@jxa13/pm2ui 1.17.0 → 1.18.0

package/README.md

@@ -37,7 +37,7 @@ Node WebUI provides a clean browser-based interface for viewing running services
 - Node.js 18+
 - One or more PM2-managed processes
 
-Install PM2 globally if you want to use the `pm2` command directly:
+The package includes PM2 as a runtime dependency for the dashboard. Install PM2 globally only if you want to use the `pm2` command directly from your terminal:
 
 ```bash
 npm install -g pm2
@@ -47,6 +47,8 @@ npm install -g pm2
 
 ## Installation
 
+### Install Or Update
+
 Install the CLI globally from npm:
 
 ```bash
@@ -62,19 +64,27 @@ pm2ui
 By default, the dashboard runs locally on:
 
 ```text
-http://127.0.0.1:3000
+http://127.0.0.1:3210
 ```
 
-Install a specific version:
+Upgrade to the latest published version:
 
 ```bash
-npm install -g @jxa13/pm2ui@1.17.0
+npm install -g @jxa13/pm2ui@latest
 ```
 
-Update to the latest version:
+Check the installed version:
 
 ```bash
-npm install -g @jxa13/pm2ui@latest
+npm list -g @jxa13/pm2ui --depth=0
+```
+
+### Install A Specific Version
+
+Install a specific version:
+
+```bash
+npm install -g @jxa13/pm2ui@1.17.0
 ```
 
 Roll back to a previous version:
@@ -83,6 +93,12 @@ Roll back to a previous version:
 npm install -g @jxa13/pm2ui@1.16.4
 ```
 
+View all published versions:
+
+```bash
+npm view @jxa13/pm2ui versions --json
+```
+
 ### Install From Source
 
 Clone the repository:
@@ -98,6 +114,8 @@ Install dependencies:
 npm install
 ```
 
