npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

wql-process-monitor

v3.0.2

Published

Monitor Windows process creation/deletion events

Downloads

188

Readme

About

Monitor Windows process creation/deletion events.

Example

import { subscribe } from "wql-process-monitor";

const processMonitor = await subscribe({
  creation: true,
  deletion: true
});

processMonitor.on("creation", ([process, pid, filepath, user]) => {
  console.log(`creation: ${process}::${pid}(${user}) ["${filepath}"]`);
});

processMonitor.on("deletion",([process, pid, filepath]) => {
  console.log(`deletion: ${process}::${pid} ["${filepath}"]`);
});

//Keep the event loop running
setInterval(()=>{}, 1000 * 60 * 60);
/*
You don't need this if you have something else to keep the event loop running.
This is just an example so Node.js doesn't exit directly.
*/

Do something when a specific process is started :

const processMonitor = await subscribe({
  creation: true,
  deletion: false,
  bin: {
    filter: ["firefox.exe"],
    whitelist: true
  }
});

processMonitor.on("creation", ([process, pid, filepath, user]) => {
  //Do something only when "firefox.exe" is started (creation)
});

Installation

npm install wql-process-monitor

Prerequisite: C/C++ build tools (Visual Studio) and Python 3.x (node-gyp) in order to build koffi.

API

⚠️ This module is only available as an ECMAScript module (ESM) starting with version 2.0.0. Previous version(s) are CommonJS (CJS) with an ESM wrapper.

Named export

subscribe(option?: object): Promise<AsyncEventEmitter>

Subscribe to an operation event. You must at least choose one.

⚙️ Options:

  • creation?: boolean | true

    Subscribe to the creation event.

  • deletion?: boolean | true

    Subscribe to the deletion event.

  • dir?: object

  • filter?: string[] | [] (none)

    Exclude events originating from a list of path(s). This can be a full path or a part of it. Path separator can either be / (Unix) or \\ (Windows).

  • whitelist?: boolean | false

    Turn the above filter option into a whitelist instead of a blacklist. Only the events originating from the list will be allowed.

    ⚠️ When filtering by executable path you won't be able to catch any elevated process event. Unless you are also elevated. This is a Windows permission issue:

    WMI executablePath requires SeDebugPrivilege permission in this case. This token is automatically granted when running with admin privileges. You can set this permission for regular user via group policy but this is considered as a security risk. NB: Please be advised that this library doesn't try to adjust token privilege.

    ⚠️ There is a hard limit to the number of elements you can filter depending on how complex the query is which will cause WMI to return WBEM_E_QUOTA_VIOLATION.

    💡 In such cases consider implementing your own filter on top of the event emitter result instead.

  • bin?: object
  • filter?: string[] | [] (none)

    List of process to exclude. eg: ["firefox.exe", "chrome.exe", ...]

  • whitelist?: boolean | false

    Turn the above filter option into a whitelist instead of a blacklist. Only the process from the list will be allowed.

    ⚠ ️There is a hard limit to the number of elements you can filter depending on how complex the query is which will cause WMI to return WBEM_E_QUOTA_VIOLATION.

    💡 In such case consider implementing your own filter on top of the event emitter result instead.

Return

Returns a non-blocking async event emitter (emittery):

.on(event: "creation | deletion", ([
    process: string, //process name
    pid: string, //process identifier
    filepath: string, //file location path
    user: string //process owner
]) => {})

⚠️ filepath and/or user might be empty if you don't have the permission to access the corresponding process information.

💡 NB: Don't forget to keep the node.js event loop alive.

createEventSink(): Promise<void>

Initialize the event sink. This is required to do before you can subscribe to any events. If the event sink is already initialized then nothing will be done.

💡 Since version >= 2.0.0 this is automatically done for you when you call subscribe(). Method was merely kept for backward compatibility.

⚠️ If your application (the caller thread) is initializing a COM library you need to set the thread model to COINIT_MULTITHREADED

NB: For this reason using this in Electron's main process isn't viable. Workarounds are in no particular preference order:

  • fork a child process via utilityProcess
  • fork a regular node child process
  • use web workers
  • use a hidden browser window with node integration and communicate between the main process and background window via IPC.

closeEventSink(): Promise<void>

Properly close the event sink. There is no "un-subscribe" thing to do prior to closing the sink. Just close it. It is recommended to properly close the event sink when you are done if you intend to re-open it later on. Most of the time you wouldn't have to bother with this but it's here in case you need it.

NB: This method will also remove every event listener.