Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@probot/pino
Advanced tools
@probot/pino
About
@probot/pino is currently built into probot, you don't need to manually pipe probot's logs into it. It will be easy to move it out of probot in future though, and give people a simple way to recover the logging behavior if they wish, or to replace it with another pino transport
CLI Usage
node my-script.js | pino-probot
You can test the environment variables by setting them inline
node my-script.js | LOG_FORMAT=json pino-probot
Programmatic usage
@probot/pino exports a getTransformStream() async function which can be passed as 2nd argument to pino()
import pino from "pino";
import { getTransformStream } from "@probot/pino";
const log = pino(
{
name: "probot",
},
await getTransformStream(),
);
This won't log anything to stdout though. In order to pass the formatted logs back to stdout, do the following
import pino from "pino";
import { getTransformStream } from "@probot/pino";
const transform = await getTransformStream();
transform.pipe(pino.destination(1));
const log = pino(
{
name: "probot",
},
transform,
);
With custom options:
const transform = await getTransformStream({
logFormat: "json",
logLevelInString: true,
sentryDsn: "http://username@example.com/1234",
});
Options
The pino-probot binary can be configured using environment variables, while the getTransformStream() accepts an object with according keys
| Environment Varibale | Option | Description |
|---|---|---|
LOG_FORMAT | logFormat | Set to pretty or json. When set to pretty, logs are formatted for human readability. Setting to json logs using JSON objects. Defaults to pretty |
LOG_LEVEL_IN_STRING | logLevelInString | By default, when using the json format, the level printed in the log records is an int (10, 20, ..). This option tells the logger to print level as a string: {"level": "info"}. Default false |
SENTRY_DSN | sentryDsn | Set to a Sentry DSN to report all errors thrown by your app. (Example: |
Contributing
See CONTRIBUTING.md
License
Keywords
FAQs
formats pino logs and sends errors to Sentry
We found that @probot/pino demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 31 Jul 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025