bundler-leak

Description

The best tool to find leaky gems in your dependencies. Make sure memory leaks are not in your gem dependencies.

Features

  • Checks for memory leaks of gems in Gemfile.lock
  • Prints memory leak information

Synopsis

Audit a project's Gemfile.lock:

    $ bundle leak

    Name: celluloid
    Version: 0.17.0
    URL: https://github.com/celluloid/celluloid/issues/670
    Title: Memory Leak using Celluloid::Future
    Solution: remove or disable this gem until a patch is available!

    Name: therubyracer
    Version: 0.12.1
    URL: https://github.com/cowboyd/therubyracer/pull/336
    Title: Memory leak in WeakValueMap
    Solution: upgrade to ~> 0.12.3

    Unpatched versions found!

Update the ruby-mem-advisory-db that bundle leak uses:

    $ bundle leak update

    cd data/ruby-mem-advisory-db
    git pull origin main
    remote: Enumerating objects: 14, done.
    remote: Counting objects: 100% (14/14), done.
    remote: Compressing objects: 100% (4/4), done.
    remote: Total 9 (delta 5), reused 7 (delta 4), pack-reused 0
    Unpacking objects: 100% (9/9), done.
    From github.com:rubymem/ruby-mem-advisory-db
     * branch            main     -> FETCH_HEAD
       3254525..c4fc78e  main     -> origin/main
    Updating 3254525..c4fc78e
    Fast-forward
     README.md                 | 68 ++++++++++++++++++++------------------------------------------------
     gems/therubyracer/336.yml |  4 ++++
     2 files changed, 24 insertions(+), 48 deletions(-)

Update the ruby-mem-advisory-db and check Gemfile.lock (useful for CI runs):

$ bundle leak check --update

Rake task:

require 'bundler/plumber/task'
Bundler::Plumber::Task.new

task default: 'bundle:leak'

Requirements

Install

$ gem install bundler-leak

Contributing

  1. Clone the repo
  2. ./bin/setup # To populate data dir.
  3. bundle exec rake

License

Copyright (c) 2019 OmbuLabs (hello at ombulabs.com)

Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)

bundler-leak is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

bundler-leak is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with bundler-leak. If not, see http://www.gnu.org/licenses/.

Code of Conduct

Everyone interacting in the bundler-leak project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

FastRuby.io

fastruby

bundler-leak is maintained and funded by FastRuby.io, inc. The names and logos for FastRuby.io are trademarks of FastRuby.io, inc.