Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The wait-port npm package is a utility that allows you to wait for a port on a host to become open. This is particularly useful in scenarios where you need to ensure that a service is up and running before proceeding with the next steps in your application or script. It can be used programmatically within your Node.js applications or as a command-line tool.
Waiting for a port programmatically
This feature allows you to wait for a specific port on a host to become open by using the wait-port package programmatically within your Node.js application. The `waitPort` function returns a promise that resolves to a boolean indicating whether the port opened before the timeout.
const waitPort = require('wait-port');
const params = {
host: 'localhost',
port: 3000
};
waitPort(params).then((open) => {
if(open) console.log('The port is now open!');
else console.log('The port did not open before the timeout.');
});
Using wait-port as a CLI tool
wait-port can also be used as a command-line tool. This example demonstrates how to wait for port 3000 on localhost to become open by using wait-port in the terminal. It's useful for scripting and automation tasks outside of Node.js applications.
wait-port --host localhost --port 3000
wait-on is a similar package that provides more general functionality for waiting on resources to become available. It supports waiting on file system paths, HTTP(S) resources, and TCP ports. Compared to wait-port, wait-on offers a broader range of features but with a similar core functionality of waiting for ports.
tcp-port-used is a package that allows you to check if a TCP port is already in use. It can be used to wait for a port to become free or to check if a port is currently occupied. While it offers similar functionality for checking port status, it doesn't provide a built-in mechanism to wait for a port to open, making it slightly less convenient for scenarios where waiting is required.
Simple binary to wait for a port to open. Useful when writing scripts which need to wait for a server to be available.
docker-compose
commands which wait for servers to startInstall globally with npm
:
$ npm install -g wait-port
If installing locally, run the binary from the local node modules binary folder:
$ npm install wait-port
wait-port@0.1.3
$ ./node_modules/.bin/wait-port 8080
Waiting for localhost:8080.....
Connected!
Ideally, Node LTS should be used however this package is tested successfully with Node.js 10 and upwards.
Please avoid using version 0.2.13 - this incorrectly included a breaking change. Use 0.2.14 if you need compatibility with Node 8, or 0.3.0 or upwards otherwise.
To wait indefinitely for a port to open, just use:
$ wait-port localhost:3000
To wait for a port to open, but limit to a certain timeout, use:
$ wait-port -t 10000 localhost:3000
To wait for an HTTP endpoint to respond with a 200 class status code, include the http://
protocol:
$ wait-port http://:3000/healthcheck
The following parameters are accepted:
Parameter | Usage |
---|---|
<target> | Required. The target to test for. Can be just a port, a colon and port (as one would use with httpie or host and port. Examples: 8080 , :3000 , 127.0.0.1:443 . |
--output, -o | Optional. Output style to use. Can be dots (default) or silent (no output). |
--timeout, -t | Optional. Timeout (in milliseconds). |
--wait-for-dns | Optional. Do not error if the response is ENOTFOUND , just keep on waiting (useful if you are waiting for a DNS record to also be created). |
The following error codes are returned:
Code | Meaning |
---|---|
0 | The specified port on the host is accepting connections. |
1 | A timeout occurred waiting for the port to open. |
2 | An unknown error occurred waiting for the port to open. The program cannot establish whether the port is open or not. |
3 | The address cannot be found (e.g. no DNS entry, or unresolvable). |
4 | The target (host and port) is invalid. |
You can use wait-port
programmatically:
const waitPort = require('wait-port');
const params = {
host: 'google.com',
port: 443,
};
waitPort(params)
.then(({ open, ipVersion }) => {
if (open) console.log(`The port is now open on IPv${ipVersion}!`);
else console.log('The port did not open before the timeout...');
})
.catch((err) => {
console.err(`An unknown error occured while waiting for the port: ${err}`);
});
The CLI is a very shallow wrapper around this function. The params
object takes the following parameters:
CLI Parameter | API Parameter | Notes |
---|---|---|
<target> | host | Optional. Defaults to localhost . |
<target> | port | Required. Port to wait for. |
--output | output | Optional. Defaults to dots . Output style to use. silent also accepted. |
--timeout, -t | timeout | Optional. Defaults to 0 . Timeout (in milliseconds). If 0 , then the operation will never timeout. |
--wait-for-dns | waitForDns | Optional. Defaults to false . |
This module uses:
Name | Usage |
---|---|
chalk | Terminal output styling. |
commander.js | Utility for building commandline apps. |
debug | Utility for debug output. |
mocha / nyc | Test runner / coverage. |
This module use debug
for debug output. Set DEBUG=wait-port
to see detailed diagnostic information:
DEBUG=wait-port wait-for -t 10000 localhost:6234
This will also work for any code which uses the API.
Run unit tests with npm test
. Coverage is reported to artifacts/coverage
.
Debug unit tests with npm run debug
. Add a debugger
statement to the line you are interested in, and consider limiting scope with .only
.
Run tests continuously, watching source with npm run test:watch
.
Don't install the package to test the CLI. Instead, in the project folder run npm link
. Now go to whatever folder you want to use the module in and run npm link wait-port
. It will symlink the package and binary. See npm link
for more details.
Installing the CLI will install the manpage. The manpage is at ./man/wait-port.1
. After updating the page, test it with man ./man/wait-port.1
before publishing, as the format can be tricky to work with.
Kick out a new release with:
npm run release
git push --follow-tags
npm publish
standard-version
is used to manage version numbers and the CHANGELOG.md
file.
CI/CD runs as a set of GitHub actions. There are two pipelines:
The timeout option for waitPort
is used terminate attempts to open the socket after a certain amount of time has passed. Please note that operations can take significantly longer than the timeout. For example:
const promise = waitPort({ port: 9000, interval: 10000 }, 2000);
In this case, the socket will only attempt to connect every ten seconds. So on the first iteration, the timeout is not reached, then another iteration will be scheduled for after ten seconds, meaning the timeout will happen eight seconds later than one might expect.
The waitPort
promise may take up to interval
milliseconds greater than timeout
to resolve.
FAQs
Utility to wait for a TCP port to open.
The npm package wait-port receives a total of 1,889,424 weekly downloads. As such, wait-port popularity was classified as popular.
We found that wait-port demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.