Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@timberio/core
Advanced tools
New to Timber? Here's a low-down on logging in Javascript.
@timberio/core
This is an NPM package that provides core logging functionality.
It's used by the Node and browser logging packages.
You typically wouldn't require this package directly, unless you're building a custom logger.
Base
classThe Base class provides core features that are extended by loggers.
For example - you could create a custom logger that implements its own sync method, for getting data over to Timber.io
import { Base } from "@timberio/core";
import { ITimberOptions, ITimberLog } from "@timberio/types";
class CustomLogger extends Base {
// Constructor must take a Timber.io API key, and (optional) options
public constructor(
orgApiKey: string,
sourceKey: string,
options?: Partial<ITimberOptions>
) {
// Make sure you pass the organization API + source key to the parent constructor!
super(apiKey, sourceKey, options);
// Create a custom sync method
this.setSync(async (logs: ITimberLog[]) => {
// Sync the `log` somehow ... `this._apiKey` contains your Timber organization API key
// ....
// Finally, return the log... which will resolve our initial `.log()` call
return logs;
});
}
}
Logging to Timber is simple - just call the .log()
function with a string message:
// Simple log message (defaults to the 'info' log level)
timber.log("Hello Timber!");
// Or, add custom context keys to pass along with the log
timber.log("Once more, with context", {
httpRequest: {
"user-agent": {
browser: "Chrome"
}
}
});
There are four levels of logging, each corresponding to a function:
Function | Log level | Example |
---|---|---|
.debug() | Debug - logs to report/diagnose system events | Currently logged in session object, during development |
.info() | Info - data/events where no action is required; for information only | User successfully logged in |
.warn() | Warning - advisory messages that something probably needs fixing, but not serious enough to cause an error | SQL query ran slower than expected |
.error() | Error - something went wrong | Couldn't connect to database |
By default, .log()
logs at the 'info' level. You can use the above explicit log levels instead by calling the relevant function with your log message.
All log levels return a Promise that will resolve once the log has been synced with Timber.io:
// Will resolve when synced with Timber.io (or reject if there's an error)
timber.log("some log message").then(log => {
// `log` is the transformed log, after going through middleware
});
You can add your own middleware functions, which act as transforms on the ITimberLog log object.
This is useful for augmenting the log prior to syncing with Timber, or even pushing the log to another service.
Here's what a middleware function looks like:
import { ITimberLog } from "@timberio/types";
// In this example function, we'll add custom 'context' meta to the log
// representing the currently logged in user.
//
// Note: a middleware function is any function that takes an `ITimberLog`
// and returns a `Promise<ITimberLog>`
async function addCurrentUser(log: ITimberLog): Promise<ITimberLog> {
return {
...log, // <-- copy the existing log
user: {
// ... and add our own `context` data
id: 1000,
name: "Lee"
}
};
}
Then just attach to the Timber instance with .use
:
timber.use(addCurrentUser);
You can add any number of pipeline functions to your logger instance, and they'll run in order.
Middleware functions run before the final sync to Timber.io. Pipeline functions should return a Promise<ITimberLog>
, making it possible to augment logs with asynchronous data from external sources.
Note: If an exception is thrown anywhere in the pipeline chain, the log won't be synced. Wrap an async try/catch
block around your call to .log|info|debug|warn|error()
or tack on a .catch()
to ensure your errors are handled.
If you wish to remove middleware, pass in the original middleware function to .remove()
:
// `addCurrentUser` will no longer be used to transform logs
timber.remove(addCurrentUser);
This will remove the middleware function from all future calls to .log|info|debug|warn|error()
.
To re-add middleware, pass it to .use()
FAQs
Timber.io - logging core
We found that @timberio/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.