Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@octokit/plugin-request-log
Advanced tools
@octokit/plugin-request-log is a plugin for Octokit that logs all requests made to the GitHub API. It is useful for debugging and monitoring the requests your application makes to GitHub.
Logging Requests
This feature allows you to log all requests made to the GitHub API. The code sample demonstrates how to create an Octokit instance with the requestLog plugin and make a request to the GitHub API, which will be logged.
const { Octokit } = require('@octokit/core');
const { requestLog } = require('@octokit/plugin-request-log');
const MyOctokit = Octokit.plugin(requestLog);
const octokit = new MyOctokit();
async function logRequests() {
await octokit.request('GET /repos/{owner}/{repo}', {
owner: 'octocat',
repo: 'hello-world'
});
}
logRequests();
Custom Log Output
This feature allows you to customize the log output by providing your own logging functions. The code sample demonstrates how to create an Octokit instance with custom log functions and make a request to the GitHub API, which will be logged using the custom functions.
const { Octokit } = require('@octokit/core');
const { requestLog } = require('@octokit/plugin-request-log');
const MyOctokit = Octokit.plugin(requestLog);
const octokit = new MyOctokit({
log: {
debug: console.debug,
info: console.info,
warn: console.warn,
error: console.error
}
});
async function logRequests() {
await octokit.request('GET /repos/{owner}/{repo}', {
owner: 'octocat',
repo: 'hello-world'
});
}
logRequests();
axios-debug-log is a middleware for Axios that logs request and response details. It is similar to @octokit/plugin-request-log in that it provides logging capabilities for HTTP requests, but it is designed specifically for Axios rather than Octokit.
winston is a versatile logging library for Node.js. While it is not specifically designed for logging HTTP requests, it can be used in conjunction with request libraries to log request and response details. It offers more advanced logging features compared to @octokit/plugin-request-log.
morgan is an HTTP request logger middleware for Node.js. It is commonly used with Express.js to log incoming HTTP requests. Unlike @octokit/plugin-request-log, which is specific to Octokit and GitHub API requests, morgan is a general-purpose HTTP request logger.
Log all requests and request errors
Browsers |
Load
|
---|---|
Node |
Install with
|
[!IMPORTANT] As we use conditional exports, you will need to adapt your
tsconfig.json
by setting"moduleResolution": "node16", "module": "node16"
.See the TypeScript docs on package.json "exports".
See this helpful guide on transitioning to ESM from @sindresorhus
const MyOctokit = Octokit.plugin(requestLog);
const octokit = new MyOctokit({ auth: "secret123" });
octokit.request("GET /");
// logs "GET / - 200 in 123ms
octokit.request("GET /oops");
// logs "GET / - 404 in 123ms
In order to log all request options, the log.debug
option needs to be set. We recommend the console-log-level package for a configurable log level
import consoleLogLevel from "console-log-level";
const octokit = new MyOctokit({
log: consoleLogLevel({
auth: "secret123",
level: "info",
}),
});
See CONTRIBUTING.md
FAQs
Log all requests and request errors
The npm package @octokit/plugin-request-log receives a total of 5,152,801 weekly downloads. As such, @octokit/plugin-request-log popularity was classified as popular.
We found that @octokit/plugin-request-log demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.