Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@timberio/node
Advanced tools
New to Timber? Here's a low-down on logging in Javascript.
@timberio/node
This NPM library is for logging in Node.js.
If you have a universal or client-side app that requires logging in the browser, check out @timberio/browser
or @timberio/js
(which combines the two packages.)
Here's how to get started:
Install the package directly from NPM:
npm i @timberio/node
In ES6/Typescript, import the Timber
class:
import { Timber } from "@timberio/node";
For CommonJS, require the package:
const { Timber } = require("@timberio/node");
Simply pass your Timber.io organization API + source keys as parameters to a new Timber
instance (you can grab both from the Timber.io console):
const timber = new Timber("timber-organization-key", "timber-source-key");
This Node.js library extends @timberio/core
, which provides a simple API for logging, adding middleware and more.
Visit the relevant readme section for more info/how-to:
In addition to .log|debug|info|warn|error()
returning a Promise, the Node.js logger offers a .pipe()
function for piping successfully synchronized logs to any writable stream.
This makes it trivial to additionally save logs to a file, stream logs over the network, or interface with other loggers that accept streamed data.
Here's a simple example of saving logs to a logs.txt
file:
// Import the Node.js `fs` lib
import * as fs from "fs";
// Import the Node.js Timber library
import { Timber } from "@timberio/node";
// Open a writable stream to `logs.txt`
const logsTxt = fs.createWriteStream("./logs.txt");
// Create a new Timber instance, and pipe output to `logs.txt`
const timber = new Timber("timber-organization-key", "timber-source-key");
timber.pipe(logsTxt);
// When you next log, `logs.txt` will get a JSON string copy
timber.log("This will also show up in logs.txt");
Streamed logs passed to your write stream's .write()
function will be JSON strings in the format of type ITimberLog
, and always contain exactly one complete log after it has been transformed by middleware and synced with Timber.io.
e.g:
{"dt":"2018-12-29T08:38:33.272Z","level":"info","message":"message 1"}
If you want to further process logs in your stream, remember to JSON.parse(chunk.toString())
the written 'chunk', to turn it back into an ITimberLog
object.
Calls to .pipe()
will return the passed writable stream, allowing you to chain multiple .pipe()
operations or access any other stream function:
// Import a 'pass-through' stream, to prove it works
import { PassThrough } from "stream";
// This stream won't do anything, except copy input -> output
const passThroughStream = new PassThrough();
// Passing to multiple streams works...
timber.pipe(passThroughStream).pipe(logsTxt);
FAQs
Timber.io - Node.js logger
The npm package @timberio/node receives a total of 700 weekly downloads. As such, @timberio/node popularity was classified as not popular.
We found that @timberio/node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.