Gathering detailed insights and metrics for flagged-respawn
Gathering detailed insights and metrics for flagged-respawn
A tool for respawning node binaries when special flags are present.
Installations
npm install flagged-respawnDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>= 10.13.0
Node Version
16.13.0
NPM Version
7.24.2
Score
99.5
Supply Chain
99.4
Quality
77.9
Maintenance
100
Vulnerability
100
License
Releases
10
Languages
1
JavaScript
JavaScript (100%)
Developer
gulpjs
Download Statistics
Total Downloads
911,317,325
Last Day
617,860
Last Week
3,208,599
Last Month
13,451,338
Last Year
149,548,339
GitHub Statistics
MIT License
21 Stars
35 Commits
6 Forks
8 Watchers
1 Branches
4 Contributors
Updated on Nov 12, 2023
Bundle Size
1.33 kB
Minified
648.00 B
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
2.0.0
Package Id
flagged-respawn@2.0.0
Unpacked Size
9.90 kB
Size
4.20 kB
File Count
8
NPM Version
7.24.2
Node Version
16.13.0
Published on
Nov 21, 2021
Total Downloads
Cumulative downloads
Total Downloads
911,317,325
Last Day
52.5%
617,860
Compared to previous day
Last Week
6.7%
3,208,599
Compared to previous week
Last Month
-2.5%
13,451,338
Compared to previous month
Last Year
7.3%
149,548,339
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
7
flagged-respawn
A tool for respawning node binaries when special flags are present.
What is it?
Say you wrote a command line tool that runs arbitrary javascript (e.g. task runner, test framework, etc). For the sake of discussion, let's pretend it's a testing harness you've named testify.
Everything is going splendidly until one day you decide to test some code that relies on a feature behind a v8 flag in node (--harmony, for example). Without much thought, you run testify --harmony spec tests.js.
It doesn't work. After digging around for a bit, you realize this produces a process.argv of:
['node', '/usr/local/bin/test', '--harmony', 'spec', 'tests.js']
Crap. The --harmony flag is in the wrong place! It should be applied to the node command, not our binary. What we actually wanted was this:
['node', '--harmony', '/usr/local/bin/test', 'spec', 'tests.js']
Flagged-respawn fixes this problem and handles all the edge cases respawning creates, such as:
- Providing a method to determine if a respawn is needed.
- Piping stderr/stdout from the child into the parent.
- Making the parent process exit with the same code as the child.
- If the child is killed, making the parent exit with the same signal.
To see it in action, clone this repository and run npm install / npm run respawn / npm run nospawn.
Sample Usage
1#!/usr/bin/env node 2 3const flaggedRespawn = require('flagged-respawn'); 4 5// get a list of all possible v8 flags for the running version of node 6const v8flags = require('v8flags').fetch(); 7 8flaggedRespawn(v8flags, process.argv, function (ready, child) { 9 if (ready) { 10 console.log('Running!'); 11 // your cli code here 12 } else { 13 console.log('Special flags found, respawning.'); 14 } 15 if (process.pid !== child.pid) { 16 console.log('Respawned to PID:', child.pid); 17 } 18});
API
flaggedRespawn(flags, argv, [ forcedFlags, ] callback) : Void
Respawns the script itself when argv has special flag contained in flags and/or forcedFlags is not empty. Because members of flags and forcedFlags are passed to node command, each of them needs to be a node flag or a V8 flag.
Forbid respawning
If --no-respawning flag is given in argv, this function does not respawned even if argv contains members of flags or forcedFlags is not empty. (This flag is also used internally to prevent from respawning more than once).
Parameter:
| Parameter | Type | Description |
|---|---|---|
| flags | Array | An array of node flags and V8 flags which are available when present in argv. |
| argv | Array | Command line arguments to respawn. |
| forcedFlags | Array or String | An array of node flags or a string of a single flag and V8 flags for respawning forcely. |
| callback | function | A called function when not respawning or after respawned. |
-
callback(ready, proc, argv) : Void
callback function is called both when respawned or not, and it can be distinguished by callback's argument: ready. (ready indicates whether a process spawned its child process (false) or not (true), but it does not indicate whether a process is a spawned child process or not. ready for a spawned child process is true.)
argv is an array of command line arguments which is respawned (when ready is false) or is passed current process except flags within flags and
--no-respawning(when ready is true).Parameter:
Parameter Type Description ready boolean True, if not respawning and is ready to execute main function. proc object Child process object if respawned, otherwise current process object. argv Array An array of command line arguments.
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/gulpjs/.github/SECURITY.md:1
- Info: Found linked content: github.com/gulpjs/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/gulpjs/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/gulpjs/.github/SECURITY.md:1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 2/29 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/dev.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/dev.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/dev.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/dev.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/dev.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/dev.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/dev.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dev.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/dev.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/gulpjs/flagged-respawn/release.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/dev.yml:51
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 3 are checked with a SAST tool
Score
4.1
/10
Last Scanned on 2025-05-05
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More