Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@valora/logging

Package Overview
Dependencies
Maintainers
0
Versions
38
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@valora/logging

[![GitHub License](https://img.shields.io/github/license/valora-inc/logging?color=blue)](https://github.com/valora-inc/logging/blob/main/LICENSE) [![npm version](https://img.shields.io/npm/v/@valora/logging.svg)](https://www.npmjs.com/package/@valora/logg

  • 1.3.18
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
0
Created
Source

@valora/logging

GitHub License npm version GitHub Workflow Status Codecov PRs Welcome

Thin wrapper for bunyan structured logs on Google Cloud and local development, with sensitive data redaction.

Installing the library

yarn add @valora/logging

Using the library

Simple usage

import { createLogger } from '@valora/logging'

const logger = createLogger({
  level: 'info', // Optional, defaults to `LOG_LEVEL` env var or 'info'
})

logger.info({ foo: bar }, 'Hello world!')
logger.warn(err, 'A non fatal error')
logger.warn({ err, foo: bar }, 'A non fatal error')
logger.error(err, 'Something went wrong')
logger.error({ err, foo: bar }, 'Something went wrong')

Redacting sensitive data

Redacting specific fields
import { createLogger } from '@valora/logging'

const logger = createLogger({
  redact: {
    paths: [
      'req.headers.authorization',
      'req.headers.cookie',
      'req.body.token',
      '*.password',
    ],
  },
})

// The authorization header and the other fields will be redacted
logger.info({ req }, 'Request')

// Password will be redacted
logger.info({ foo: { password: 'secret' } }, 'Password redacted')

This functionality is built on top of fast-redact.

There's also some good documentation from pino which uses the same library.

Redacting patterns

The global replace feature, allows replacing patterns anywhere in the log record. This is useful for redacting sensitive data that isn't tied to a specific known field. e.g. phone numbers, emails, etc.

import { createLogger } from '@valora/logging'

const logger = createLogger({
  redact: {
    globalReplace: (value: string) => {
      // replaces values that look like phone numbers
      // `%2B` is the URL encoded version of `+`
      return value.replace(
        /(?:\+|%2B)[1-9]\d{1,14}/gi,
        (phoneNumber) => phoneNumber.slice(0, -4) + 'XXXX',
      )
    },
  },
})

// will redact the phone number both in the message and in the logged object.
logger.info({ a: { b: { c: 'Call me at +1234567890' } } }, "A message with a phone number: +123456789"

Logging middleware

The middleware will automatically log the request and response.

It also shows nicely formatted request logs for Cloud Functions in Logs Explorer (App Engine does this automatically).

Examples in Logs Explorer with a Cloud Function:

logs-gcf logs-gcf-warn-expanded logs-gcf-expanded

And locally:

logs-local

Warning Be mindful of the sensitive data you may log. The middleware will log the request body, so make sure you also setup the appropriate redact config in the logger.

With Express:

import express from 'express'

const app = express()
app.use(createLoggingMiddleware({ projectId: 'test-project', logger }))

With Google Cloud Functions:

import { http } from '@google-cloud/functions-framework'

const loggingMiddleware = createLoggingMiddleware({
  projectId: 'test-project',
  logger,
})

http('myFunction', (req, res) =>
  loggingMiddleware(req, res, () => {
    res.send('Hello World!')
  }),
)

Resources

Contributing

Keywords

FAQs

Package last updated on 03 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc