Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
@firebase/logger
Advanced tools
A logger package for use in the Firebase JS SDK
The @firebase/logger npm package is a utility library for logging purposes within Firebase applications. It provides a flexible, extensible logging solution that can be easily integrated into any Firebase project. The package allows developers to log messages at different levels (e.g., debug, info, warn, error) and to configure the logging behavior to suit their needs.
Configurable log levels
This feature allows developers to set the log level, controlling which types of log messages are actually printed to the console or other outputs. In the code sample, the log level is set to 'debug', which means all levels of logs will be shown.
const { Logger } = require('@firebase/logger');
const logger = new Logger();
logger.logLevel = 'debug';
logger.debug('This is a debug message.');
Custom log handlers
Developers can add custom handlers to process the log messages. In the example, a custom handler is added to specifically handle error messages differently by logging them to the console's error stream.
const { Logger } = require('@firebase/logger');
const logger = new Logger();
logger.addHandler((logLevel, ...args) => {
if (logLevel === 'error') {
console.error(...args);
}
});
logger.error('This is an error message.');
Winston is a popular logging library for Node.js. Similar to @firebase/logger, it supports multiple transport options for logging (e.g., console, file, HTTP). Winston provides more built-in transports and is more configurable than @firebase/logger, making it suitable for more complex logging needs.
Bunyan is another Node.js logging library that focuses on JSON logging. Like @firebase/logger, it allows for different log levels and custom streams. However, Bunyan's output is more structured and is designed to be more easily parsed by systems than the more straightforward text logging of @firebase/logger.
This package serves as the base of all logging in the JS SDK. Any logging that is intended to be visible to Firebase end developers should go through this module.
Firebase components should import the Logger
class and instantiate a new
instance by passing a component name (e.g. @firebase/<COMPONENT>
) to the
constructor.
e.g.
import { Logger } from '@firebase/logger';
const logClient = new Logger(`@firebase/<COMPONENT>`);
Each Logger
instance supports 5 log functions each to be used in a specific
instance:
debug
: Internal logs; use this to allow developers to send us their debug
logs for us to be able to diagnose an issue.log
: Use to inform your user about things they may need to know.info
: Use if you have to inform the user about something that they need to
take a concrete action on. Once they take that action, the log should go away.warn
: Use when a product feature may stop functioning correctly; unexpected
scenario.error
: Only use when user App would stop functioning correctly - super rare!Each log will be formatted in the following manner:
`[${new Date()}] ${COMPONENT_NAME}: ${...args}`
FAQs
A logger package for use in the Firebase JS SDK
The npm package @firebase/logger receives a total of 2,020,625 weekly downloads. As such, @firebase/logger popularity was classified as popular.
We found that @firebase/logger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.