stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 1 Releases Wiki Activity
Files
40e7f827da764e39ca67fc27a74813a98e9a38d2
git.stella-ops.org/docs/modules/scanner/operations/entrypoint-lang-node.md
master 8da4e12a90 Align AOC tasks for Excititor and Concelier
2025-10-31 18:50:15 +02:00

1.4 KiB
Raw Blame History

Entry-Point Runtime — Node.js

Signals to gather

  • argv0 equals node, nodejs, or path ends with /bin/node.
  • Scripts launched via package runners (npm, yarn, pnpm node …, npx).
  • Presence of package.json with "main" or "scripts":{"start":…} entries.
  • NODE_ENV, NODE_OPTIONS, or NPM_PACKAGE_NAME environment hints.
  • Bundler/PM2 scenarios: pm2-runtime, pm2-docker, forever, nodemon.

Implementation notes

  • Resolve script arguments (e.g., node server.js) relative to the working dir.
  • If invoked through npm start/yarn run, parse package.json to expand the actual script.
  • Support TypeScript loaders (ts-node, node --loader, .mjs) by inspecting extensions and flags.
  • Normalise shebang-based Node scripts (ShellFlow ensures #!/usr/bin/env node collapses to Node).

Evidence & scoring

  • Boost confidence when a concrete JS/TS entry file exists.
  • Add evidence for package.json metadata, PM2 ecosystem files, or NODE_ENV values.
  • Penalise when the entry file is missing or only package runners are present without scripts.

Edge cases

  • Multi-service supervisors (e.g., pm2 managing multiple apps): treat as Supervisor and list programmes as children.
  • Serverless shims (e.g., Google Functions) wrap Node; prefer the user-provided handler script if detectable.
  • Distroless snapshots may omit package managers; rely on Node binary + script presence.