profile
viewpoint
Ali Ijaz Sheikh ofrobots Google Inc. SF Bay Area, CA

googleapis/google-api-nodejs-client 8203

Google's officially supported Node.js client library for accessing Google APIs. Support for authorization and authentication with OAuth 2.0, API Keys and JWT (Service Tokens) is included.

google/gts 2350

☂️ TypeScript style guide, formatter, and linter.

googleapis/google-auth-library-nodejs 858

🔑 Google Auth Library for Node.js

google/node-h2-auto-push 303

HTTP/2 automatic server push

davidmarkclements/v8-perf 247

Exploring v8 performance characteristics in Node across v8 versions 5.1, 5.8, 5.9, 6.0 and 6.1

google/node-sec-roadmap 153

Some thoughts on how Node.js might respond to a changing security environment

nodejs/benchmarking 142

Node.js Benchmarking Working Group

googleapis/node-gtoken 87

:key: Google Auth Service Account Tokens for Node.js

google/node-fastify-auto-push 86

Fastify plugin for HTTP/2 automatic server push

google/js-green-licenses 80

JavaScript package.json License Checker

push eventofrobots/require-so-slow

renovate[bot]

commit sha 3cede8a96d098123f7455157b41fea7beb4bc4c4

chore(deps): update dependency nyc to v15 (#57)

view details

push time in 2 months

PR merged ofrobots/require-so-slow

chore(deps): update dependency nyc to v15

This PR contains the following updates:

Package Type Update Change
nyc devDependencies major ^14.0.0 -> ^15.0.0

Release Notes

<details> <summary>istanbuljs/nyc</summary>

v15.0.0

Compare Source

⚠ BREAKING CHANGES
  • The flow and jsx parser plugins are no longer enabled by default.
  • Node.js 8 is now required to run nyc
  • Remove NYC_ROOT_ID and NYC_INSTRUMENTER environmental variables.
  • The root field has been removed from processinfo files.
Features
Bug Fixes

</details>


Renovate configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

Newsflash: Renovate has joined WhiteSource, and is now free for all use. Learn more or view updated terms and privacy policies.

+712 -796

0 comment

2 changed files

renovate[bot]

pr closed time in 2 months

push eventofrobots/require-so-slow

renovate[bot]

commit sha 8c9f454b77dc0bf61778a24ad8243500dc5fe8f6

fix(deps): update dependency update-notifier to v4 (#55)

view details

push time in 2 months

PR merged ofrobots/require-so-slow

fix(deps): update dependency update-notifier to v4

This PR contains the following updates:

Package Type Update Change
update-notifier dependencies major ^3.0.0 -> ^4.0.0

Release Notes

<details> <summary>yeoman/update-notifier</summary>

v4.0.0

Compare Source

Breaking
Fixes
  • Avoid showing update notification if current version is the latest (#​174) bc1721a
  • Fix the presented install command for globally installed npm packages (#​165) bf73119

</details>


Renovate configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

Newsflash: Renovate has joined WhiteSource, and is now free for all use. Learn more or view updated terms and privacy policies.

+352 -92

0 comment

2 changed files

renovate[bot]

pr closed time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 export interface ProfilerConfig extends GoogleAuthOptions {   disableSourceMaps: boolean; } +// Interface for an initialized profiler config.+export interface ProfilerConfig extends LocalConfig {+  projectId: string;

Thanks for clarifying that ProfiledConfig is not publicly exported to the users, but rather the user-visible config is Config.

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 export async function createProfiler(config: Config = {}): Promise<Profiler> {  */ export async function start(config: Config = {}): Promise<void> {   let profiler: Profiler;-  try {-    profiler = await createProfiler(config);-  } catch (e) {-    logError(`${e}`, config);-    return;-  }+  profiler = await createProfiler(config);   profiler.start(); } -function logError(msg: string, config: Config) {-  // FIXME: do not create a new logger on each error.-  const logger = createLogger(config.logLevel);-  logger.error(msg);-}- /**  * For debugging purposes. Collects profiles and discards the collected  * profiles.  */ export async function startLocal(config: Config = {}): Promise<void> {   let profiler: Profiler;-  try {-    profiler = await createProfiler(config);-  } catch (e) {-    logError(`${e}`, config);-    return;-  }+  profiler = await createProfiler(config);

likewise.

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 export async function createProfiler(config: Config = {}): Promise<Profiler> {  */ export async function start(config: Config = {}): Promise<void> {   let profiler: Profiler;-  try {-    profiler = await createProfiler(config);-  } catch (e) {-    logError(`${e}`, config);-    return;-  }+  profiler = await createProfiler(config);

No need to keep the declaration and assignment separate anymore. const profiler = await createProfiler(config).

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 export interface ProfilerConfig extends GoogleAuthOptions {   disableSourceMaps: boolean; } +// Interface for an initialized profiler config.+export interface ProfilerConfig extends LocalConfig {+  projectId: string;

Apologies if this was discussed earlier, and I missed it. Why are we requiring all users, even those not running on Istio to now start providing a projectId, when their code works fine as-is? With this breaking change, their code may stop compiling. In some cases they would need to go though significant hoops to provide a project id, wherein they didn't need to before.

Looking at the implementation, we actually are able to fetch the projectId from the metadata service on the users behalf, and use it even if the projectId was not specified in the config. IOW, this breaking change seems more strict than what the code actually requires.

Am I overlooking something?

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 configuration options. These options can be passed to the agent through the object argument to the start command shown below:  ```js-require('@google-cloud/profiler').start({disableTime: true});+require('@google-cloud/profiler').start({disableTime: true}).catch((err) => {

Maybe even omit the const success =.

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 configuration options. These options can be passed to the agent through the object argument to the start command shown below:  ```js-require('@google-cloud/profiler').start({disableTime: true});+require('@google-cloud/profiler').start({disableTime: true}).catch((err) => {

Optional suggestion: instead of making all the examples verbose with a catch block, you could use something like this:

const success = await require('@google-cloud/profiler').start({...});

The await succinctly implies that the returned value is a promise. A rejection on the awaited promise will correctly be turned into throw.

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 export async function start(config: Config = {}): Promise<void> {   try {     profiler = await createProfiler(config);   } catch (e) {-    logError(`${e}`, config);-    return;+    throw e;

Why catch at all? Omit the try/catch block and it will bubble to the caller.

nolanmar511

comment created time in 2 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

feat(breaking!): require the project ID to be set before starting the profiling agent

 to your [`package.json`](https://docs.npmjs.com/files/package.json#dependencies) 2. Include and start the profiler at the beginning of your application:      ```js-    var profiler = require('@google-cloud/profiler').start();+    var profiler = require('@google-cloud/profiler').start().catch((err) => {

This problem existed before your change, but it gets more confusing after you change: AFAICT, start returns Promise<void> so assigning it to a variable named profiler doesn't make too much sense to me. I would suggest removing the var profiler = from this statement.

nolanmar511

comment created time in 2 months

push eventofrobots/require-so-slow

renovate[bot]

commit sha 8d61a2ef60b934943de7d9ab567420a811e2094e

fix(deps): update dependency meow to v6 (#54)

view details

push time in 2 months

PR merged ofrobots/require-so-slow

fix(deps): update dependency meow to v6

This PR contains the following updates:

Package Type Update Change
meow dependencies major ^5.0.0 -> ^6.0.0

Release Notes

<details> <summary>sindresorhus/meow</summary>

v6.0.0

Compare Source

Breaking
  • Require Node.js 8 cd635d4
  • Remove flag's aliases from the flags property (#​108) f36715c
  • Only consider enabling autoHelp/autoVersion in case there is only one argument in process.argv (#​114) cd29865
  • Switch from loud-rejection to hard-rejection f60c26e
Enhancements

</details>


Renovate configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box

Newsflash: Renovate has joined WhiteSource, and is now free for all use. Learn more or view updated terms and privacy policies.

+372 -85

0 comment

2 changed files

renovate[bot]

pr closed time in 2 months

push eventofrobots/require-so-slow

renovate[bot]

commit sha 3b62d35e22c9d4441a512246ad2c835f606a7772

chore(deps): update dependency typescript to ~3.7.0 (#52)

view details

push time in 3 months

PR merged ofrobots/require-so-slow

chore(deps): update dependency typescript to ~3.7.0

This PR contains the following updates:

Package Type Update Change
typescript (source) devDependencies minor ~3.6.0 -> ~3.7.0

Release Notes

<details> <summary>Microsoft/TypeScript</summary>

v3.7.2

Compare Source

For release notes, check out the release announcement.

For new features, check out the What's new in TypeScript v3.7.2.

For the complete list of fixed issues, check out the

Downloads are available on:

</details>


Renovate configuration

:date: Schedule: At any time (no schedule defined).

:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.

:recycle: Rebasing: Whenever PR is stale, or if you modify the PR title to begin with "rebase!".

:no_bell: Ignore: Close this PR and you won't be reminded about this update again.


  • [ ] <!-- renovate-rebase -->If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot. View repository job log here.

+4 -4

0 comment

2 changed files

renovate[bot]

pr closed time in 3 months

MemberEvent
MemberEvent

created tagv8/sampling-heap-profiler

tagv0.4.0

Production friendly Node.js module that provides access to the V8 sampling heap profiler

created time in 4 months

release v8/sampling-heap-profiler

v0.4.0

released time in 4 months

push eventcensus-instrumentation/opencensus-node

snyk-bot

commit sha 2fedf82b8d2c5eb3519992eb1f0cbaf1d98b4791

fix: packages/opencensus-example-automatic-tracing/package.json & packages/opencensus-example-automatic-tracing/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131

view details

push time in 4 months

push eventcensus-instrumentation/opencensus-node

snyk-bot

commit sha 23d15a9ade543a98a1eeabf1f74a2e86e511e0b1

fix: examples/grpc/package.json & examples/grpc/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131

view details

push time in 4 months

push eventcensus-instrumentation/opencensus-node

snyk-bot

commit sha 7b353015cecb4032821484c7c4ca994f6a93227e

fix: packages/opencensus-resource-util/package.json, packages/opencensus-resource-util/package-lock.json & packages/opencensus-resource-util/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131

