npmpackage.info

Gathering detailed insights and metrics for grpc

Other packages similar to grpc

@grpc/grpc-js

1.13.4

gRPC Library for Node - pure JS implementation

@grpc/proto-loader

0.7.15

gRPC utility library for loading .proto files

@opentelemetry/instrumentation-grpc

0.203.0

OpenTelemetry instrumentation for `@grpc/grpc-js` rpc client and server for gRPC framework

@opentelemetry/otlp-grpc-exporter-base

0.203.0

OpenTelemetry OTLP-gRPC Exporter base (for internal use only)

Gathering detailed insights and metrics for grpc

grpc - 1.24.11 | npmpackage.info

grpc

gRPC for Node.js

1.24.11

4,683

Apache-2.0

TypeScript

6.6

Installations

npm install grpc

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Min. Node Version

>=4

Node Version

14.17.0

NPM Version

6.14.13 Pull Requests

Open

16

Total

1,744

Closed

187

Merged

1,541

Issues

Open

203

Total

1,175

Closed

972

Releases

289

@grpc/grpc-js 1.13.4

@grpc/grpc-js@1.13.4

Updated on May 21, 2025

@grpc/proto-loader 0.7.15

@grpc/proto-loader@0.7.15

Updated on Apr 18, 2025

@grpc/proto-loader 0.7.14

@grpc/proto-loader@0.7.14

Updated on Apr 17, 2025

@grpc/grpc-js 1.13.3

@grpc/grpc-js@1.13.3

Updated on Apr 10, 2025

@grpc/grpc-js 1.13.2

@grpc/grpc-js@1.13.2

Updated on Mar 26, 2025

@grpc/grpc-js 1.13.1

@grpc/grpc-js@1.13.1

Updated on Mar 21, 2025

View All 289 releases

Languages

TypeScript

JavaScript

C++

Shell

Dockerfile

CMake

Batchfile

PowerShell

TypeScript (85.98%)

JavaScript (11.17%)

C++ (1.36%)

Shell (0.91%)

Dockerfile (0.24%)

CMake (0.13%)

Batchfile (0.12%)

PowerShell (0.1%)

Developer

grpc

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

Apache-2.0 License

4,683 Stars

5,059 Commits

675 Forks

72 Watchers

51 Branches

187 Contributors

Updated on Jul 14, 2025

Maintainers

View All 187 Contributors

Package Meta Information

Latest Version

1.24.11

Package Id

grpc@1.24.11

Size

4.74 MB

NPM Version

6.14.13

Node Version

14.17.0

Published on

Jul 23, 2021

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@mapbox/node-pre-gyp @types/bytebuffer lodash.camelcase lodash.clone nan protobufjs

Dev Dependencies

body-parser electron-mocha express google-protobuf istanbul lodash minimist node-forge poisson-process

Node.js gRPC Library

As of April 2021 this library is deprecated and will no longer receive any updates. We recommend using @grpc/grpc-js instead.

PREREQUISITES

node: This requires node to be installed, version 4.0 or above. If you instead have the nodejs executable on Debian, you should install the nodejs-legacy package.
Note: If you installed node via a package manager and the version is still less than 4.0, try directly installing it from nodejs.org.

LATEST VERSIONS SUPPORTED

Node: 14
Electron: 11.2

INSTALLATION

Install the gRPC NPM package

1npm install grpc

BUILD FROM SOURCE

The following command can be used to build from source when installing the package from npm:

npm install grpc --build-from-source

The --build-from-source option will work even when installing another package that depends on grpc. To build only grpc from source, you can use the argument --build-from-source=grpc.

ABOUT ELECTRON

The official electron documentation recommends to build all of your native packages from source. While the reasons behind this are technically good - many native extensions won't be packaged to work properly with electron - the gRPC source code is fairly difficult to build from source due to its complex nature, and we're also providing working electron pre-built binaries. Therefore, we recommend that you do not follow this model for using gRPC with electron. Also, for the same reason, electron-rebuild will always build from source. We advise you to not use this tool if you are depending on gRPC. Please note that there's not just one way to get native extensions running in electron, and that there's never any silver bullet for anything. The following instructions try to cater about some of the most generic ways, but different edge cases might require different methodologies.

The best way to get gRPC to work with electron is to do this, possibly in the postinstall script of your package.json file:

npm rebuild --target=2.0.0 --runtime=electron --dist-url=https://atom.io/download/electron

Note that the 2.0.0 above is the electron runtime version number. You will need to update this every time you go on a different version of the runtime.

