Security News
npm Introduces minimumReleaseAge and Bulk OIDC Configuration
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.
By Sarah Gooding - Feb 26, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
gaffer
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.4.0
- Maintainers
- 1
NOTICE: Since the 2013/05/25, a deep rewrite on the gaffer code is in progress.
2013-10-29 - 0.5.1 released.
slow progress on the new version. Have been distracted by some due work. The new design is in place now and the new branch will be created soon,
Gaffer
Control, Watch and Launch your applications and jobs over HTTP.
Gaffer is a set of Python modules and tools to easily maintain and interact with your applications or jobs launched on different machines over HTTP and websockets.
It promotes distributed and decentralized topologies without single points of failure, enabling fault tolerance and high availability.
Features
- RESTful HTTP Api
- Websockets and SOCKJS support to interact with a gaffer node from any browser or SOCKJS client.
- Framework to manage and interact your applications and jobs on
- differerent machines
- Server and command-line tools to manage and interract with your processes
- manages topology information. Clients query gaffer_lookupd to discover gaffer nodes for a specific job or application.
- Possibility to interact with STDIO and PIPES to interact with your applications and processes
- Subscribe to process statistics per process or process templates and get them in quasi RT.
- Procfile applications support but also JSON config support.
- Supervisor-like features.
- Fully evented. Use the libuv event loop using the pyuv library
- Flapping: handle cases where your processes crash too much
- Easily extensible: add your own endpoint, create your client, embed gaffer in your application, ...
- Compatible with python 2.7x, 3.x
Documentation
Getting Started
http://gaffer.readthedocs.org/en/latest/getting-started.html
Installation
Gaffer requires Python superior to 2.6 (yes Python 3 is supported)
To install gaffer using pip you must make sure you have a recent version of distribute installed:
$ curl -O http://python-distribute.org/distribute_setup.py
$ sudo python distribute_setup.py
$ easy_install pip
To install from source, run the following command:
$ pip install git+https://github.com/benoitc/gaffer.git
From pypi:
$ pip install gaffer
Build status
License
gaffer is available in the public domain (see UNLICENSE). gaffer is also optionally available under the MIT License (see LICENSE), meant especially for jurisdictions that do not recognize public domain works.
FAQs
simple system process manager
We found that gaffer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write 90% of New Code
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.
By Sarah Gooding - Feb 24, 2026
Research
/Security News
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.
By Kush Pandya - Feb 23, 2026