Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
@seek/logger
Advanced tools
@seek/logger is a JSON logger for Node.js applications. It implements several SEEK customisations over Pino, including:
timestamp
s for Splunk compatibilityimport createLogger from '@seek/logger';
// Initialize the logger. By default, this will log to stdout.
const logger = createLogger({
name: 'my-app',
});
// Write an informational (`level` 30) log with a `msg`.
logger.info('Something good happened');
// Create a child logger that automatically includes the `requestId` field.
const childLogger = logger.child({ requestId });
// Write an error (`level` 50) log with `err`, `msg` and `requestId`.
childLogger.error({ err }, 'Something bad happened');
@seek/logger bundles custom req
and res
serializers along with Pino's standard set.
User-defined serializers will take precedence over predefined ones.
Use the following standardised logging fields to benefit from customised serialization:
err
for errors.
The Error is serialized with its message, name, stack and additional properties.
Notice that this is not possible with e.g. JSON.stringify(new Error())
.
req
for HTTP requests.
The request object is trimmed to a set of essential fields.
res
for HTTP responses.
The response object is trimmed to a set of essential fields.
All other fields will be logged directly.
You can type common sets of fields to enforce consistent logging across your application(s). Compatibility should be maintained with the existing serializer functions.
// Declare a TypeScript type for your log fields.
interface Fields {
activity: string;
err?: Error;
}
// Supply it as a type parameter for code completion and compile-time checking.
logger.trace<Fields>(
{
activity: 'Getting all the things',
},
'Request initiated',
);
logger.error<Fields>(
{
activity: 'Getting all the things',
err,
},
'Request failed',
);
Bearer tokens are redacted regardless of their placement in the log object.
The following trimming rules apply to all logging data:
Avoid logging complex structures such as buffers, deeply nested objects and long arrays. Trimming operations are not cheap and may lead to significant performance issues of your application.
While log depth is configurable via loggerOptions.maxObjectDepth
, we strongly discourage a log depth that exceeds the default of 4 levels.
Consider flattening the log structure for performance, readability and cost savings.
@seek/logger uses Pino under the hood. You can customise your logger by providing Pino options like so:
import createLogger, { pino } from '@seek/logger';
const logger = createLogger(
{
name: 'my-app',
...myCustomPinoOptions,
},
myDestination,
);
const extremeLogger = createLogger({ name: 'my-app' }, pino.extreme());
Note: createLogger
mutates the supplied destination in order to redact sensitive data.
@seek/logger supports Pino-compatible pretty printers.
For example, you can install pino-pretty as a devDependency
:
yarn add --dev pino-pretty
Then selectively enable pretty printing when running your application locally:
import createLogger from '@seek/logger';
const logger = createLogger({
name: 'my-app',
prettyPrint: process.env.ENVIRONMENT === 'local',
});
FAQs
Standardized logging
The npm package @seek/logger receives a total of 5,499 weekly downloads. As such, @seek/logger popularity was classified as popular.
We found that @seek/logger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.