view details

push time in 4 months

push eventcensus-instrumentation/opencensus-node

snyk-bot

commit sha 6f24a107f422e1f7211ef3c3f5ecd2baa8f6826b

fix: packages/opencensus-exporter-stackdriver/package.json, packages/opencensus-exporter-stackdriver/package-lock.json & packages/opencensus-exporter-stackdriver/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131

view details

push time in 4 months

push eventcensus-instrumentation/opencensus-node

snyk-bot

commit sha e71797f198fa149c00f6193cc2619615fdf39047

fix: examples/grpc/package.json & examples/grpc/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131

view details

push time in 4 months

push eventcensus-instrumentation/opencensus-node

snyk-bot

commit sha 3d206bf80cbfacc5ebf51b7a101323c39f56f4bf

fix: packages/opencensus-example-automatic-tracing/package.json & packages/opencensus-example-automatic-tracing/.snyk to reduce vulnerabilities The following vulnerabilities are fixed with a Snyk patch: - https://snyk.io/vuln/SNYK-JS-HTTPSPROXYAGENT-469131

view details

push time in 4 months

push eventgoogle/eventid-js

Chris Cornwell

commit sha 893629aebf55a86f9c0dc0958c70378d742a9458

update to non-deprecated uuid import (#48)

view details

push time in 5 months

PR merged google/eventid-js

Update to non-deprecated uuid import cla: yes

This PR just updates the import statement for the UUID library to conform to the new standard as indicated here:

Deprecation warning: The use of require('uuid') is deprecated and will not be supported after version 3.x of this module. Instead, use require('uuid/[v1|v3|v4|v5]')

+2 -2

3 comments

1 changed file

crcornwell

pr closed time in 5 months

issue commentgoogle/pprof-nodejs

Expose a profile to pprof CLI

Context: while this module supports online gathering of V8 cpuprofiles and then converting them to profile.proto.gz, it would be nice to have a standalone CLI that can convert V8 cpuprofile files to profile.proto so that one can use pprof to view them.

concavelenz

comment created time in 5 months

Pull request review commentgoogleapis/gcp-metadata

feat!: requests now try both DNS and IP, using whichever responds first

 async function metadataAccessor<T>(   } } +async function fastFailMetadataRequest<T>(+  options: GaxiosOptions+): Promise<GaxiosResponse> {+  const secondaryOptions = {+    ...options,+    url: options.url!.replace(BASE_URL, SECONDARY_BASE_URL),+  };+  return Promise.race([request<T>(options), request<T>(secondaryOptions)]);

Maybe this is easier to do if you went back to your original application of the race only on isAvailable.

bcoe

comment created time in 5 months

Pull request review commentgoogleapis/gcp-metadata

feat!: requests now try both DNS and IP, using whichever responds first

 async function metadataAccessor<T>(   } } +async function fastFailMetadataRequest<T>(+  options: GaxiosOptions+): Promise<GaxiosResponse> {+  const secondaryOptions = {+    ...options,+    url: options.url!.replace(BASE_URL, SECONDARY_BASE_URL),+  };+  return Promise.race([request<T>(options), request<T>(secondaryOptions)]);

Ideally the race should happen only for the first request. Once we have established success once, we should switch to using the primary (i.e. IP) mode of connection from then onwards.

bcoe

comment created time in 5 months

pull request commentgoogleapis/gcp-metadata

feat!: requests now try both DNS and IP, using whichever responds first

Do we allow writes to metadata? AFAICT we only seem to do GET requests, so parallel requests (and preexisting restries) should be safe, but worth double checking.

bcoe

comment created time in 5 months

Pull request review commentgoogleapis/gcp-metadata

feat: isAvailable now tries both DNS and IP

 function validate(options: Options) { async function metadataAccessor<T>(   type: string,   options?: string | Options,-  noResponseRetries = 3+  noResponseRetries = 3,+  fastFail = false

I see that you aren't changing the default behavior for everyone; just for isAvailable. Is there a reason for not changing this for the other paths, e.g. if my library doesn't call isAvailable but rather directly tries to lookup a project or instance property. What are the scenarios where the slow-fail approach is desirable for those paths?

Perhaps you are being cautious around it being potentially breaking, but IMO, 'taking too long to fail' was a bug, and we should be changing the default behavior.

bcoe

comment created time in 5 months

Pull request review commentgoogleapis/cloud-profiler-nodejs

chore(deps): pin pprof

     "extend": "^3.0.2",     "gcp-metadata": "^2.0.0",     "parse-duration": "^0.1.1",-    "pprof": "^1.0.0",+    "pprof": "1.1.0",

If I understand the motivation, the objective is to focus on extensive testing in this repo, and keep pprof-nodejs focused on unit tests. We are guarding against bugs in patch releases of pprof-nodejs reaching users before getting more extensive testing in this repo. The same humans own both packages, so the change of a security fix in pprof-nodejs getting missed is low. IIRC, we also have vulnerability scanning enabled on the repo.

With that, it seems okay to hard pin to a specific version of this one package.

nolanmar511

comment created time in 5 months

more