+This installs runtime and development dependencies so the React frontend can be rebuilt from source. Global npm installs use the prebuilt frontend bundle shipped in the package.
+
 Start the app:
 
 ```bash
@@ -106,6 +124,45 @@ npm start
 
 `npm start` builds the React frontend and starts the local Express server.
 
+### Publish A New Version
+
+Only maintainers with npm publish access can release new versions.
+
+Run the checks:
+
+```bash
+npm run react:build
+npm run react:smoke
+npm pack --dry-run
+```
+
+The package metadata includes public npm access. Publish from a supported CI environment with `npm publish --provenance` when you want npm provenance attached to the release.
+
+Bump the package version:
+
+```bash
+npm version patch
+```
+
+Use `minor` for backward-compatible feature releases and `major` for breaking changes:
+
+```bash
+npm version minor
+npm version major
+```
+
+Publish the release:
+
+```bash
+npm publish
+```
+
+After publishing, users can upgrade with:
+
+```bash
+npm install -g @jxa13/pm2ui@latest
+```
+
 ---
 
 ## PM2 Setup
@@ -166,6 +223,8 @@ The logs viewer supports:
 - Download logs
 - Toggle line wrapping
 
+Recent log history is read from the selected PM2 process log files. Live updates use PM2's Node API event bus instead of shelling out to `pm2 logs`.
+
 ---
 
 ## Security
@@ -178,18 +237,19 @@ Recommended:
 - Do not expose it directly to the internet
 - If remote access is needed, place it behind authentication and a reverse proxy
 
+Unsafe local API methods such as process actions, PM2 save, log clearing, create, delete, and Finder reveal require a same-origin browser session token. This helps block drive-by POST or DELETE requests from unrelated websites, but it is not a substitute for authentication if the app is exposed beyond localhost.
+
 ---
 
 ## Future Ideas
 
 Potential future improvements:
 
-- Real-time log streaming with WebSockets
-- Process details modal
-- Create new PM2 processes from the UI
-- Historical CPU and RAM charts
 - Authentication for LAN access
-- Saved dashboard layouts
+- Automated backend route coverage
+- Split backend routes and frontend modules
+- Import/export for operator preference profiles
+- Process grouping and tags
 
 ---
 

package/Services/pm2Service.js

@@ -31,60 +31,85 @@ async function withPm2(callback) {
   }
 }
 
-async function listProcesses() {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.list((error, list) => {
+function pm2Callback(method, ...args) {
+  return new Promise((resolve, reject) => {
+    pm2[method](...args, (error, result) => {
       if (error) {
         reject(error);
         return;
       }
 
-      resolve(list);
+      resolve(result);
     });
-  }));
+  });
 }
 
-async function startProcess(target) {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.start(target, (error, result) => {
-      if (error) {
-        reject(error);
-        return;
-      }
+async function listProcesses() {
+  return withPm2(() => pm2Callback('list'));
+}
 
-      resolve(result);
-    });
-  }));
+async function startProcess(target) {
+  return withPm2(() => pm2Callback('start', target));
 }
 
 async function stopProcess(target) {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.stop(target, (error, result) => {
-      if (error) {
-        reject(error);
-        return;
-      }
-
-      resolve(result);
-    });
-  }));
+  return withPm2(() => pm2Callback('stop', target));
 }
 
 async function restartProcess(target) {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.restart(target, (error, result) => {
+  return withPm2(() => pm2Callback('restart', target));
+}
+
+async function deleteProcess(target) {
+  return withPm2(() => pm2Callback('delete', target));
+}
+
+async function createProcess(options) {
+  return withPm2(() => pm2Callback('start', options));
+}
+
+async function savePm2State() {
+  return withPm2(() => pm2Callback('dump'));
+}
+
+async function flushProcessLogs(target) {
+  return withPm2(() => pm2Callback('flush', target));
+}
+
+async function connectLogBus() {
+  await connectPm2();
+
+  return new Promise((resolve, reject) => {
+    pm2.launchBus((error, bus, socket) => {
       if (error) {
+        disconnectPm2();
         reject(error);
         return;
       }
 
-      resolve(result);
+      resolve({
+        bus,
+        close: () => {
+          try {
+            socket?.close?.();
+          } catch (socketError) {
+            console.error('PM2 log socket close error:', socketError);
+          }
+
+          disconnectPm2();
+        }
+      });
     });
-  }));
+  });
 }
 
 module.exports = {
+  connectLogBus,
+  createProcess,
+  deleteProcess,
+  flushProcessLogs,
   listProcesses,
+  savePm2State,
   startProcess,
   stopProcess,
   restartProcess

package/changelog.md

@@ -8,6 +8,33 @@ Version numbers should be updated with each commit that changes app behavior, us
 - Minor versions, such as `1.1.0`, for user-visible improvements that do not break existing behavior.
 - Major versions, such as `2.0.0`, for breaking changes.
 
+## 1.18.0 - 2026-06-08
+
+### Added
+
+- Added npm package trust metadata, including repository, issue tracker, homepage, author, keywords, and public access settings.
+- Added a same-origin API session token for unsafe local API methods such as PM2 process actions, create, delete, save, log clearing, and Finder reveal.
+
+### Changed
+
+- Moved React, Vite, and icon packages from runtime dependencies to development dependencies because the published package serves the prebuilt frontend.
+- Moved PM2 save, create, delete, flush, process actions, and live log streaming from PM2 CLI subprocesses to PM2's Node API.
+- Changed recent log history loading to read the selected PM2 process stdout and stderr log files directly.
+- Updated compatible transitive dependency versions in the lockfile through non-breaking audit fixes.
+- Updated documentation for PM2 CLI requirements, optional npm provenance publishing, local API hardening, and current PM2 log behavior.
+
+### Security
+
+- Reduced drive-by localhost request risk by requiring a server-generated token on unsafe API requests from the React UI.
+- Resolved non-breaking runtime audit advisories while leaving the PM2 major-version advisory for a future breaking-change review.
+
+## 1.17.1 - 2026-06-07
+
+### Changed
+
+- Changed the default local app port from `3000` to `3210`.
+- Updated Vite development and preview API proxies plus user documentation for the new default port.
+
 ## 1.17.0 - 2026-06-07
 
 ### Changed