanced tools
Parse raw trace data into the Chrome DevTools' structured profiling data models
Parse raw trace data into the Chrome DevTools' structured profiling data models
If you use something like big-rig or automated-chrome-profiling you may end up with raw trace data. It's pretty raw. This module will parse that stuff into something a bit more consumable, and should help you with higher level analysis.
$ npm install --save devtools-timeline-model
var filename = 'demo/mdn-fling.json'
var events = require('fs').readFileSync(filename, 'utf8')
var DevtoolsTimelineModel = require('devtools-timeline-model');
// events can be either a string of the trace data or the JSON.parse'd equivalent
var model = new DevtoolsTimelineModel(events)
// tracing model
model.tracingModel()
// timeline model, all events
model.timelineModel()
// interaction model, incl scroll, click, animations
model.interactionModel()
// frame model, incl frame durations
model.frameModel()
// filmstrip model, incl screenshots
model.filmStripModel()
// topdown tree
model.topDown()
// bottom up tree
model.bottomUp()
// bottom up tree, grouped by URL
model.bottomUpGroupBy('URL') // accepts: None Category Subdomain Domain URL EventName
// see example.js for API examples.
These objects are huge. You'll want to explore them in a UI like devtool.
npm i
brew install entr
gls index.js lib/*.js | entr node example.js
Requiring the DevTools frontend looks rather straightforward at first. (global.WebInspector = {}
, then start require()
ing the files, in dependency order). However, there are two problems that crop up:
utilities.js
adds a number of methods to native object prototypes, such as Array, Object, and typed arrays.devtools-timeline-model
addresses that by sandboxing the WebInspector into it's own context. Here's how it works:
// First, sandboxed contexts don't have any globals from node, so we whitelist a few we'll provide for it.
var glob = { require: require, global: global, console: console, process, process, __dirname: __dirname }
// We read in our script to run, and create a vm.Script object
var script = new vm.Script(fs.readFileSync(__dirname + "/lib/timeline-model.js", 'utf8'))
// We create a new V8 context with our globals
var ctx = vm.createContext(glob)
// We evaluate the `vm.Script` in the new context
var output = script.runInContext(ctx)
// establish our sandboxed globals
this.window = this.self = this.global = this
// We locally eval, as the node module scope isn't appropriate for the browser-centric DevTools frontend
function requireval(path){
var filesrc = fs.readFileSync(__dirname + '/node_modules/' + path, 'utf8');
eval(filesrc + '\n\n//# sourceURL=' + path);
}
// polyfills, then the real chrome devtools frontend
requireval('../lib/api-stubs.js')
requireval('chrome-devtools-frontend/front_end/common/Object.js')
requireval('chrome-devtools-frontend/front_end/common/SegmentedRange.js')
requireval('chrome-devtools-frontend/front_end/platform/utilities.js')
requireval('chrome-devtools-frontend/front_end/sdk/Target.js')
// ...
// After that's all done, we pull the local `instance` variable out, to use as our proxy object
this.sandbox = ctx.instance;
Debugging is harder, as most tools aren't used to this setup. While devtool
doesn't work well, you can have it run lib/devtools-timeline-model.js
directly, which is fairly succesful. The classic node-inspector
does work pretty well with the sandboxed script, though the workflow is a little worse than devtool
's.
Apache © Paul Irish
FAQs
Parse raw trace data into the Chrome DevTools' structured profiling data models
We found that devtools-timeline-model demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.
Research
/Security News
Two npm packages masquerading as WhatsApp developer libraries include a kill switch that deletes all files if the phone number isn’t whitelisted.
Research
/Security News
Socket uncovered 11 malicious Go packages using obfuscated loaders to fetch and execute second-stage payloads via C2 domains.