Fix Node.js Memory Leaks: A Guide to V8 Heap Dump Analysis - Developers

Your Node.js application starts fast, but after 24 hours in production, the Resident Set Size (RSS) creeps up until the process inevitably hits the --max-old-space-size limit and crashes with an Out of Memory (OOM) error. This is the classic symptom of a memory leak. Unlike ephemeral scripts, long-running Node.js servers accumulate "zombie" objects that the Garbage Collector (GC) cannot reclaim because they are still reachable from the root. To fix this, you must move beyond logs and perform a deep forensic examination of the V8 heap.

By capturing and analyzing heap snapshots, you can identify exactly which objects are consuming RAM and, more importantly, what is preventing them from being deleted. In this guide, you will learn how to generate V8 heap dumps, compare them using Chrome DevTools, and resolve common leak patterns like lingering event listeners and massive closures.

TL;DR — Capture two heap snapshots (one at startup, one after a stress test). Use the "Comparison" view in Chrome DevTools to find objects with a positive "New" count. Investigate the "Retainers" tree to find the reference path back to the global object and nullify it.

Table of Contents

• Understanding the V8 Heap and Garbage Collection
• When to Perform Heap Analysis
• Step-by-Step: Analyzing Dumps with Chrome DevTools
• Common Causes of Memory Leaks in Node.js
• Prevention and Monitoring Best Practices
• Frequently Asked Questions

Understanding the V8 Heap and Garbage Collection

💡 Analogy: Think of your application's memory as a library. The Garbage Collector is a librarian who removes books that no one is reading anymore. A memory leak happens when someone leaves a book on a table but marks it as "reserved" forever. Even if no one ever opens it again, the librarian cannot move it back to the shelf or throw it away because the reservation is still active.

The V8 engine, which powers Node.js, manages memory using a graph-based approach. The "roots" of this graph are global variables, the current stack of active functions, and internal V8 structures. Any object that can be reached by traversing links from these roots is considered "alive." If an object is unreachable, the GC reclaims its space. In modern Node.js (version 18, 20, and 22), the GC uses a "Generational" strategy: it separates the heap into the Young Generation (new objects) and the Old Generation (survivors).

When you analyze a heap dump, you are looking at a frozen state of this graph. You will see two primary metrics for every object: Shallow Size and Retained Size. The Shallow Size is the memory held by the object itself (e.g., the bytes in a string). The Retained Size is the total memory that would be freed if that object was deleted, including all the other objects it is the sole holder of. Most leaks involve small objects holding onto massive structures, making Retained Size the more critical metric for troubleshooting.

When to Perform Heap Analysis

You should not jump into heap dumps at the first sign of a memory spike. Node.js is naturally "greedy" with RAM; V8 will often delay garbage collection until the heap is nearly full to optimize CPU performance. This is known as "lazy garbage collection." You need to distinguish between healthy caching and a genuine leak.

A genuine leak is present if the "baseline" memory usage increases over time despite full GC cycles. You can monitor this by logging process.memoryUsage() or using a monitoring tool like Prometheus. Focus on the heapUsed value. If heapUsed continues to climb after several hours of consistent traffic and never returns to its starting point after a period of idleness, you have a leak. Another red flag is an increase in "Event Loop Delay," as the engine spends more and more time trying to find free memory in a crowded heap.

Before taking a dump, try to trigger a manual garbage collection by running Node with the --expose-gc flag and calling global.gc() in your code. If the memory stays high after a manual GC, a heap dump is your next logical step. It is best to perform this analysis in a staging environment that mirrors production traffic, as local "Hello World" tests rarely expose complex closure-based leaks found in real-world scenarios.

Step-by-Step: Analyzing Dumps with Chrome DevTools

To fix a leak, you need two points of comparison. A single snapshot only tells you what is currently in memory, but two snapshots tell you what is staying in memory.

Step 1: Capture the Heap Snapshots

In modern Node.js, the easiest way to capture a snapshot without external dependencies is using the built-in v8 module. You can trigger this via an HTTP endpoint or a signal (like SIGUSR2).

const v8 = require('v8');
const fs = require('fs');

function takeSnapshot(label) {
  const fileName = `./snapshot-${label}-${Date.now()}.heapsnapshot`;
  const snapshotStream = v8.getHeapSnapshot();
  const fileStream = fs.createWriteStream(fileName);
  snapshotStream.pipe(fileStream);
  console.log(`Snapshot saved: ${fileName}`);
}

// Take Snapshot 1: Baseline
takeSnapshot('baseline');

// ... run your stress test or wait for traffic ...

// Take Snapshot 2: After growth
takeSnapshot('after-load');

Step 2: Load into Chrome DevTools

Open Google Chrome and navigate to chrome://inspect. Click on "Open dedicated DevTools for Node" or simply open standard DevTools (F12) and go to the Memory tab. Right-click the left sidebar and select "Load..." to import your two .heapsnapshot files. Ensure you load the baseline first to keep your mental model organized.

