Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
heroku-node-settings
Advanced tools
Helps you prevent your Heroku Dyno from killing your Node app because of high memory consumption.
Since Node 2, the default garbage collection settings allow the app to consume up to 1.5GB before garbage collection occurs. In Heroku this is specially problematic as it might kill your app before that limit is reached (smaller dynos do not have such amount of memory).
As Heroku provides an environment variable $WEB_MEMORY
to let the system know what the limit is, you can start your app passing the appropriate flags so that this limit is never reached.
npm install --save heroku-node-settings
If you are using the default start mechanism in Heroku (npm start
) then you only need to change the start
command in your package.json
so that it uses heroku-node-settings
instead of node
.
{
"name": "my-proyect",
"version": "0.0.1",
"description": "A web app that does not get killed by high memory consumption in Heroku.",
"main": "server/bin/web.js",
"repository": "https://github.com/myuser/myproyect.git",
"scripts": {
"test": "grunt test",
"start": "heroku-node-settings server/bin/web.js"
}
}
Note that any arguments you pass into this command will be used when calling node
as well.
If you're using a Procfile, be sure to include the path: node_modules/.bin/heroku-node-settings
.
Essentially, the script uses the following V8 flags to start node. The values of these flags depends on the $WEB_MEMORY
the dyno has. Check the source for the details.
--max_semi_space_size
: Sets how much memory can new memory allocations take (in megabytes
). This flag used to be called --max_new_space_size
(see https://codereview.chromium.org/271843005).--max_old_space_size
: Sets the upper limit of memory node can use. The problem is that if your app reaches this value then Node will crash (memory allocation errors will start to show in the logs).Also note that, although these settings constrain the memory usage, there are other elements that can make the whole process use more memory that what these flags set (buffers, files, etc.).
FAQs
Helps you prevent your Heroku Dyno from killing your Node app because of high memory consumption.
The npm package heroku-node-settings receives a total of 70 weekly downloads. As such, heroku-node-settings popularity was classified as not popular.
We found that heroku-node-settings demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.