Gathering detailed insights and metrics for @grpc/grpc-js
Gathering detailed insights and metrics for @grpc/grpc-js
Gathering detailed insights and metrics for @grpc/grpc-js
Gathering detailed insights and metrics for @grpc/grpc-js
@opentelemetry/instrumentation-grpc
OpenTelemetry instrumentation for `@grpc/grpc-js` rpc client and server for gRPC framework
@improbable-eng/grpc-web
gRPC-Web client for browsers (JS/TS)
@grpc/grpc-js-xds
Plugin for @grpc/grpc-js. Adds the xds:// URL scheme and associated features.
@injectivelabs/grpc-web
gRPC-Web client for browsers (JS/TS)
npm install @grpc/grpc-js
Typescript
Module System
Min. Node Version
Node Version
NPM Version
64.1
Supply Chain
95.8
Quality
94.7
Maintenance
100
Vulnerability
99.6
License
@grpc/grpc-js 1.12.4
Published on 04 Dec 2024
@grpc/grpc-js 1.12.3
Published on 02 Dec 2024
@grpc/grpc-js 1.12.2
Published on 09 Oct 2024
@grpc/grpc-js 1.12.1
Published on 08 Oct 2024
@grpc/grpc-js-xds 1.12.0
Published on 03 Oct 2024
@grpc/grpc-js 1.12.0
Published on 03 Oct 2024
Updated on 06 Dec 2024
TypeScript (84.92%)
JavaScript (12.13%)
C++ (1.46%)
Shell (0.98%)
CMake (0.14%)
Batchfile (0.13%)
Dockerfile (0.13%)
PowerShell (0.11%)
Cumulative downloads
Total Downloads
Last day
35.2%
Compared to previous day
Last week
0.8%
Compared to previous week
Last month
4.9%
Compared to previous month
Last year
48.6%
Compared to previous year
2
30
Node 12 is recommended. The exact set of compatible Node versions can be found in the engines
field of the package.json
file.
1npm install @grpc/grpc-js
Documentation specifically for the @grpc/grpc-js
package is currently not available. However, documentation is available for the grpc
package, and the two packages contain mostly the same interface. There are a few notable differences, however, and these differences are noted in the "Migrating from grpc" section below.
If you need a feature from the grpc
package that is not provided by the @grpc/grpc-js
, please file a feature request with that information.
This library does not directly handle .proto
files. To use .proto
files with this library we recommend using the @grpc/proto-loader
package.
grpc
@grpc/grpc-js
is almost a drop-in replacement for grpc
, but you may need to make a few code changes to use it:
.proto
files using grpc.load
, that function is not available in this library. You should instead load your .proto
files using @grpc/proto-loader
and load the resulting package definition objects into @grpc/grpc-js
using grpc.loadPackageDefinition
.grpc-tools
, you should instead generate your files using the generate_package_definition
option in grpc-tools
, then load the object exported by the generated file into @grpc/grpc-js
using grpc.loadPackageDefinition
.Server#bind
to bind ports, you will need to use Server#bindAsync
instead.grpc
but not supported in @grpc/grpc-js
, you may need to adjust your code to handle the different behavior. Refer to the list of supported options below.grpc
and @grpc/grpc-js
.Many channel arguments supported in grpc
are not supported in @grpc/grpc-js
. The channel arguments supported by @grpc/grpc-js
are:
grpc.ssl_target_name_override
grpc.primary_user_agent
grpc.secondary_user_agent
grpc.default_authority
grpc.keepalive_time_ms
grpc.keepalive_timeout_ms
grpc.keepalive_permit_without_calls
grpc.service_config
grpc.max_concurrent_streams
grpc.initial_reconnect_backoff_ms
grpc.max_reconnect_backoff_ms
grpc.use_local_subchannel_pool
grpc.max_send_message_length
grpc.max_receive_message_length
grpc.enable_http_proxy
grpc.default_compression_algorithm
grpc.enable_channelz
grpc.dns_min_time_between_resolutions_ms
grpc.enable_retries
grpc.max_connection_age_ms
grpc.max_connection_age_grace_ms
grpc.max_connection_idle_ms
grpc.per_rpc_retry_buffer_size
grpc.retry_buffer_size
grpc.service_config_disable_resolution
grpc.client_idle_timeout_ms
grpc-node.max_session_memory
grpc-node.tls_enable_trace
grpc-node.retry_max_attempts_limit
channelOverride
channelFactoryOverride
The public API of this library follows semantic versioning, with some caveats:
Call
is only exposed due to limitations of TypeScript. It should not be considered part of the public API.grpc
library is likely an error and should not be considered part of the public API.grpc.experimental
namespace contains APIs that have not stabilized. Any API in that namespace may break in any minor version update.Stable Version
1
7.5/10
Summary
Prototype pollution in grpc and @grpc/grpc-js
Affected Versions
< 1.1.8
Patched Versions
1.1.8
3
5.3/10
Summary
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Affected Versions
< 1.8.22
Patched Versions
1.8.22
5.3/10
Summary
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Affected Versions
>= 1.9.0, < 1.9.15
Patched Versions
1.9.15
5.3/10
Summary
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Affected Versions
>= 1.10.0, < 1.10.9
Patched Versions
1.10.9
Reason
30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
GitHub workflow tokens follow principle of least privilege
Details
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
0 existing vulnerabilities detected
Reason
security policy file detected
Details
Reason
Found 2/12 approved changesets -- score normalized to 1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Score
Last Scanned on 2024-12-02
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More