npm - @jxa13/pm2ui - Versions diffs - 1.17.1 → 1.18.0 - Mend

@jxa13/pm2ui 1.17.1 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +14 -7
package/Services/pm2Service.js +54 -29
package/changelog.md +20 -0
package/frontend/dist/assets/index-B4aD3qEe.js +224 -0
package/frontend/dist/index.html +1 -1
package/package.json +26 -4
package/roadmap.md +46 -40
package/server.js +201 -182
package/user_manual.md +13 -4
package/frontend/dist/assets/index-aVk9yHhV.js +0 -224

package/README.md CHANGED Viewed

@@ -37,7 +37,7 @@ Node WebUI provides a clean browser-based interface for viewing running services
 - Node.js 18+
 - One or more PM2-managed processes
-Install PM2 globally if you want to use the `pm2` command directly:
+The package includes PM2 as a runtime dependency for the dashboard. Install PM2 globally only if you want to use the `pm2` command directly from your terminal:
 ```bash
 npm install -g pm2
@@ -114,6 +114,8 @@ Install dependencies:
 npm install
 ```
+This installs runtime and development dependencies so the React frontend can be rebuilt from source. Global npm installs use the prebuilt frontend bundle shipped in the package.
 Start the app:
 ```bash
@@ -134,6 +136,8 @@ npm run react:smoke
 npm pack --dry-run
 ```
+The package metadata includes public npm access. Publish from a supported CI environment with `npm publish --provenance` when you want npm provenance attached to the release.
 Bump the package version:
 ```bash
@@ -150,7 +154,7 @@ npm version major
 Publish the release:
 ```bash
-npm publish --access public
+npm publish
 ```
 After publishing, users can upgrade with:
@@ -219,6 +223,8 @@ The logs viewer supports:
 - Download logs
 - Toggle line wrapping
+Recent log history is read from the selected PM2 process log files. Live updates use PM2's Node API event bus instead of shelling out to `pm2 logs`.
 ---
 ## Security
@@ -231,18 +237,19 @@ Recommended:
 - Do not expose it directly to the internet
 - If remote access is needed, place it behind authentication and a reverse proxy
+Unsafe local API methods such as process actions, PM2 save, log clearing, create, delete, and Finder reveal require a same-origin browser session token. This helps block drive-by POST or DELETE requests from unrelated websites, but it is not a substitute for authentication if the app is exposed beyond localhost.
 ---
 ## Future Ideas
 Potential future improvements:
-- Real-time log streaming with WebSockets
-- Process details modal
-- Create new PM2 processes from the UI
-- Historical CPU and RAM charts
 - Authentication for LAN access
-- Saved dashboard layouts
+- Automated backend route coverage
+- Split backend routes and frontend modules
+- Import/export for operator preference profiles
+- Process grouping and tags
 ---

package/Services/pm2Service.js CHANGED Viewed

@@ -31,60 +31,85 @@ async function withPm2(callback) {
   }
 }
-async function listProcesses() {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.list((error, list) => {
+function pm2Callback(method, ...args) {
+  return new Promise((resolve, reject) => {
+    pm2[method](...args, (error, result) => {
       if (error) {
         reject(error);
         return;
       }
-      resolve(list);
+      resolve(result);
     });
-  }));
+  });
 }
-async function startProcess(target) {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.start(target, (error, result) => {
-      if (error) {
-        reject(error);
-        return;
-      }
+async function listProcesses() {
+  return withPm2(() => pm2Callback('list'));
+}
-      resolve(result);
-    });
-  }));
+async function startProcess(target) {
+  return withPm2(() => pm2Callback('start', target));
 }
 async function stopProcess(target) {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.stop(target, (error, result) => {
-      if (error) {
-        reject(error);
-        return;
-      }
-      resolve(result);
-    });
-  }));
+  return withPm2(() => pm2Callback('stop', target));
 }
 async function restartProcess(target) {
-  return withPm2(() => new Promise((resolve, reject) => {
-    pm2.restart(target, (error, result) => {
+  return withPm2(() => pm2Callback('restart', target));
+}
+async function deleteProcess(target) {
+  return withPm2(() => pm2Callback('delete', target));
+}
+async function createProcess(options) {
+  return withPm2(() => pm2Callback('start', options));
+}
+async function savePm2State() {
+  return withPm2(() => pm2Callback('dump'));
+}
+async function flushProcessLogs(target) {
+  return withPm2(() => pm2Callback('flush', target));
+}
+async function connectLogBus() {
+  await connectPm2();
+  return new Promise((resolve, reject) => {
+    pm2.launchBus((error, bus, socket) => {
       if (error) {
+        disconnectPm2();
         reject(error);
         return;
       }
-      resolve(result);
+      resolve({
+        bus,
+        close: () => {
+          try {
+            socket?.close?.();
+          } catch (socketError) {
+            console.error('PM2 log socket close error:', socketError);
+          }
+          disconnectPm2();
+        }
+      });
     });
-  }));
+  });
 }
 module.exports = {
+  connectLogBus,
+  createProcess,
+  deleteProcess,
+  flushProcessLogs,
   listProcesses,
+  savePm2State,
   startProcess,
   stopProcess,
   restartProcess

package/changelog.md CHANGED Viewed

@@ -8,6 +8,26 @@ Version numbers should be updated with each commit that changes app behavior, us
 - Minor versions, such as `1.1.0`, for user-visible improvements that do not break existing behavior.
 - Major versions, such as `2.0.0`, for breaking changes.
+## 1.18.0 - 2026-06-08
+### Added
+- Added npm package trust metadata, including repository, issue tracker, homepage, author, keywords, and public access settings.
+- Added a same-origin API session token for unsafe local API methods such as PM2 process actions, create, delete, save, log clearing, and Finder reveal.
+### Changed
+- Moved React, Vite, and icon packages from runtime dependencies to development dependencies because the published package serves the prebuilt frontend.
+- Moved PM2 save, create, delete, flush, process actions, and live log streaming from PM2 CLI subprocesses to PM2's Node API.
+- Changed recent log history loading to read the selected PM2 process stdout and stderr log files directly.
+- Updated compatible transitive dependency versions in the lockfile through non-breaking audit fixes.
+- Updated documentation for PM2 CLI requirements, optional npm provenance publishing, local API hardening, and current PM2 log behavior.
+### Security
+- Reduced drive-by localhost request risk by requiring a server-generated token on unsafe API requests from the React UI.
+- Resolved non-breaking runtime audit advisories while leaving the PM2 major-version advisory for a future breaking-change review.
 ## 1.17.1 - 2026-06-07
 ### Changed