Skip to content
Known-leaky gems verification for bundler: `bundle leak` to check your app and find leaky gems in your Gemfile 💎💧
Ruby TypeScript
Branch: master
Clone or download
etagwerker Merge pull request #21 from fastruby/better-readme
Improve API naming, README and Changelog
Latest commit b6c4db6 Sep 21, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Init bundler leak Aug 20, 2019
data Updated ruby-mem-advisory-db Sep 5, 2019
lib/bundler Talk about `leaky?` gems, not `vulnerable?` gems Sep 20, 2019
spec Talk about `leaky?` gems, not `vulnerable?` gems Sep 20, 2019
.document Init bundler leak Aug 20, 2019
.gitignore Init bundler leak Aug 20, 2019
.rspec Init bundler leak Aug 20, 2019
.travis.yml Init bundler leak Aug 20, 2019
COPYING.txt Define our own, the previous version had the `bundler-le… Sep 20, 2019
Gemfile Improve wording Sep 20, 2019
Rakefile Remove secure and insecure source Gemfiles, bundler-leak doesn't chec… Sep 5, 2019
bundler-leak.gemspec Init bundler leak Aug 20, 2019



The best tool to find leaky gems in your dependencies. Make sure memory leaks are not in your gem dependencies.


  • Checks for memory leaks of gems in Gemfile.lock
  • Prints memory leak information


Audit a project's Gemfile.lock:

    $ bundle leak

    Name: celluloid
    Version: 0.17.0
    Title: Memory Leak using Celluloid::Future
    Solution: remove or disable this gem until a patch is available!

    Name: therubyracer
    Version: 0.12.1
    Title: Memory leak in WeakValueMap
    Solution: upgrade to ~> 0.12.3

    Unpatched versions found!

Update the ruby-mem-advisory-db that bundle leak uses:

    $ bundle leak update

    cd data/ruby-mem-advisory-db
    git pull origin master
    remote: Enumerating objects: 14, done.
    remote: Counting objects: 100% (14/14), done.
    remote: Compressing objects: 100% (4/4), done.
    remote: Total 9 (delta 5), reused 7 (delta 4), pack-reused 0
    Unpacking objects: 100% (9/9), done.
     * branch            master     -> FETCH_HEAD
       3254525..c4fc78e  master     -> origin/master
    Updating 3254525..c4fc78e
    Fast-forward                 | 68 ++++++++++++++++++++------------------------------------------------
     gems/therubyracer/336.yml |  4 ++++
     2 files changed, 24 insertions(+), 48 deletions(-)

Update the ruby-mem-advisory-db and check Gemfile.lock (useful for CI runs):

$ bundle leak check --update

Rake task:

require 'bundler/plumber/task'

task default: 'bundle:leak'



$ gem install bundler-leak


  1. Clone the repo
  2. git submodule update --init # To populate data dir.
  3. bundle exec rake


Copyright (c) 2019 OmbuLabs (hello at

Copyright (c) 2013-2016 Hal Brodigan (postmodern.mod3 at

bundler-leak is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

bundler-leak is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with bundler-leak. If not, see

You can’t perform that action at this time.