Gathering detailed insights and metrics for @grpc/grpc-js
Gathering detailed insights and metrics for @grpc/grpc-js
Installations
npm install @grpc/grpc-jsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=12.10.0
Node Version
18.16.1
NPM Version
9.5.1
Score
77.4
Supply Chain
96
Quality
94.2
Maintenance
100
Vulnerability
99.6
License
Releases
284
@grpc/grpc-js 1.13.1
@grpc/grpc-js@1.13.1
Updated on Mar 21, 2025
@grpc/grpc-js-xds 1.13.0
@grpc/grpc-js-xds@1.13.0
Updated on Mar 11, 2025
@grpc/grpc-js 1.13.0
@grpc/grpc-js@1.13.0
Updated on Mar 11, 2025
grpc-tools 1.13.0
grpc-tool@1.13.0
Updated on Feb 06, 2025
@grpc/grpc-js-xds 1.12.2
@grpc/grpc-js-xds@1.12.2
Updated on Feb 04, 2025
@grpc/grpc-js@1.12.6
@grpc/grpc-js@1.12.6
Updated on Feb 04, 2025
Contributors
187
Unable to fetch Contributors
Languages
8
TypeScript
JavaScript
C++
Shell
Dockerfile
CMake
Batchfile
PowerShell
TypeScript (85.43%)
JavaScript (11.61%)
C++ (1.42%)
Shell (0.95%)
Dockerfile (0.24%)
CMake (0.13%)
Batchfile (0.12%)
PowerShell (0.1%)
Developer
Download Statistics
Total Downloads
1,541,160,711
Last Day
2,599,835
Last Week
14,004,896
Last Month
60,843,089
Last Year
564,077,956
GitHub Statistics
Apache-2.0 License
4,609 Stars
5,026 Commits
660 Forks
73 Watchers
51 Branches
187 Contributors
Updated on Mar 21, 2025
Bundle Size
362.57 kB
Minified
95.28 kB
Minified + Gzipped
Maintainers
3
Package Meta Information
Latest Version
1.13.1
Package Id
@grpc/grpc-js@1.13.1
Unpacked Size
1.88 MB
Size
351.64 kB
File Count
444
NPM Version
9.5.1
Node Version
18.16.1
Published on
Mar 21, 2025
Total Downloads
Cumulative downloads
Total Downloads
1,541,160,711
Last Day
-0.7%
2,599,835
Compared to previous day
Last Week
-1.4%
14,004,896
Compared to previous week
Last Month
8%
60,843,089
Compared to previous month
Last Year
46.7%
564,077,956
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
30
@grpc/proto-loader@types/gulp@types/gulp-mocha@types/lodash@types/mocha@types/ncp@types/node@types/pify@types/semver@typescript-eslint/eslint-plugin@typescript-eslint/parser@typescript-eslint/typescript-estreeclang-formateslinteslint-config-prettiereslint-plugin-nodeeslint-plugin-prettierexecagulpgulp-mochalodashmadgemocha-jenkins-reporterncppifyprettierrimrafsemverts-nodetypescript
Pure JavaScript gRPC Client
Installation
Node 12 is recommended. The exact set of compatible Node versions can be found in the engines field of the package.json file.
1npm install @grpc/grpc-js
Documentation
Documentation specifically for the @grpc/grpc-js package is currently not available. However, documentation is available for the grpc package, and the two packages contain mostly the same interface. There are a few notable differences, however, and these differences are noted in the "Migrating from grpc" section below.
Features
- Clients
- Automatic reconnection
- Servers
- Streaming
- Metadata
- Partial compression support: clients can compress and decompress messages, and servers can decompress request messages
- Pick first and round robin load balancing policies
- Client Interceptors
- Connection Keepalives
- HTTP Connect support (proxies)
If you need a feature from the grpc package that is not provided by the @grpc/grpc-js, please file a feature request with that information.
This library does not directly handle .proto files. To use .proto files with this library we recommend using the @grpc/proto-loader package.
Migrating from grpc
@grpc/grpc-js is almost a drop-in replacement for grpc, but you may need to make a few code changes to use it:
- If you are currently loading
.protofiles usinggrpc.load, that function is not available in this library. You should instead load your.protofiles using@grpc/proto-loaderand load the resulting package definition objects into@grpc/grpc-jsusinggrpc.loadPackageDefinition. - If you are currently loading packages generated by
grpc-tools, you should instead generate your files using thegenerate_package_definitionoption ingrpc-tools, then load the object exported by the generated file into@grpc/grpc-jsusinggrpc.loadPackageDefinition. - If you have a server and you are using
Server#bindto bind ports, you will need to useServer#bindAsyncinstead. - If you are using any channel options supported in
grpcbut not supported in@grpc/grpc-js, you may need to adjust your code to handle the different behavior. Refer to the list of supported options below. - Refer to the detailed package comparison for more details on the differences between
grpcand@grpc/grpc-js.
