Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@timberio/core
Advanced tools
New to Timber? Here's a low-down on logging in Javascript.
@timberio/core
This is an NPM package that provides core logging functionality.
It's used by the Node and browser logging packages.
You typically wouldn't require this package directly, unless you're building a custom logger.
Base
classThe Base class provides core features that are extended by loggers.
For example - you could create a custom logger that implements its own sync method, for getting data over to Timber.io
import { Base } from "@timberio/core";
import { ITimberOptions, ITimberLog } from "@timberio/types";
class CustomLogger extends Base {
// Constructor must take a Timber.io API key, and (optional) options
public constructor(apiKey: string, options?: Partial<ITimberOptions>) {
// Make sure you pass the API key to the parent constructor!
super(apiKey, options);
// Create a custom sync method
this.setSync(async (logs: ITimberLog[]) => {
// Sync the `log` somehow ... `this._apiKey` contains your Timber API key
// ....
// Finally, return the log... which will resolve our initial `.log()` call
return logs;
});
}
}
Logging to Timber is simple - just call the .log()
function with a string message:
// Simple log message (defaults to the 'info' log level)
timber.log("Hello Timber!");
// Or, add custom context keys to pass along with the log
timber.log("Once more, with context", {
context: {
custom: {
"user-agent": {
browser: "Chrome"
}
}
}
});
There are four levels of logging, each corresponding to a function:
Function | Log level | Example |
---|---|---|
.debug() | Debug - logs to report/diagnose system events | Currently logged in session object, during development |
.info() | Info - data/events where no action is required; for information only | User successfully logged in |
.warn() | Warning - advisory messages that something probably needs fixing, but not serious enough to cause an error | SQL query ran slower than expected |
.error() | Error - something went wrong | Couldn't connect to database |
By default, .log()
logs at the 'info' level. You can use the above explicit log levels instead by calling the relevant function with your log message.
All log levels return a Promise that will resolve once the log has been synced with Timber.io:
// Will resolve when synced with Timber.io (or reject if there's an error)
timber.log("some log message").then(log => {
// `log` is the transformed log, after going through middleware
});
You can add your own middleware functions, which act as transforms on the ITimberLog log object.
This is useful for augmenting the log prior to syncing with Timber, or even pushing the log to another service.
Here's what a middleware function looks like:
import { ITimberLog } from "@timberio/types";
// In this example function, we'll add a custom `context` to the log
// representing the currently logged in user.
//
// Note: a middleware function is any function that takes an `ITimberLog`
// and returns a `Promise<ITimberLog>`
async function addCurrentUser(log: ITimberLog): Promise<ITimberLog> {
return {
...log, // <-- copy the existing log
context: {
// ... and add our own `context` data
custom: {
user: {
id: 1000,
name: "Lee"
}
}
}
};
}
Then just attach to the Timber instance with .use
:
timber.use(addCurrentUser);
You can add any number of pipeline functions to your logger instance, and they'll run in order.
Middleware functions run before the final sync to Timber.io. Pipeline functions should return a Promise<ITimberLog>
, making it possible to augment logs with asynchronous data from external sources.
Note: If an exception is thrown anywhere in the pipeline chain, the log won't be synced. Wrap an async try/catch
block around your call to .log|info|debug|warn|error()
or tack on a .catch()
to ensure your errors are handled.
If you wish to remove middleware, pass in the original middleware function to .remove()
:
// `addCurrentUser` will no longer be used to transform logs
timber.remove(addCurrentUser);
This will remove the middleware function from all future calls to .log|info|debug|warn|error()
.
To re-add middleware, pass it to .use()
FAQs
Timber.io - logging core
The npm package @timberio/core receives a total of 782 weekly downloads. As such, @timberio/core popularity was classified as not popular.
We found that @timberio/core demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.