Step 3: Use the Comparison View

Select the second snapshot (the "leaky" one) in the sidebar. At the top of the window, change the view from "Summary" to "Comparison". In the "Select baseline snapshot" dropdown, choose your first snapshot. This view filters the data to show you the "Delta" — the objects created between the two snapshots that still exist.

Look for constructors with a high # New count and a significant # Size Delta. Common culprits often appear as (string), Array, or specific class names from your application. If you see thousands of Object or closure entries, you have found the leak's payload.

Step 4: Inspect the Retainers

Click on a suspicious object in the top pane. The bottom pane, labeled Retainers, will update. This is the most important part of the UI. It shows the chain of references keeping that object alive. Follow the path upwards from the object until you find a variable you recognize from your code (e.g., a variable inside a specific module or a global array).

⚠️ Common Mistake: Ignoring the "Distance" column. An object with a high distance is nested deep within the application logic. Focus on retainers with a clear path to (GC roots). If an object is retained by a "Context," it usually means it is trapped inside a closure.

Common Causes of Memory Leaks in Node.js

Finding the leaky object is only half the battle; you must understand why it wasn't collected. In Node.js, leaks typically fall into three categories.

1. Unclosed Event Listeners

If you attach a listener to a long-lived object (like the process object or a database pool) but never remove it, the listener closure—and everything it references—will leak. Every time a request comes in, a new listener is added, leading to linear memory growth.

// LEAKY CODE
function handleRequest(req, res) {
  const bigData = new Array(1000000).fill('data');
  process.on('SIGUSR2', () => {
    console.log('Doing something with ' + bigData.length);
  });
  res.send('Done');
}

In the example above, bigData will never be garbage collected because the anonymous function passed to process.on holds a reference to the handleRequest scope, and that function is never removed from the process emitter.

2. Accidental Globals and Caches

Variables assigned without const, let, or var become properties of the global object. Since global is a GC root, these objects never die. Similarly, using an object as a cache without a TTL (Time To Live) or a maximum size limit is a guaranteed leak. As your application runs, the cache grows indefinitely.

3. Closures and "Heavy" Scopes

Closures are a powerful feature, but they can be dangerous. A closure maintains a reference to its parent scope. If a large object exists in that parent scope, even if the closure doesn't use it, some V8 versions might keep the entire scope alive. This is often seen in middleware or long-running async chains.

Prevention and Monitoring Best Practices

Identifying leaks with heap dumps is reactive. To be proactive, you should implement coding patterns that make leaks harder to create. According to official Node.js performance documentation, "clean-up" code is just as important as implementation code.

• Use AbortController for Listeners: Starting in Node.js 15, you can use AbortController to automatically remove multiple event listeners. This is much cleaner than manually calling removeListener.
• Limit Cache Sizes: Always use a library like lru-cache for in-memory storage. This ensures that when the cache hits a limit, the oldest items are evicted and made available for GC.
• Avoid Large Closures: If a function only needs one specific piece of data, pass that data as an argument rather than relying on scope variables. This allows the parent scope to be collected even if the child function is still referenced.
• Set --max-old-space-size Wisely: Don't just increase this value to "fix" an OOM crash. It only delays the inevitable. Set it to roughly 75% of your available container RAM to ensure the OS has room for buffers and the stack.

📌 Key Takeaways: Memory leaks are reference leaks. A heap dump is a snapshot of the reference graph. Use the Comparison view to find what's new, use the Retainers view to find who owns it, and use null or removeListener to break the chain. Consistently monitoring heapUsed is the only way to catch these issues before they reach production.

Frequently Asked Questions

Q. Does taking a heap dump affect production performance?

A. Yes, significantly. Taking a heap dump is a synchronous operation that pauses the entire V8 thread while the memory is serialized to disk. For a 2GB heap, this can take several seconds. Never automate heap dumps on every request; trigger them manually or only when specific memory thresholds are hit.

Q. What is the difference between RSS and Heap memory?

A. RSS (Resident Set Size) is the total portion of RAM occupied by a process, including the heap, code segment, and stack. Heap memory is specifically the portion managed by V8 for dynamic objects. A leak usually shows up in the heap first, which then causes the RSS to climb.

Q. Why do I see so many (string) objects in my heap dump?

A. In Node.js, almost everything eventually decomposes into strings (JSON, HTML, buffers). While they show up as the "payload," they are rarely the cause. Look at the "Retainers" to see which logic-level object (like a User object or a Request object) is holding onto those strings.

For further reading, refer to the Official Node.js Diagnostics Guide and the V8 Profiling Documentation.