Supported Channel Options
Many channel arguments supported in grpc are not supported in @grpc/grpc-js. The channel arguments supported by @grpc/grpc-js are:
grpc.ssl_target_name_overridegrpc.primary_user_agentgrpc.secondary_user_agentgrpc.default_authoritygrpc.keepalive_time_msgrpc.keepalive_timeout_msgrpc.keepalive_permit_without_callsgrpc.service_configgrpc.max_concurrent_streamsgrpc.initial_reconnect_backoff_msgrpc.max_reconnect_backoff_msgrpc.use_local_subchannel_poolgrpc.max_send_message_lengthgrpc.max_receive_message_lengthgrpc.enable_http_proxygrpc.default_compression_algorithmgrpc.enable_channelzgrpc.dns_min_time_between_resolutions_msgrpc.enable_retriesgrpc.max_connection_age_msgrpc.max_connection_age_grace_msgrpc.max_connection_idle_msgrpc.per_rpc_retry_buffer_sizegrpc.retry_buffer_sizegrpc.service_config_disable_resolutiongrpc.client_idle_timeout_msgrpc-node.max_session_memorygrpc-node.tls_enable_tracegrpc-node.retry_max_attempts_limitgrpc-node.flow_control_windowchannelOverridechannelFactoryOverride
Some Notes on API Guarantees
The public API of this library follows semantic versioning, with some caveats:
- Some methods are prefixed with an underscore. These methods are internal and should not be considered part of the public API.
- The class
Callis only exposed due to limitations of TypeScript. It should not be considered part of the public API. - In general, any API that is exposed by this library but is not exposed by the
grpclibrary is likely an error and should not be considered part of the public API. - The
grpc.experimentalnamespace contains APIs that have not stabilized. Any API in that namespace may break in any minor version update.
High
7.5/10
Summary
Prototype pollution in grpc and @grpc/grpc-js
Affected Versions
< 1.1.8
Patched Versions
1.1.8
Moderate
5.3/10
Summary
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Affected Versions
< 1.8.22
Patched Versions
1.8.22
Moderate
5.3/10
Summary
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Affected Versions
>= 1.9.0, < 1.9.15
Patched Versions
1.9.15
Moderate
5.3/10
Summary
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Affected Versions
>= 1.10.0, < 1.10.9
Patched Versions
1.10.9
Reason
30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: topLevel 'contents' permission set to 'read': .github/workflows/grpc-tools-build.yml:12
- Info: no jobLevel write permissions found
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
Found 1/10 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:19
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:36: pin your Docker image by updating gcr.io/distroless/nodejs18-debian11:latest to gcr.io/distroless/nodejs18-debian11:latest@sha256:c3627dd28e9e031c6b562eb7cb77c324b9c4635a1c05eaf8e89d2eaa364fa6f0
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:19
- Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:40: pin your Docker image by updating gcr.io/distroless/nodejs18-debian11:latest to gcr.io/distroless/nodejs18-debian11:latest@sha256:c3627dd28e9e031c6b562eb7cb77c324b9c4635a1c05eaf8e89d2eaa364fa6f0
- Warn: containerImage not pinned by hash: tools/release/native/Dockerfile:6: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:ed1544e454989078f5dec1bfdabd8c5cc9c48e0705d07b678ab6ae3fb61952d2
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:26
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:28
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:30
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:32
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:34
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:26
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:28
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:30
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:32
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:34
- Warn: downloadThenRun not pinned by hash: tools/release/native/Dockerfile:23
- Warn: downloadThenRun not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:22
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:38
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:41
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:44
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:47
- Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:52
- Warn: downloadThenRun not pinned by hash: run-tests.sh:20
- Warn: npmCommand not pinned by hash: run-tests.sh:42
- Warn: npmCommand not pinned by hash: run-tests.sh:67
- Warn: npmCommand not pinned by hash: setup_interop.sh:16
- Warn: npmCommand not pinned by hash: setup_interop.sh:17
- Warn: npmCommand not pinned by hash: setup_interop_purejs.sh:16
- Warn: npmCommand not pinned by hash: setup_interop_purejs.sh:17
- Warn: npmCommand not pinned by hash: test/client-libraries-integration/init.sh:16
- Warn: npmCommand not pinned by hash: test/client-libraries-integration/init.sh:23
- Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:29
- Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:30
- Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:31
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 26 npmCommand dependencies pinned
- Info: 0 out of 3 downloadThenRun dependencies pinned
- Info: 0 out of 5 containerImage dependencies pinned
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6.6
/10
Last Scanned on 2025-03-17
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More