
Research
/Security News
Critical Vulnerability in NestJS Devtools: Localhost RCE via Sandbox Escape
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
heap-sampling-webpack-plugin
Advanced tools
Webpack provides a really detailed `webpack.debug.ProfilingPlugin`, but it only does CPU Profiling. There are more to performance tuning with Webpack than CPU profile. This plugin provides heap sample information to show where memory is allocated after a
Webpack provides a really detailed webpack.debug.ProfilingPlugin
, but it only does CPU Profiling. There are more to performance tuning with Webpack than CPU profile. This plugin provides heap sample information to show where memory is allocated after a successful build. The method used is through the Inspector session's HeapProfiler.startSampling
. This is a sampling profiler, therefore, it CAN be used in production builds to check your memory consumption in your build machines.
The generated file has a .heapprofile
extension and can be opened in the "Memory" tab under a Chromium based devtool to show what is taking up all that memory in your webpack run.
Plug this into your webpack configuration like so:
const HeapSamplingPlugin = require("heap-sampling-webpack-plugin");
module.exports = {
plugins: [
new HeapSamplingPlugin();
]
}
You may want to specify an option with this plugin:
new HeapSamplingPlugin({
outputPath: "/some/place/my.heapprofile"
})
FAQs
Webpack provides a really detailed `webpack.debug.ProfilingPlugin`, but it only does CPU Profiling. There are more to performance tuning with Webpack than CPU profile. This plugin provides heap sample information to show where memory is allocated after a
The npm package heap-sampling-webpack-plugin receives a total of 118 weekly downloads. As such, heap-sampling-webpack-plugin popularity was classified as not popular.
We found that heap-sampling-webpack-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.