Open jdstrand opened 2 years ago
As an aside, I noticed that this repository lists 1.0.47, but https://www.npmjs.com/package/pm2-metrics only lists 1.0.43. AFAICS, 1.0.47 wouldn't solve this issue, but it appears that people specifying pm2-metrics in their package.json
and yarn.lock
files aren't benefiting from your updates to this repo. Is npm install pm2-metrics
supported by the project?
As an aside, I noticed that this repository lists 1.0.47, but https://www.npmjs.com/package/pm2-metrics only lists 1.0.43.
Yes, pm2 install pm2-metrics
installs 1.0.43 and it does not work with pm2 5.2.0.
"pm2 start .../exports.js --name pm2-metrics
" (after npm install . -g
) works, but this installs it as a managed process and not as a module.
But, I like to have it separated from the managed processes, I like to install pm2-metrics as a pm2 module.
I'm using this to install pm2-metrics in a Dockerfile
:
RUN wget https://github.com/autonoma-cloud/pm2-prometheus-exporter/archive/refs/tags/1.0.47.1.tar.gz
RUN tar xf 1.0.47.1.tar.gz \
&& mv pm2-prometheus-exporter-* module \
&& npm install -g module/ \
&& tar czf pm2-prometheus-exporter-module.tgz module/ \
&& pm2 install --tarball pm2-prometheus-exporter-module.tgz \
&& rm -rf module pm2-prometheus-exporter-module.tgz 1.0.47.1.tar.gz \
The npm install -g
is is needed because otherwise, the dependencies of the pm2-exporter are not installed and the errors are only shown by pm2 logs
when deployed.
For pm2 5.2 and above you can try to use my module https://www.npmjs.com/package/pm2-prom-module
We've been getting dependabot alerts for
ws
and traced this back to our use of https://www.npmjs.com/package/pm2-metrics. https://github.com/saikatharryc/pm2-prometheus-exporter/blob/master/package.json specifies"pm2": "^4.4.0"
, which pulls in the old pm2/agent 1.0.8 that pulls in ws ~7.2.0, which is affected by https://github.com/advisories/GHSA-6fc8-4gx4-v693. I've seen that pm2@5.1.2's dependencies ultimately pull in an updatedws
, so perhaps this could address the dependabot alerts for consumers of pm2-metrics.Thanks!