Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@firebase/logger
Advanced tools
The @firebase/logger npm package is a utility library for logging purposes within Firebase applications. It provides a flexible, extensible logging solution that can be easily integrated into any Firebase project. The package allows developers to log messages at different levels (e.g., debug, info, warn, error) and to configure the logging behavior to suit their needs.
Configurable log levels
This feature allows developers to set the log level, controlling which types of log messages are actually printed to the console or other outputs. In the code sample, the log level is set to 'debug', which means all levels of logs will be shown.
const { Logger } = require('@firebase/logger');
const logger = new Logger();
logger.logLevel = 'debug';
logger.debug('This is a debug message.');
Custom log handlers
Developers can add custom handlers to process the log messages. In the example, a custom handler is added to specifically handle error messages differently by logging them to the console's error stream.
const { Logger } = require('@firebase/logger');
const logger = new Logger();
logger.addHandler((logLevel, ...args) => {
if (logLevel === 'error') {
console.error(...args);
}
});
logger.error('This is an error message.');
Winston is a popular logging library for Node.js. Similar to @firebase/logger, it supports multiple transport options for logging (e.g., console, file, HTTP). Winston provides more built-in transports and is more configurable than @firebase/logger, making it suitable for more complex logging needs.
Bunyan is another Node.js logging library that focuses on JSON logging. Like @firebase/logger, it allows for different log levels and custom streams. However, Bunyan's output is more structured and is designed to be more easily parsed by systems than the more straightforward text logging of @firebase/logger.
This package serves as the base of all logging in the JS SDK. Any logging that is intended to be visible to Firebase end developers should go through this module.
Firebase components should import the Logger
class and instantiate a new
instance by passing a component name (e.g. @firebase/<COMPONENT>
) to the
constructor.
e.g.
import { Logger } from '@firebase/logger';
const logClient = new Logger(`@firebase/<COMPONENT>`);
Each Logger
instance supports 5 log functions each to be used in a specific
instance:
debug
: Internal logs; use this to allow developers to send us their debug
logs for us to be able to diagnose an issue.log
: Use to inform your user about things they may need to know.info
: Use if you have to inform the user about something that they need to
take a concrete action on. Once they take that action, the log should go away.warn
: Use when a product feature may stop functioning correctly; unexpected
scenario.error
: Only use when user App would stop functioning correctly - super rare!Each log will be formatted in the following manner:
`[${new Date()}] ${COMPONENT_NAME}: ${...args}`
FAQs
A logger package for use in the Firebase JS SDK
The npm package @firebase/logger receives a total of 3,295,581 weekly downloads. As such, @firebase/logger popularity was classified as popular.
We found that @firebase/logger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.