Skip to content
Known-leaky gems verification for bundler: `bundle leak` to check your app and find leaky gems in your Gemfile 💎💧
Ruby TypeScript
Branch: master
Clone or download
etagwerker Merge pull request #21 from fastruby/better-readme
Improve API naming, README and Changelog
Latest commit b6c4db6 Sep 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Init bundler leak Aug 20, 2019
data Updated ruby-mem-advisory-db Sep 5, 2019
lib/bundler Talk about `leaky?` gems, not `vulnerable?` gems Sep 20, 2019
spec Talk about `leaky?` gems, not `vulnerable?` gems Sep 20, 2019
.document Init bundler leak Aug 20, 2019
.gitignore Init bundler leak Aug 20, 2019
.gitmodules
.rspec Init bundler leak Aug 20, 2019
.travis.yml Init bundler leak Aug 20, 2019
.yardopts
COPYING.txt
ChangeLog.md Define our own ChangeLog.md, the previous version had the `bundler-le… Sep 20, 2019
Gemfile
README.md Improve wording Sep 20, 2019
Rakefile Remove secure and insecure source Gemfiles, bundler-leak doesn't chec… Sep 5, 2019
bundler-leak.gemspec Init bundler leak Aug 20, 2019
gemspec.yml

README.md

bundler-leak

Description

The best tool to find leaky gems in your dependencies. Make sure memory leaks are not in your gem dependencies.

Features

  • Checks for memory leaks of gems in Gemfile.lock
  • Prints memory leak information

Synopsis

Audit a project's Gemfile.lock:

    $ bundle leak

    Name: celluloid
    Version: 0.17.0
    URL: https://github.com/celluloid/celluloid/issues/670
    Title: Memory Leak using Celluloid::Future
    Solution: remove or disable this gem until a patch is available!

    Name: therubyracer
    Version: 0.12.1
    URL: https://github.com/cowboyd/therubyracer/pull/336
    Title: Memory leak in WeakValueMap
    Solution: upgrade to ~> 0.12.3

    Unpatched versions found!

Update the ruby-mem-advisory-db that bundle leak uses:

    $ bundle leak update

    cd data/ruby-mem-advisory-db
    git pull origin master
    remote: Enumerating objects: 14, done.
    remote: Counting objects: 100% (14/14), done.
    remote: Compressing objects: 100% (4/4), done.
    remote: Total 9 (delta 5), reused 7 (delta 4), pack-reused 0
    Unpacking objects: 100% (9/9), done.
    From github.com:rubymem/ruby-mem-advisory-db
     * branch            master     -> FETCH_HEAD
       3254525..c4fc78e  master     -> origin/master
    Updating 3254525..c4fc78e
    Fast-forward
     README.md                 | 68 ++++++++++++++++++++------------------------------------------------
     gems/therubyracer/336.yml |  4 ++++
     2 files changed, 24 insertions(+), 48 deletions(-)

Update the ruby-mem-advisory-db and check Gemfile.lock (useful for CI runs):

$ bundle leak check --update

Rake task:

require 'bundler/plumber/task'
Bundler::Plumber::Task.new

task default: 'bundle:leak'

Requirements

Install

$ gem install bundler-leak

Contributing

  1. Clone the repo
  2. git submodule update --init # To populate data dir.
  3. bundle exec rake

License

Copyright (c) 2019 OmbuLabs (hello at ombulabs.com)

Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at gmail.com)

bundler-leak is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

bundler-leak is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with bundler-leak. If not, see http://www.gnu.org/licenses/.

You can’t perform that action at this time.