Gathering detailed insights and metrics for hermes-profile-transformer
Gathering detailed insights and metrics for hermes-profile-transformer
TypeScript tool for converting Hermes Sampling Profiler output to Chrome Dev Tools format
Installations
npm install hermes-profile-transformerDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=8
Score
99
Supply Chain
95.4
Quality
80.5
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Languages
1
TypeScript
TypeScript (100%)
Developer
react-native-community
Download Statistics
Total Downloads
225,806,206
Last Day
155,878
Last Week
919,327
Last Month
4,339,854
Last Year
65,119,076
GitHub Statistics
MIT License
88 Stars
96 Commits
10 Forks
7 Watchers
15 Branches
69 Contributors
Updated on Apr 07, 2025
Maintainers
3
Package Meta Information
Latest Version
0.0.9
Package Id
hermes-profile-transformer@0.0.9
Size
68.72 kB
Published on
Aug 20, 2020
Total Downloads
Cumulative downloads
Total Downloads
225,806,206
Last Day
30.8%
155,878
Compared to previous day
Last Week
19.6%
919,327
Compared to previous week
Last Month
-3%
4,339,854
Compared to previous month
Last Year
-8%
65,119,076
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
1
Dev Dependencies
4
Hermes Profile Transformer
Visualize Facebook's Hermes JavaScript runtime profile traces in Chrome Developer Tools.
Overview
The Hermes runtime, used by React Native for Android, is able to output Chrome Trace Events in JSON Object Format.
This TypeScript package converts Hermes CPU profiles to Chrome Developer Tools compatible JSON Array Format, and enriches it with line and column numbers and event categories from JavaScript source maps.
Usage
If you're using hermes-profile-transformer to debug React Native Android applications, you can use the React Native CLI react-native profile-hermes command, which uses this package to convert the downloaded Hermes profiles automatically.
As a standalone package
1const transformer = require('hermes-profile-transformer').default; 2const { writeFileSync } = require('fs'); 3 4const hermesCpuProfilePath = './testprofile.cpuprofile'; 5const sourceMapPath = './index.map'; 6const sourceMapBundleFileName = 'index.bundle.js'; 7 8transformer( 9 // profile path is required 10 hermesCpuProfilePath, 11 // source maps are optional 12 sourceMap, 13 sourceMapBundleFileName 14) 15 .then(events => { 16 // write converted trace to a file 17 return writeFileSync( 18 './chrome-supported.json', 19 JSON.stringify(events, null, 2), 20 'utf-8' 21 ); 22 }) 23 .catch(err => { 24 console.log(err); 25 });
Creating Hermes CPU Profiles
Opening converted profiles in Chrome Developer Tools
Open Developer Tools in Chrome, navigate to the Performance tab, and use the Load profile... feature.
API
transformer(profilePath: string, sourceMapPath?: string, bundleFileName?: string)
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
| profilePath | string | Yes | Path to a JSON-formatted .cpuprofile file created by the Hermes runtime |
| sourceMapPath | string | No | Path to a source-map compatible Source Map file |
| bundleFileName | string | No | If sourceMapPath is provided, you need to also provide the name of the JavaScript bundle file that the source map applies to. This file does not need to exist on disk. |
Returns
Promise<DurationEvent[]>, where DurationEvent is as defined in EventInterfaces.ts.
Resources
- Using Hermes with React Native.
- Chrome Trace Event Format. Hermes uses the JSON Object format.
- Measuring JavaScript performance in Chrome
LICENSE
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 2/15 approved changesets -- score normalized to 1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/hermes-profile-transformer/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/hermes-profile-transformer/main.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/react-native-community/hermes-profile-transformer/main.yml/master?enable=pin
- Info: 0 out of 3 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 22 are checked with a SAST tool
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-w8qv-6jwh-64r5
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj
- Warn: Project is vulnerable to: GHSA-896r-f27r-55mw
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-5fw9-fq32-wv5p
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-hxcc-f52p-wc94
- Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6
- Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj
- Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc
- Warn: Project is vulnerable to: GHSA-jgrx-mgxx-jf9v
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
- Warn: Project is vulnerable to: GHSA-6fc8-4gx4-v693
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
Score
2.9
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More