New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Remove PM2 dependency from Mockoon CLI #1081
Labels
feature
New feature request
Comments
255kb
added a commit
that referenced
this issue
Jul 20, 2023
- remove PM2 dependency - remove list and stop commands, remove `--pname` flag - make foreground the default and remove the `--daemon-flag` - simplify the dockerize command to only generates a Dockerfile, and enable file downloading - remove some dependencies to simplify maintenance (inquirer, etc.) Closes #1081
255kb
added a commit
that referenced
this issue
Jul 21, 2023
- remove PM2 dependency - remove list and stop commands, remove `--pname` flag - make foreground the default and remove the `--daemon-flag` - simplify the dockerize command to only generates a Dockerfile, and enable file downloading - remove some dependencies to simplify maintenance (inquirer, etc.) Closes #1081
255kb
added a commit
that referenced
this issue
Jul 21, 2023
- remove PM2 dependency - remove list and stop commands, remove `--pname` flag - make foreground the default and remove the `--daemon-flag` - simplify the dockerize command to only generates a Dockerfile, and enable file downloading - remove some dependencies to simplify maintenance (inquirer, etc.) Closes #1081
255kb
added a commit
to mockoon/mockoon.com
that referenced
this issue
Jul 21, 2023
255kb
added a commit
that referenced
this issue
Jul 21, 2023
- remove PM2 dependency - remove list and stop commands, remove `--pname` flag - make foreground the default and remove the `--daemon-flag` - simplify the dockerize command to only generates a Dockerfile, and enable file downloading - remove some dependencies to simplify maintenance (inquirer, etc.) Closes #1081
255kb
added a commit
that referenced
this issue
Jul 21, 2023
- remove PM2 dependency - remove list and stop commands, remove `--pname` flag - make foreground the default and remove the `--daemon-flag` - simplify the dockerize command to only generates a Dockerfile, and enable file downloading - remove some dependencies to simplify maintenance (inquirer, etc.) Closes #1081
255kb
added a commit
that referenced
this issue
Jul 24, 2023
* Logs standardization (#1064) - add log transaction option to serverless and desktop - extract server logging to commons-server - standardize how server is logging its events - use same logger (winston) for all the applications - redact authorization headers when logging to file Closes #978 Closes #688 Closes #1063 * Add context menu entry to move an environment file (#1065) Closes #1062 * Review desktop messages and logging after #1063 * Fix documentation generator * Enable OpenAPI `example` export (#1067) fixes OpenAPI export crashing with CRUD routes Closes #352 Closes #1066 * Make `data` helpers compatible with safestring (#1071) Closes #1069 * Remove reload view and rewrite change detection use custom rxjs operator that listen to the object changed and some reducer actions that always force the refresh Also disable template generation on pressing enter if quota reached * Switch lerna version to fixed * Add stringify option to oneof helper * Allow search of hidden routes in the desktop app (#1083) Automatically uncollapse parent folders of selected route after a search Closes #960 * Fix for faker methods with numbers in their names (#1084) * Enable watch mode for libraries Closes #1076 * Added crudkey property, updated environment and databucket actions (#1082) * Added crudkey property, updated environment and databucket actions * Updated crudKey to be a property of RouteResponse Closes #1041 * Fix package lock and crudKey tooltip wording * Move crudKey field next to CRUD data bucket selector in desktop app * CLI refactoring (#1090) - remove PM2 dependency - remove list and stop commands, remove `--pname` flag - make foreground the default and remove the `--daemon-flag` - simplify the dockerize command to only generates a Dockerfile, and enable file downloading - remove some dependencies to simplify maintenance (inquirer, etc.) Closes #1081 * Update repository images * Update CLI documentation headers and links * Enable truncation for log menu entries in desktop app Closes #1085 * Update dependencies * New prettier format --------- Co-authored-by: ajatkj <ajatkj@yahoo.co.in> Co-authored-by: n1ce1041 <70496526+n1ce1041@users.noreply.github.com>
255kb
added a commit
to mockoon/mockoon.com
that referenced
this issue
Jul 24, 2023
- Add new changelog - Update docs screenshots - Update plans wording - Update CRUD docs and tutorial for id property customization - Update CLI screenshots docs and tutorials for mockoon/mockoon#1081 - Update repo images and CLI illustrations for new logs format
📦 This is now available with release v4.0.0. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposing to remove PM2 dependency from Mockoon CLI.
Why
Considering that most people that do use mockoon cli use the docker functionality and wrap it as a container image,
there seems to be no need to allow virtual horizontal scaling that PM2 offers to run multiple mockoon processes within the "same" NodeJS process, as orchestrators such as kubernetes (other tools also available) already handle the vertical and horizontal scaling of pods or containers. There is little benefit of having a huge dependency on something that would run perfectly without the daemon process management that PM2 offers.
Context
In the last couple of days, there have been some CVEs raised regarding VM2 affecting all versions reaching the score of 9.8.
Unfortunately a dependency that Mockoon CLI uses, also uses the vulnerable VM2 dependency, making any sort of automated vulnerability checking as part of pipelines flag up as a vulnerable component. There is no easy way to mitigate this as of now, since the maintainer of VM2 has dropped support of the project.
There is an alternative available package called
isolated-vm
which can do the same job as VM2 did but its got issues on its own, but this is for the PM2 maintainers to decide, and there is no clear timelines when PM2 will be updated and resolved. - Unitech/pm2#5639edit: 14/07/23 - just adding a note that despite mockoon cli using PM2 as a dependency, the PM2 and VM2 functionality is behind a feature flag that is generally disabled when running the cli as a container image - shouldn't need to worry about existing running components!
The text was updated successfully, but these errors were encountered: