API Surface Issue
Category
Unused exports in security-critical module
Summary
- File:
src/pid-tracker.ts
- Symbols:
parseHexIp, parseHexPort, parseNetTcp, findInodeForPort, isNumeric, readCmdline, readComm, readFdLink, processOwnsSocket, findProcessByInode, getProcessInfo, trackPidForPort (async)
- Issue: Internal helper functions are exported but never imported by any production code. Only the synchronous
trackPidForPortSync is used in src/logs/log-streamer.ts. The async trackPidForPort and all internal helpers are only referenced in pid-tracker.test.ts.
Evidence
# Production usage search (non-test, non-pid-tracker.ts):
$ grep -rn "parseHexIp\|parseHexPort\|parseNetTcp\|findInodeForPort\|isNumeric\|readCmdline\|readComm\|readFdLink\|processOwnsSocket\|findProcessByInode\|getProcessInfo" src/ --include="*.ts" | grep -v "pid-tracker.ts" | grep -v "\.test\.ts"
(no output)
$ grep -rn "trackPidForPort\b" src/ --include="*.ts" | grep -v "\.test\.ts"
src/pid-tracker.ts:363:export async function trackPidForPort( # self-reference only
src/logs/log-streamer.ts:13:import { trackPidForPortSync, isPidTrackingAvailable } from '../pid-tracker'; # uses Sync variant only
Exported at lines: 58, 74, 87, 136, 147, 159, 177, 192, 208, 235, 265, 363
Recommended Fix
- Remove the
export keyword from all internal helpers (parseHexIp, parseHexPort, parseNetTcp, findInodeForPort, isNumeric, readCmdline, readComm, readFdLink, processOwnsSocket, findProcessByInode, getProcessInfo)
- Decide whether
trackPidForPort (async) should remain exported or be removed/internalized — if trackPidForPortSync covers all production use cases, the async variant can be unexported or deleted
- Update
pid-tracker.test.ts to test internal helpers as black-box behavior via the public surface if they're de-exported
Impact
- Dead code risk: High — PID tracking is security-critical; unexpectedly wide surface could be called with untrusted input
- Maintenance burden: High — 12 exported symbols that form an internal implementation detail
Detected by Export Audit workflow. Triggered by push to main on 2026-05-10
Generated by API Surface & Export Audit · ● 579.7K · ◷
API Surface Issue
Category
Unused exports in security-critical module
Summary
src/pid-tracker.tsparseHexIp,parseHexPort,parseNetTcp,findInodeForPort,isNumeric,readCmdline,readComm,readFdLink,processOwnsSocket,findProcessByInode,getProcessInfo,trackPidForPort(async)trackPidForPortSyncis used insrc/logs/log-streamer.ts. The asynctrackPidForPortand all internal helpers are only referenced inpid-tracker.test.ts.Evidence
Exported at lines: 58, 74, 87, 136, 147, 159, 177, 192, 208, 235, 265, 363
Recommended Fix
exportkeyword from all internal helpers (parseHexIp,parseHexPort,parseNetTcp,findInodeForPort,isNumeric,readCmdline,readComm,readFdLink,processOwnsSocket,findProcessByInode,getProcessInfo)trackPidForPort(async) should remain exported or be removed/internalized — iftrackPidForPortSynccovers all production use cases, the async variant can be unexported or deletedpid-tracker.test.tsto test internal helpers as black-box behavior via the public surface if they're de-exportedImpact
Detected by Export Audit workflow. Triggered by push to main on 2026-05-10