
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
ruby-prof-flamegraph
Advanced tools
A ruby-prof printer that outputs a fold stack file that's compatible with FlameGraph.
It is created based on RubyProf::CallStackPrinter
.
FlameGraph is a way to visualize stack trace, making it very obvious where in the program takes the longest time. It is a Perl script takes a "fold stack" file and generates a nice, interactive SVG. The fold stack is usually generated from DTrace or Prof data using stackcollapse.pl, which is included with FlameGraph.
I created this gem because I want to find out where the bottleneck is in SlimWiki's specs, but I don't know DTrace and just want the result quick.
I did not expect this, but generating a company name from Faker causes 44 YAML files to be parsed, taking 28 seconds.
(TODO include image)
To learn more about Flame Graphs, check these out:
gem 'ruby-prof-flamegraph'
Just require 'ruby-prof-flamegraph
and use RubyProf::FlameGraphPrinter
as your printer for ruby-prof.
For vanilla ruby-prof, see example.rb.
For rspec-prof, RSpecProf.printer_class = RubyProf::FlameGraphPrinter
See the result in example.svg
FAQs
Unknown package
We found that ruby-prof-flamegraph demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
Research
Security News
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
Security News
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.