Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
memprof2
memprof2
Memprof2 is a Ruby memory profiler for >= Ruby 2.1.0.
Installation
Execute
$ gem install memprof2
or ddd the following to your Gemfile:
gem 'memprof2'
And then execute:
$ bundle
API
Memprof2.report
Memprof2.start
12.times{ "abc" }
Memprof2.report(out: "/path/to/file")
Memprof2.stop
Start tracking file/line memory size (bytes) information for objects created after calling Memprof2.start, and print out a summary of file:line:class pairs created.
480 file.rb:2:String
Note: Call Memprof2.report again after GC.start to see which objects are cleaned up by the garbage collector:
Memprof2.start
10.times{ $last_str = "abc" }
puts '=== Before GC'
Memprof2.report
puts '=== After GC'
GC.start
Memprof2.report
Memprof2.stop
After GC.start, only the very last instance of "abc" will still exist:
=== Before GC
400 file.rb:2:String
=== After GC
40 file.rb:2:String
Note: Use Memprof2.report! to clear out tracking data after printing out results.
Use trace and ignore options to restrict files to report. You can write patterns by regular expressions:
Memprof2.start
10.times{ $last_str = "abc" }
GC.start
Memprof2.report!(trace: /file\.rb/, ignore: /ignore_me/, out: "/path/to/file")
Memprof2.stop
Memprof2.run
A shorthand for Memprof2.start/stop that will start/stop memprof around a given block of ruby code.
Memprof2.run do
100.times{ "abc" }
100.times{ 1.23 + 1 }
100.times{ Module.new }
Memprof2.report(out: "/path/to/file")
end
For the block of ruby code, print out file:line:class pairs for ruby objects created.
4000 file.rb:2:String
4000 file.rb:3:Float
4000 file.rb:4:Module
Note: You can call GC.start at the end of the block to print out only objects that are 'leaking' (i.e. objects that still have inbound references).
Memprof2.run_with_report
A shorthand for Memprof2.start/report/stop.
Following codes work exactly same with the above example.
Memprof2.run_with_report(out: "/path/to/file") do
100.times{ "abc" }
100.times{ 1.23 + 1 }
100.times{ Module.new }
end
ChangeLog
See CHANGELOG.md for details.
See Also
- Ruby でラインメモリプロファイラ (Japanese)
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Copyright
Copyright (c) 2014 Naotoshi Seo. See LICENSE.txt for details.
FAQs
Unknown package
We found that memprof2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Oct 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025