Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
= raindrops - real-time stats for preforking Rack servers
raindrops is a real-time stats toolkit to show statistics for Rack HTTP servers. It is designed for preforking servers such as unicorn, but should support any Rack HTTP server on platforms supporting POSIX shared memory. It may also be used as a generic scoreboard for sharing atomic counters across multiple processes.
== Features
counters are shared across all forked children and lock-free
counters are kept on separate cache lines to reduce contention under SMP
may expose server statistics as a Rack Middleware endpoint (default: "/_raindrops")
middleware displays the number of actively processing and writing clients from a single request regardless of which worker process it hits.
== Linux-only Extra Features!
Middleware response includes extra stats for bound TCP and Unix domain sockets (configurable, it can include stats from other TCP or UNIX domain socket servers).
TCP socket stats use efficient inet_diag facilities via netlink instead of parsing /proc/net/tcp to minimize overhead. This was fun to discover and write.
TCP_Info reporting may be used to check stat for every accepted client on TCP servers
Users of older Linux kernels need to ensure that the the "inet_diag" and "tcp_diag" kernel modules are loaded as they do not autoload correctly
== Install
We recommend GCC 4+ (or compatible) to support the __sync builtins (_sync{add,sub}_and_fetch()):
https://gcc.gnu.org/onlinedocs/gcc/_005f_005fsync-Builtins.html
For non-GCC 4+ users, we also support compilation with the libatomic_ops package starting with Raindrops 0.4.0:
https://github.com/ivmai/libatomic_ops
If you're using a packaged Ruby distribution, make sure you have a C compiler and the matching Ruby development libraries and headers.
If you use RubyGems:
gem install raindrops
== Usage
See Raindrops::Middleware and Raindrops::LastDataRecv documentation for use Rack servers. The entire library is fully-documented and we are responsive on the publicly archived mailbox (mailto:raindrops-public@yhbt.net) if you have any questions or comments.
== Development
You can get the latest source via git from the following locations:
https://yhbt.net/raindrops.git http://7fh6tueqddpjyxjmgtdiueylzoqt6pt7hec3pukyptlmohoowvhde4yd.onion/raindrops.git http://repo.or.cz/w/raindrops.git (gitweb mirror)
Snapshots and tarballs are available.
Inline patches (from "git format-patch") to the mailbox are preferred because they allow code review and comments in the reply to the patch.
We will adhere to mostly the same conventions for patch submissions as git itself. See the Documentation/SubmittingPatches document distributed with git on on patch submission guidelines to follow. Just don't email the git mailing list or maintainer with raindrops patches.
raindrops is licensed under the LGPL-2.1+
== Contact
All feedback (bug reports, user/development discussion, patches, pull requests) go to the publicly archived mailbox: mailto:raindrops-public@yhbt.net
Mail archives are available over HTTP(S), IMAP(S) and NNTP(S):
Since archives are public, scrub sensitive information and use anonymity tools such as Tor or Mixmaster if you deem necessary.
FAQs
Unknown package
We found that raindrops demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.