Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
@coast/logger
Advanced tools
This package uses the Bunyan logging library to provide a stream capable log handler that can send your logs to a variety of places. By default, the logger outputs to the console (stdout), but you can also stream your server side logs to services like Loggly or even save them to a database.
Most loggers have the concept of log level. That allows you to filter what is visible in your logs (see available levels and their descriptions below). The default level is INFO
. To override the log level on the server, you can set the LOG_LEVEL
environment variable to one of the valid values below.
To set the logger name that appears at the beginning of every log line and as the name
key in the raw JSON output, you can set...
# default: API
export LOGGER_NAME="My API"
The default log level is INFO
, but you can override that with LOG_LEVEL
(see more about available levels below).
LOG_LEVEL="DEBUG" node myapp.js
Or export it first...
export LOG_LEVEL="DEBUG"
node myapp.js
To set it in production (assuming you're using Docker), it would look like this:
docker run -e LOG_LEVEL="DEBUG" ...
When doing custom development and adding more logging to the app, we suggest following the Bunyan recommendations on log levels and use appropriate levels for your messages.
The log levels in Bunyan are as follows. The level descriptions are best practice opinions.
import Logger from "@coast/logger";
/**
* Logging general info
*/
// a general message string
Logger.info("Something important happened!");
// include some event-specific data in the message string
Logger.info(`Order ID ${order._id} has been submitted by user ${order.userId}`);
// or extend the JSON output of the logger with an object
// (note that the object should go before the message text)
Logger.info({ order }, "Order has been submitted");
/**
* Logging warnings
*/
// Log a non-critical warning that should be investigated
Logger.warn("API key missing. The feature won't work.");
/**
* Logging errors
*/
Logger.error("Oh no! Something went wrong!");
// Bunyan has an error object parser built in, so you can pass
// errors into the logger and it will format them in your console
// as well as extend the raw JSON log output if you are piping
// your logs to another service like Loggly.
// (note that the error object should go before the message text)
doSomething((err, result) => {
if (err) {
Logger.error(err, "Something went wrong!");
throw err;
}
Logger.info("That thing worked!");
// or
Logger.info({ result }, "That thing worked!");
});
/**
* Logging fatal events
*/
// If an event is considered fatal (will stop the app from functioning
// entirely), you should use the FATAL log level.
// Note that this will rarely be needed. Most negative events
// are just warnings or errors and don't entirely prevent the
// app from continuing to run.
Logger.fatal("The app is going to crash now! Attention needed!");
FAQs
A Node/browser application logger
We found that @coast/logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.