If you have more native dependencies than gRPC, and they work better when built from source, you can explicitely specify which extension to build the following way:

npm rebuild --build-from-source=sqlite3 --target=2.0.0 --runtime=electron --dist-url=https://atom.io/download/electron

This way, if you depend on both grpc and sqlite3, only the sqlite3 package will be rebuilt from source, leaving the grpc package to use its precompiled binaries.

BUILD IN GIT REPOSITORY

Clone the grpc-node Git Repository.
Run git submodule update --init --recursive from the repository root.
Run cd packages/grpc-native-core.
Run npm install --build-from-source.

Note: On Windows, this might fail due to nodejs issue #4932 in which case, you will see something like the following in npm install's output (towards the very beginning):

 ..
 Building the projects in this solution one at a time. To enable parallel build, please add the "/m" switch.
 WINDOWS_BUILD_WARNING
  "..\IMPORTANT: Due to https:\github.com\nodejs\node\issues\4932, to build this library on Windows, you must first remove C:\Users\jenkins\.node-gyp\4.4.0\include\node\openssl"
  ...
  ..

To fix this, you will have to delete the folder C:\Users\<username>\.node-gyp\<node_version>\include\node\openssl and retry npm install

CONFIGURE BINARIES' LOCATION

You can configure the location from which the pre-compiled binaries are downloaded during installation.

npm install --grpc_node_binary_host_mirror=https://your-url.com

Or defining grpc_node_binary_host_mirror in your .npmrc.

API DOCUMENTATION

See the API Documentation.

TESTING

To run the test suite, simply run npm test in the install location.

High

7.5/10

Summary

Prototype pollution in grpc and @grpc/grpc-js

Affected Versions

< 1.24.4

Patched Versions

1.24.4

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

License

Determines if the project has defined a license.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

Security-Policy

Determines if the project has published a security policy.

1

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 0

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:52: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/grpc-tools-build.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/grpc/grpc-node/grpc-tools-build.yml/master?enable=pin
Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:19
Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:36: pin your Docker image by updating gcr.io/distroless/nodejs18-debian11:latest to gcr.io/distroless/nodejs18-debian11:latest@sha256:c3627dd28e9e031c6b562eb7cb77c324b9c4635a1c05eaf8e89d2eaa364fa6f0
Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:19
Warn: containerImage not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:40: pin your Docker image by updating gcr.io/distroless/nodejs18-debian11:latest to gcr.io/distroless/nodejs18-debian11:latest@sha256:c3627dd28e9e031c6b562eb7cb77c324b9c4635a1c05eaf8e89d2eaa364fa6f0
Warn: containerImage not pinned by hash: tools/release/native/Dockerfile:6: pin your Docker image by updating ubuntu:22.04 to ubuntu:22.04@sha256:3c61d3759c2639d4b836d32a2d3c83fa0214e36f195a3421018dbaaf79cbe37f
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:26
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:28
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:30
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:32
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-client.Dockerfile:34
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:26
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:28
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:30
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:32
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/interop/test-server.Dockerfile:34
Warn: downloadThenRun not pinned by hash: tools/release/native/Dockerfile:23
Warn: downloadThenRun not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:22
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:38
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:41
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:44
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:47
Warn: npmCommand not pinned by hash: packages/grpc-js-xds/scripts/xds.sh:52
Warn: downloadThenRun not pinned by hash: run-tests.sh:20
Warn: npmCommand not pinned by hash: run-tests.sh:42
Warn: npmCommand not pinned by hash: run-tests.sh:67
Warn: npmCommand not pinned by hash: setup_interop.sh:16
Warn: npmCommand not pinned by hash: setup_interop.sh:17
Warn: npmCommand not pinned by hash: setup_interop_purejs.sh:16
Warn: npmCommand not pinned by hash: setup_interop_purejs.sh:17
Warn: npmCommand not pinned by hash: test/client-libraries-integration/init.sh:16
Warn: npmCommand not pinned by hash: test/client-libraries-integration/init.sh:23
Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:29
Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:30
Warn: npmCommand not pinned by hash: test/distrib/run-distrib-test.sh:31
Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
Info: 0 out of 5 containerImage dependencies pinned
Info: 0 out of 26 npmCommand dependencies pinned
Info: 0 out of 3 downloadThenRun dependencies pinned

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

Score

6.6

/10

Last Scanned on 2025-07-07

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More