Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
= Unicorn: Rack HTTP server for fast clients and Unix
\Unicorn is an HTTP server for Rack applications designed to only serve fast clients on low-latency, high-bandwidth connections and take advantage of features in Unix/Unix-like kernels. Slow clients should only be served by placing a reverse proxy capable of fully buffering both the the request and response in between \Unicorn and slow clients.
== Features
Designed for Rack, Unix, fast clients, and ease-of-debugging. We cut out everything that is better supported by the operating system, {nginx}[http://nginx.net/] or {Rack}[http://rack.rubyforge.org/].
Compatible with both Ruby 1.8 and 1.9. Rubinius support is in-progress.
Process management: \Unicorn will reap and restart workers that die from broken apps. There is no need to manage multiple processes or ports yourself. \Unicorn can spawn and manage any number of worker processes you choose to scale to your backend.
Load balancing is done entirely by the operating system kernel. Requests never pile up behind a busy worker process.
Does not care if your application is thread-safe or not, workers all run within their own isolated address space and only serve one client at a time for maximum robustness.
Supports all Rack applications, along with pre-Rack versions of Ruby on Rails via a Rack wrapper.
Builtin reopening of all log files in your application via USR1 signal. This allows logrotate to rotate files atomically and quickly via rename instead of the racy and slow copytruncate method. \Unicorn also takes steps to ensure multi-line log entries from one request all stay within the same file.
nginx-style binary upgrades without losing connections. You can upgrade \Unicorn, your entire application, libraries and even your Ruby interpreter without dropping clients.
before_fork and after_fork hooks in case your application has special needs when dealing with forked processes. These should not be needed when the "preload_app" directive is false (the default).
Can be used with copy-on-write-friendly memory management to save memory (by setting "preload_app" to true).
Able to listen on multiple interfaces including UNIX sockets, each worker process can also bind to a private port via the after_fork hook for easy debugging.
Simple and easy Ruby DSL for configuration.
Decodes chunked transfers on-the-fly, thus allowing upload progress notification to be implemented as well as being able to tunnel arbitrary stream-based protocols over HTTP.
== License
\Unicorn is copyright 2009 by all contributors (see logs in git). It is based on Mongrel 1.1.5 and carries the same license.
Mongrel is copyright 2007 Zed A. Shaw and contributors. It is tri-licensed under (your choice) of the GPLv3, GPLv2 or Ruby-specific terms. See the included LICENSE file for details.
\Unicorn is 100% Free Software.
== Install
The library consists of a C extension so you'll need a C compiler and Ruby development libraries/headers.
You may download the tarball from the Mongrel project page on Rubyforge and run setup.rb after unpacking it:
http://rubyforge.org/frs/?group_id=1306
You may also install it via RubyGems on RubyGems.org:
gem install unicorn
You can get the latest source via git from the following locations (these versions may not be stable):
git://bogomips.org/unicorn.git git://repo.or.cz/unicorn.git (mirror)
You may browse the code from the web and download the latest snapshot tarballs here:
See the HACKING guide on how to contribute and build prerelease gems from git.
== Usage
=== non-Rails Rack applications
In APP_ROOT, run:
unicorn
=== for Rails applications (should work for all 1.2 or later versions)
In RAILS_ROOT, run:
unicorn_rails
\Unicorn will bind to all interfaces on TCP port 8080 by default. You may use the +--listen/-l+ switch to bind to a different address:port or a UNIX socket.
=== Configuration File(s)
\Unicorn will look for the config.ru file used by rackup in APP_ROOT.
For deployments, it can use a config file for \Unicorn-specific options specified by the +--config-file/-c+ command-line switch. See Unicorn::Configurator for the syntax of the \Unicorn-specific options. The default settings are designed for maximum out-of-the-box compatibility with existing applications.
Most command-line options for other Rack applications (above) are also
supported. Run unicorn -h
or unicorn_rails -h
to see command-line
options.
== Disclaimer
There is NO WARRANTY whatsoever if anything goes wrong, but {let us know}[link:ISSUES.html] and we'll try our best to fix it.
\Unicorn is designed to only serve fast clients either on the local host or a fast LAN. See the PHILOSOPHY and DESIGN documents for more details regarding this.
== Contact
All feedback (bug reports, user/development dicussion, patches, pull requests) go to the mailing list/newsgroup. See the ISSUES document for information on the {mailing list}[mailto:mongrel-unicorn@rubyforge.org].
For the latest on \Unicorn releases, you may also finger us at unicorn@bogomips.org or check our NEWS page (and subscribe to our Atom feed).
FAQs
Unknown package
We found that boourns-unicorn demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.