Security News
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
By Sarah Gooding - Feb 14, 2026
Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details →
drool
Drool is an automation layer that is used to measure if a set of "clean" actions results in a DOM and or Listener leak.
Drool is an automation layer that is used to measure if a set of "clean" actions results in a DOM and or Listener leak.
Real World wins
Drool has made it far easier to identify memory leaks in an automated and reproducable way, for example:
- TodoMVC
- Chromium
- Material Design Lite
- Beaker Notebook
Why am I making this?
After running perf/memory tests across multiple todomvc implementations, I found that almost all implementations have significant memory leaks on the most basic of tasks. Worse yet, most of these leaks were introduced at a framework level, or were introduced by "expert/(framework authors)". The question arose in my mind, if people who authored a framework are introducing leaks in the most trivial of applications, how can users be expected to create non-leaking implementations of much more complex applications.
Goals
Ideally Drool will leverage standard interfaces, such as todomvc, to test for leaks at a framework level. The result of which should help framework authors and developers realize that memory leaks are pervasive in the tools that we use.
Chrome devtools is a powerful utility layer for detecting memory issues, yet the fact still stands that most developers do not know how to use the tooling around it to arrive any thing that is directly actionable. Drool aims to be a generic automated abstraction layer, so people can get good "numbers" in a consistent way without having to deep dive into memory profiling.
Running
Ensure that you have at least version 2.16.333243 of chromedriver.
var drool = require('drool');
var assert = require('assert');
var driver = drool.start({
chromeOptions: 'no-sandbox'
});
drool.flow({
repeatCount: 100,
setup: function() {
driver.get('http://todomvc.com/examples/backbone/');
},
action: function() {
driver.findElement(drool.webdriver.By.css('.new-todo')).sendKeys('find magical goats', drool.webdriver.Key.ENTER);
driver.findElement(drool.webdriver.By.css('.todo-list li')).click();
driver.findElement(drool.webdriver.By.css('.destroy')).click();
},
assert: function(after, initial) {
assert.equal(initial.counts.nodes, after.counts.nodes, 'node count should match');
}
}, driver)
driver.quit();
FAQs
🤤 Drool is an automation layer that is used to measure if a set of "clean" actions results in a DOM and or Listener leak.
The npm package drool receives a total of 83 weekly downloads. As such, drool popularity was classified as not popular.
We found that drool demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 04 Nov 2015
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds
Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data.
By Kirill Boychenko - Feb 13, 2026
Security News
AI Agent Submits PR to Matplotlib, Publishes Angry Blog Post After Rejection
After Matplotlib rejected an AI-written PR, the agent fired back with a blog post, igniting debate over AI contributions and maintainer burden.
By Sarah Gooding - Feb 12, 2026