Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@coast/logger
Advanced tools
This package uses the Bunyan logging library to provide a stream capable log handler that can send your logs to a variety of places. By default, the logger outputs to the console (stdout), but you can also stream your server side logs to services like Loggly or even save them to a database.
Most loggers have the concept of log level. That allows you to filter what is visible in your logs (see available levels and their descriptions below). The default level is INFO
. To override the log level on the server, you can set the LOG_LEVEL
environment variable to one of the valid values below.
To set the logger name that appears at the beginning of every log line and as the name
key in the raw JSON output, you can set...
# default: API
export LOGGER_NAME="My API"
The default log level is INFO
, but you can override that with LOG_LEVEL
(see more about available levels below).
LOG_LEVEL="DEBUG" node myapp.js
Or export it first...
export LOG_LEVEL="DEBUG"
node myapp.js
To set it in production (assuming you're using Docker), it would look like this:
docker run -e LOG_LEVEL="DEBUG" ...
When doing custom development and adding more logging to the app, we suggest following the Bunyan recommendations on log levels and use appropriate levels for your messages.
The log levels in Bunyan are as follows. The level descriptions are best practice opinions.
import Logger from "@coast/logger";
/**
* Logging general info
*/
// a general message string
Logger.info("Something important happened!");
// include some event-specific data in the message string
Logger.info(`Order ID ${order._id} has been submitted by user ${order.userId}`);
// or extend the JSON output of the logger with an object
// (note that the object should go before the message text)
Logger.info({ order }, "Order has been submitted");
/**
* Logging warnings
*/
// Log a non-critical warning that should be investigated
Logger.warn("API key missing. The feature won't work.");
/**
* Logging errors
*/
Logger.error("Oh no! Something went wrong!");
// Bunyan has an error object parser built in, so you can pass
// errors into the logger and it will format them in your console
// as well as extend the raw JSON log output if you are piping
// your logs to another service like Loggly.
// (note that the error object should go before the message text)
doSomething((err, result) => {
if (err) {
Logger.error(err, "Something went wrong!");
throw err;
}
Logger.info("That thing worked!");
// or
Logger.info({ result }, "That thing worked!");
});
/**
* Logging fatal events
*/
// If an event is considered fatal (will stop the app from functioning
// entirely), you should use the FATAL log level.
// Note that this will rarely be needed. Most negative events
// are just warnings or errors and don't entirely prevent the
// app from continuing to run.
Logger.fatal("The app is going to crash now! Attention needed!");
FAQs
A Node/browser application logger
We found that @coast/logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.