Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
node-oom-heapdump
Advanced tools
Create a V8 heap snapshot when an "Out of Memory" error occurs, or create a heap snapshot or CPU profile on request.
Node module which will create a V8 heap snapshot right before an "Out of Memory" error occurs.
It can also create heapdumps and CPU profiles on request like 'v8-profiler', but does this off-process so it doesn't interfere with execution of the main process.
Tested on Node.js 10.x, 11.x, 12.x, 13.x, 14.x, 15.x, 16.x, 17.x and 18.x. No support for Node.js < 10.x at the moment in version 3.0.0, use version 2.2.0 for if needed.
Also comes with prebuilt binaries (hosted on Github releases), thanks to Stuart Miller (https://github.com/spmiller).
https://github.com/nodejs/node/pull/33010 landed in Node.js 14.18.0, which makes this module no longer needed for heapdumps on out of memory.
One can use the --heapsnapshot-near-heap-limit
Node.js CLI option as an alternative.
See https://nodejs.org/dist/latest-v14.x/docs/api/cli.html#cli_heapsnapshot_near_heap_limit_max_count.
When running nodejs processes in a low memory environment, every out of memory that occurs is interesting. To figure out why a process went out of memory, a heap snapshot (e.g. heapdump) can help a lot. This module creates a heap snapshot right before an out of memory error occurs (by leveraging 'SetOOMErrorHandler' of the V8 engine). It shows what the heap was filled with right before the out of memory error occured and can be opened with Chrome DevTools (Memory tab).
There are several modules around which can create heapdumps (v8-profiler, node-heapdump), but these run in the same process as the one going out of memory. Often, creating heapdump won't work when the node process is already struggling. This module creates the heap snapshot from a separate process, which solves this issue. Also, these modules are not able to create a heapdump when an out of memory occurs.
Based on the work of 'trevnorris' (https://github.com/trevnorris/node-ofe/), this module uses 'isolate.SetOOMErrorHandler' (https://v8docs.nodesource.com/node-8.9/d5/dda/classv8_1_1_isolate.html#a08fd4087f39c33b4ac1c20ad953ce4e3) of the V8 engine, and then creates a heapdump when an actual Out of Memory occurs. To make this happen, a native C++ add-on is used. Node-gyp is needed to compile this add-on.
When creating a heapdump of CPU profile on request, the DevTools protocol is used to create these files (no native add-on). The --inspect node.js flag is needed to make this work (which is validated on startup).
Just run "npm test" to see it in action. It creates a heapdump named "my_heapdump.heapsnapshot" in the 'tests' directory of this module.
npm install node-oom-heapdump
Just add the following snippet to your node process.
let path = require('path');
require('node-oom-heapdump')({
path: path.resolve(__dirname, 'my_heapdump')
});
To make heapdumps and CPU profiles on request, your node process should at least be started with the "--inspect" (or --inspect=port) flag. When the module is loaded, the configured port is verified. If it doesn't respond correctly, a console warning will be shown.
When running in a low memory environment, the following flags are advised:
These might impact performance though. On Node.js 12.x the latter two flags seem to cause some stability issues (see https://github.com/nodejs/node/issues/27552#issuecomment-542695931). So, if you encounter issues on Node.js 12.x in combination with those flags, please refrain from using these.
Besides creating heapdumps when an out of memory error occurs, there also is an API for creating heapdumps and CPU profiles on request. See below for the currently available API.
Notice that you cannot create a heapdump while a CPU profile is being generated and vice versa; an Error will be thrown if this is the case.
let nodeOomHeapdump = require("node-oom-heapdump")({
heapdumpOnOOM: false
});
/**
* Returns the path to the created heap snapshot in a promise, or rejects on error
* @param {String} snapshotPath - path of the snapshot
* @return {Promise} Promise containing the heap snapshot path on success or error on rejection
*/
nodeOomHeapdump.createHeapSnapshot("myheapsnapshotpath").then((snapshotPath) => {
// do something with heap snapshot
// and delete again from disk
nodeOomHeapdump.deleteHeapSnapshot(snapshotPath);
}).catch((err) => {
// handle error
});
/**
* Deletes all previously created heapsnapshots from disk
*/
nodeOomHeapdump.deleteAllHeapSnapshots();
/**
* Deletes a particular snapshot from disk
* @param {String} snapshotPath - path of the heap snapshot to delete
* @return {Promise}
*/
nodeOomHeapdump.deleteHeapSnapshot(snapshotPath);
/**
* Returns the path to the created CPU profile in a promise, or rejects on error
* @param {String} cpuProfilePath - path of the CPU profile
* @param {number} duration - the duration of the CPU profile in ms (default: 30000ms)
* @return {Promise} the CPU profile path on success or error on rejection
*/
nodeOomHeapdump.createCpuProfile("mycpuprofilepath", 10000).then((cpuProfilePath) => {
// do something with CPU profile
// and delete again from disk
nodeOomHeapdump.deleteCpuProfile(cpuProfilePath);
}).catch((err) => {
// handle error
});
/**
* Deletes all previously created CPU profiles from disk
*/
nodeOomHeapdump.deleteAllCpuProfiles();
/**
* Deletes a particular CPU profile from disk
* @param {String} cpuProfilePath - path to the CPU profile to delete from disk
* @return {Promise}
*/
nodeOomHeapdump.deleteCpuProfile(cpuProfilePath);
When creating a heapdump on request, it's notorious for using a lot of memory. This is caused by a bug in V8/DevTools protocol and is reported here (https://bugs.chromium.org/p/chromium/issues/detail?id=768355); the protocol has no backpressure mechanism, which causes the heapdump to be pushed faster than the DevTools client can handle, causing in-memory buffering.
This is not a problem if your server/machine has memory to spare, but can cause issues in memory restricted environments like a Docker container. Once the process exceeds the container memory threshold, it will be killed by OoMKiller (if enabled). This leads to an empty heapsnapshot file (0 bytes).
Please vote for that issue to be fixed!
FAQs
Create a V8 heap snapshot when an "Out of Memory" error occurs, or create a heap snapshot or CPU profile on request.
The npm package node-oom-heapdump receives a total of 420 weekly downloads. As such, node-oom-heapdump popularity was classified as not popular.
We found that node-oom-heapdump demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.