graph-tooling
graph-tooling copied to clipboard
graphprotocol
Graph CLI creating webserver on each command run
Hi all,
I believe this is due to the sync-rpc dependency attempting to load a local webserver at require time, although I'll admit I've not done the full stack crawl to see where it comes in. As a result I get the following network security request from MacOS for each command run, even the simpler ones such as codegen
I can imagine legitimate uses for this library but generally feel quite antsy/nervous about any command that attempts to run a local webserver without declaring it, typically because of unexpected security concerns (is it accessible from a browser JS runtime to escape the sandbox, is it attached to localhost or 0.0.0.0 and available over my local network etc).
I also recieved the following error which pointed me to the source:
$ graph codegen
events.js:377
throw er; // Unhandled 'error' event
^
Error: listen EADDRINUSE: address already in use :::60748
at Server.setupListenHandle [as _listen2] (net.js:1331:16)
at listenInCluster (net.js:1379:12)
at Server.listen (net.js:1465:7)
at Object.<anonymous> (<redacted>:68:8)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
at Function.Module._load (internal/modules/cjs/loader.js:790:12)
at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:76:12)
at internal/main/run_main_module.js:17:47
Emitted 'error' event on Server instance at:
at emitErrorNT (net.js:1358:8)
at processTicksAndRejections (internal/process/task_queues.js:82:21) {
code: 'EADDRINUSE',
errno: -48,
syscall: 'listen',
address: '::',
port: 60748
}
<redacted>/node_modules/gluegun/build/index.js:13
throw up;
^
Error: Timed out waiting for sync-rpc server to start (it should respond with "pong" when sent "ping"):
events.js:377
throw er; // Unhandled 'error' event
^
Error: connect ECONNREFUSED 127.0.0.1:60748
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1159:16)
Emitted 'error' event on Socket instance at:
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:82:21) {
errno: -61,
code: 'ECONNREFUSED',
syscall: 'connect',
address: '127.0.0.1',
port: 60748
}
at waitForAlive (<redacted>/node_modules/sync-rpc/lib/index.js:85:11)
at start (<redacted>/node_modules/sync-rpc/lib/index.js:41:3)
at sendMessage (<redacted>/node_modules/sync-rpc/lib/index.js:133:17)
at createClient (<redacted>/node_modules/sync-rpc/lib/index.js:173:27)
at Object.<anonymous> (<redacted>/node_modules/sync-request/lib/index.js:16:14)
at Module._compile (internal/modules/cjs/loader.js:1085:14)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:1114:10)
at Module.load (internal/modules/cjs/loader.js:950:32)
at Function.Module._load (internal/modules/cjs/loader.js:790:12)
at Module.require (internal/modules/cjs/loader.js:974:19)
thanks @jackturnbull ! @evaporei do you know where this originates within graph-cli?
I think it comes form this PR https://github.com/graphprotocol/graph-cli/pull/816 and that sync-request and sync-rcp are also responsible for this Issue https://github.com/graphprotocol/graph-cli/issues/849
With graph-cli 0.26.0, where this PR is not merged, it does not prompt to allow incoming connections and also the jest issue is not present
@saihaj do you know if this still happens?
yeah I think this is one of the dependency we use. Should probably work on way to refactor it out.
