Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
flagged-respawn
Advanced tools
Package description
The flagged-respawn npm package is designed to facilitate the handling of specific flags in Node.js command-line applications. It allows developers to automatically respawn their node process with selected V8 flags or custom flags that are initially passed, making it easier to work with features or behaviors that require such flags to be enabled.
Respawning with V8 flags
This feature allows the application to respawn with specified V8 flags if they are not already enabled. The code sample demonstrates how to use flagged-respawn to check for the '--harmony' flag and respawn the process with it if necessary.
const flaggedRespawn = require('flagged-respawn');
const v8Flags = ['--harmony'];
flaggedRespawn(v8Flags, process.argv, function (ready, child) {
if (ready) {
// your app code here
} else if (child) {
// this is the child process, do something with it if needed
}
});
Custom flag handling
This feature supports respawning the process with custom flags. The example shows how to ensure a process respawns with a '--custom-flag', allowing developers to implement custom behavior based on the presence of this flag.
const flaggedRespawn = require('flagged-respawn');
const customFlags = ['--custom-flag'];
flaggedRespawn(customFlags, process.argv, function (ready) {
if (ready) {
// your app code here, knowing that --custom-flag is being handled
}
});
Forever is a simple CLI tool for ensuring that a given script runs continuously (i.e., forever). It differs from flagged-respawn in that it focuses on keeping the script running rather than handling specific flags.
PM2 is a powerful, widely-used process manager for the Node.js ecosystem. It supports features like load balancing, monitoring, and logging. While it offers more comprehensive process management capabilities compared to flagged-respawn, it doesn't specifically target the handling and respawning of processes based on command-line flags.
Nodemon is a utility that monitors for any changes in your source and automatically restarts your server. While it's primarily used for development purposes to restart the node application when file changes in the directory are detected, it doesn't specifically focus on respawning processes with certain flags like flagged-respawn does.
Readme
A tool for respawning node binaries when special flags are present.
Say you wrote a command line tool that runs arbitrary javascript (e.g. task runner, test framework, etc). For the sake of discussion, let's pretend it's a testing harness you've named testify
.
Everything is going splendidly until one day you decide to test some code that relies on a feature behind a v8 flag in node (--harmony
, for example). Without much thought, you run testify --harmony spec tests.js
.
It doesn't work. After digging around for a bit, you realize this produces a process.argv
of:
['node', '/usr/local/bin/test', '--harmony', 'spec', 'tests.js']
Crap. The --harmony
flag is in the wrong place! It should be applied to the node command, not our binary. What we actually wanted was this:
['node', '--harmony', '/usr/local/bin/test', 'spec', 'tests.js']
Flagged-respawn fixes this problem and handles all the edge cases respawning creates, such as:
To see it in action, clone this repository and run npm install
/ npm run respawn
/ npm run nospawn
.
#!/usr/bin/env node
const flaggedRespawn = require('flagged-respawn');
// get a list of all possible v8 flags for the running version of node
const v8flags = require('v8flags').fetch();
flaggedRespawn(v8flags, process.argv, function (ready, child) {
if (ready) {
console.log('Running!');
// your cli code here
} else {
console.log('Special flags found, respawning.');
}
if (process.pid !== child.pid) {
console.log('Respawned to PID:', child.pid);
}
});
Respawns the script itself when argv has special flag contained in flags and/or forcedFlags is not empty. Because members of flags and forcedFlags are passed to node
command, each of them needs to be a node flag or a V8 flag.
If --no-respawning
flag is given in argv, this function does not respawned even if argv contains members of flags or forcedFlags is not empty. (This flag is also used internally to prevent from respawning more than once).
Parameter | Type | Description |
---|---|---|
flags | Array | An array of node flags and V8 flags which are available when present in argv. |
argv | Array | Command line arguments to respawn. |
forcedFlags | Array or String | An array of node flags or a string of a single flag and V8 flags for respawning forcely. |
callback | function | A called function when not respawning or after respawned. |
callback(ready, proc, argv) : Void
callback function is called both when respawned or not, and it can be distinguished by callback's argument: ready. (ready indicates whether a process spawned its child process (false) or not (true), but it does not indicate whether a process is a spawned child process or not. ready for a spawned child process is true.)
argv is an array of command line arguments which is respawned (when ready is false) or is passed current process except flags within flags and --no-respawning
(when ready is true).
Parameter:
Parameter | Type | Description |
---|---|---|
ready | boolean | True, if not respawning and is ready to execute main function. |
proc | object | Child process object if respawned, otherwise current process object. |
argv | Array | An array of command line arguments. |
MIT
FAQs
A tool for respawning node binaries when special flags are present.
The npm package flagged-respawn receives a total of 2,773,694 weekly downloads. As such, flagged-respawn popularity was classified as popular.
We found that flagged-respawn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.