@zappzarapp/audit-logger
Advanced tools
GDPR-compliant audit logging with injectable encryption, configurable storage, and tamper-proof checksums
GDPR-compliant audit logging for Node.js/TypeScript with injectable encryption, configurable storage, and tamper-proof checksums.
verify() methodNullAuditLogger for environments without audit
requirementsnode:crypto and node:fs
(built-in)QueryExecutor interface, no driver dependencynpm install @zappzarapp/audit-logger
import { AuditLogger } from '@zappzarapp/audit-logger';
const auditLogger = new AuditLogger(
executor, // Your QueryExecutor implementation
process.env.ENCRYPTION_KEY!, // Encryption key
'postgres' // Database dialect: 'postgres' | 'mysql'
);
// Log a data access event
await auditLogger.log({
action: 'user.view',
entityType: 'user',
entityId: 123,
userId: currentUserId,
ipAddress: req.ip,
userAgent: req.headers['user-agent'],
});
// Log authentication
await auditLogger.logAuth(
'login.success',
userId,
{},
req.ip,
req.headers['user-agent']
);
// Log admin action
await auditLogger.logAdmin('role.granted', adminId, 'user', targetUserId, {
role: 'moderator',
});
// Query logs
const logs = await auditLogger.getLogsForEntity('user', 123);
const userLogs = await auditLogger.getLogsForUser(userId);
// Verify integrity
for (const log of logs) {
if (!auditLogger.verify(log)) {
// Tampered entry detected!
}
}
This package does not depend on any database driver. Instead, implement the
QueryExecutor interface to wrap your existing connection:
import type { QueryExecutor } from '@zappzarapp/audit-logger';
// Example: wrapping a pg Pool
const executor: QueryExecutor = {
async query(sql, params) {
const result = await pool.query(sql, params);
return result.rows;
},
async execute(sql, params) {
const result = await pool.query(sql, params);
return { affectedRows: result.rowCount ?? 0 };
},
};
import {
AuditLogger,
AppEncryption,
DatabaseEncryption,
NullAuditLogger,
} from '@zappzarapp/audit-logger';
// Full configuration
const auditLogger = new AuditLogger(
executor,
process.env.ENCRYPTION_KEY!,
'postgres',
{
encryption: new AppEncryption(), // default (AES-256-GCM via node:crypto)
tableName: 'audit_logs', // default table name
logFilePath: '/var/log/audit.log', // optional file logging (null = disabled)
}
);
// Using database-level encryption (for existing encrypt_text() setups)
const dbLogger = new AuditLogger(
executor,
process.env.ENCRYPTION_KEY!,
'postgres',
{ encryption: new DatabaseEncryption() }
);
// Disable audit logging (Null Object pattern)
const nullLogger = new NullAuditLogger();
Apply the migration for your database:
migrations/postgresql/audit_logs.sqlmigrations/mariadb/audit_logs.sqlmake install # Install dependencies
make test # Run tests
make typecheck # TypeScript type checking
make lint # ESLint
make build # Build TypeScript
make check # All quality checks
MIT
FAQs
GDPR-compliant audit logging with injectable encryption, configurable storage, and tamper-proof checksums
The npm package @zappzarapp/audit-logger receives a total of 135 weekly downloads. As such, @zappzarapp/audit-logger popularity was classified as not popular.
We found that @zappzarapp/audit-logger demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.
Research
Five malicious NuGet packages impersonate Chinese .NET libraries to deploy a stealer targeting browser credentials, crypto wallets, SSH keys, and local files.
Security News
pnpm 11 turns on a 1-day Minimum Release Age and blocks exotic subdeps by default, adding safeguards against fast-moving supply chain attacks.