Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
lil-http-terminator
Advanced tools
Gracefully terminates HTTP(S) server.
This module was forked from the amazing http-terminator. The important changes:
http-terminator
brings in more than 20 sub-dependencies, >450 files, 2 MB total.require("lil-http-terminator")({ server });
to get a terminator object.connection:close
header.When you call server.close()
, it stops the server from accepting new connections, but it keeps the existing connections open indefinitely. This can result in your server hanging indefinitely due to keep-alive connections or because of the ongoing requests that do not produce a response. Therefore, in order to close the server, you must track creation of all connections and terminate them yourself.
lil-http-terminator
implements the logic for tracking all connections and their termination upon a timeout. lil-http-terminator
also ensures graceful communication of the server intention to shutdown to any clients that are currently receiving response from this server.
const HttpTerminator = require("lil-http-terminator");
const terminator = HttpTerminator({
server, // required. The node.js http server object instance
// optional
gracefulTerminationTimeout: 1000, // optional, how much time we give "keep-alive" connections to close before destryong them
maxWaitTimeout: 30000, // optional, termination will return {success:false,code:"TIMED_OUT"} if it takes longer than that
logger: console, // optional, default is `global.console`. If termination goes wild the module might log about it using `logger.warn()`.
});
// Do not call server.close(); Instead call this:
const { success, code, message, error } = await terminator.terminate();
if (!success) {
if (code === "TIMED_OUT") console.log(message);
if (code === "SERVER_ERROR") console.error(message, error);
if (code === "INTERNAL_ERROR") console.error(message, error);
}
Use the terminator when node.js process is shutting down.
const http = require("http");
const server = http.createServer();
const httpTerminator = require("lil-http-terminator")({ server });
async function shutdown(signal) {
console.log(`Received ${signal}. Shutting down.`)
const { success, code, message, error } = await httpTerminator.terminate();
console.log(`HTTP server closure result: ${success} ${code} ${message} ${error || ""}`);
process.exit(0);
}
process.on("SIGTERM", shutdown); // used by K8s, AWS ECS, etc.
process.on("SIGINT", shutdown); // Atom, VSCode, WebStorm or Terminal Ctrl+C
There are several alternative libraries that implement comparable functionality, e.g.
The main benefit of lil-http-terminator
is that:
{success:Boolean, code:String, message:String, error?:Error}
.{success:false,code:"TIMED_OUT"}
.connection: close
headerTo gracefully terminate a HTTP server.
We say that a service is gracefully terminated when service stops accepting new clients, but allows time to complete the existing requests.
There are several reasons to terminate services gracefully:
FAQs
Zero dependencies, gracefully terminates HTTP(S) server.
The npm package lil-http-terminator receives a total of 100,994 weekly downloads. As such, lil-http-terminator popularity was classified as popular.
We found that lil-http-terminator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.