Gathering detailed insights and metrics for why-is-node-running
Gathering detailed insights and metrics for why-is-node-running
Node is running but you don't know why? why-is-node-running is here to help you.
Installations
npm install why-is-node-runningDeveloper
mafintosh
Developer Guide
BETA
Module System
ESM
Min. Node Version
>=20.11
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
1,872 Stars
70 Commits
45 Forks
19 Watching
1 Branches
15 Contributors
Updated on 25 Nov 2024
Bundle Size
1.70 kB
Minified
915.00 B
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
282,847,194
Last day
-9.9%
1,132,533
Compared to previous day
Last week
3.7%
6,633,553
Compared to previous week
Last month
11.2%
27,354,443
Compared to previous month
Last year
257.4%
218,044,245
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
Versions
why-is-node-running
Node.js is running but you don't know why? why-is-node-running is here to help you.
Installation
If you want to use why-is-node-running in your code, you can install it as a local dependency of your project. If you want to use it as a CLI, you can install it globally, or use npx to run it without installing it.
As a local dependency
Node.js 20.11 and above (ECMAScript modules):
1npm install --save-dev why-is-node-running
Node.js 8 or higher (CommonJS):
1npm install --save-dev why-is-node-running@v2.x
As a global package
1npm install --global why-is-node-running 2why-is-node-running /path/to/some/file.js
Alternatively if you do not want to install the package globally, you can run it with npx:
1npx why-is-node-running /path/to/some/file.js
Usage (as a dependency)
1import whyIsNodeRunning from 'why-is-node-running' // should be your first import 2import { createServer } from 'node:net' 3 4function startServer () { 5 const server = createServer() 6 setInterval(() => {}, 1000) 7 server.listen(0) 8} 9 10startServer() 11startServer() 12 13// logs out active handles that are keeping node running 14setImmediate(() => whyIsNodeRunning())
Save the file as example.js, then execute:
1node ./example.js
Here's the output:
There are 4 handle(s) keeping the process running
# Timeout
example.js:6 - setInterval(() => {}, 1000)
example.js:10 - startServer()
# TCPSERVERWRAP
example.js:7 - server.listen(0)
example.js:10 - startServer()
# Timeout
example.js:6 - setInterval(() => {}, 1000)
example.js:11 - startServer()
# TCPSERVERWRAP
example.js:7 - server.listen(0)
example.js:11 - startServer()
Usage (as a CLI)
You can run why-is-node-running as a standalone if you don't want to include it inside your code. Sending SIGUSR1/SIGINFO signal to the process will produce the log. (Ctrl + T on macOS and BSD systems)
1why-is-node-running /path/to/some/file.js
probing module /path/to/some/file.js
kill -SIGUSR1 31115 for logging
To trigger the log:
kill -SIGUSR1 31115
Usage (with Node.js' --import option)
You can also use Node's --import option to preload why-is-node-running:
1node --import why-is-node-running/include /path/to/some/file.js
The steps are otherwise the same as the above CLI section
License
MIT
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/publish.yml:6
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/publish.yml:9
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Info: no jobLevel write permissions found
Reason
3 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 4
Reason
Found 4/29 approved changesets -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/mafintosh/why-is-node-running/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mafintosh/why-is-node-running/publish.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 20 are checked with a SAST tool
Score
5.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More