@zenvia/logger - npm Package Compare versions

Comparing version 1.6.1 to 1.6.2

package.json

 {
   "name": "@zenvia/logger",
-  "version": "1.6.1",
+  "version": "1.6.2",
   "description": "A wrapper for Winston Logging Node.js library that formats the output on STDOUT as Logstash JSON format.",
@@ -5,0 +5,0 @@ "license": "MIT",

src/lib/logger.js

@@ -13,21 +13,3 @@ /* eslint-disable prefer-rest-params */
 
-const sanitizeInfo = (info) => {
-  const sanitizeCRLFInjection = (str) => str
-    .replace(/\n|\r/g, (x) => (x === '\n' ? '#n' : '#r'));
-
-  Object.keys(info).forEach((key) => {
-    if (typeof info[key] === 'string') {
-      info[key] = sanitizeCRLFInjection(info[key]);
-      return;
-    }
-
-    if (info[key] instanceof Function) {
-      delete info[key];
-    }
-  });
-};
-
 const customFormatJson = winston.format((info) => {
-  sanitizeInfo(info);
-
   let stack;
@@ -53,2 +35,8 @@
 
+  Object.keys(info).forEach((key) => {
+    if (info[key] instanceof Function) {
+      delete info[key];
+    }
+  });
+
   return info;
@@ -55,0 +43,0 @@ });

test/lib/logger.spec.js

@@ -73,2 +73,17 @@ const os = require('os');
 
+    it('should remove attributes that are log functions, leaving only the @timestamp, application, message and level fields', () => {
+      logger.info('some message', { field1: () => {} });
+      const expectedOutput = {
+        '@timestamp': '2018-06-05T18:20:42.345Z',
+        '@version': 1,
+        application: 'application-name',
+        host: os.hostname(),
+        message: 'some message',
+        level: 'INFO',
+      };
+
+      const actualOutput = stdMocks.flush().stdout[0];
+      JSON.parse(actualOutput).should.be.deep.equal(expectedOutput);
+    });
+
     it('should log @timestamp, application, message, level and environment fields', () => {
@@ -245,46 +260,2 @@ process.env.NODE_ENV = 'test';
   describe('Logging format', () => {
-    it('should replace LF characters from log (POSIX systems)', () => {
-      logger.debug(`some message
-other CRLF injection message`);
-      const expectedOutput = {
-        '@timestamp': '2018-06-05T18:20:42.345Z',
-        '@version': 1,
-        application: 'application-name',
-        host: os.hostname(),
-        message: 'some message#nother CRLF injection message',
-        level: 'DEBUG',
-      };
-
-      const actualOutput = stdMocks.flush().stdout[0];
-      JSON.parse(actualOutput).should.be.deep.equal(expectedOutput);
-
-      logger.debug('some\n CRLF\n injection\n message');
-      const expectedOutput2 = {
-        '@timestamp': '2018-06-05T18:20:42.345Z',
-        '@version': 1,
-        application: 'application-name',
-        host: os.hostname(),
-        message: 'some#n CRLF#n injection#n message',
-        level: 'DEBUG',
-      };
-
-      const actualOutput2 = stdMocks.flush().stdout[0];
-      JSON.parse(actualOutput2).should.be.deep.equal(expectedOutput2);
-    });
-
-    it('should replace CRLF characters from log (Windows systems)', () => {
-      logger.debug('some\r\n CRLF\r\n injection\r\n message');
-      const expectedOutput = {
-        '@timestamp': '2018-06-05T18:20:42.345Z',
-        '@version': 1,
-        application: 'application-name',
-        host: os.hostname(),
-        message: 'some#r#n CRLF#r#n injection#r#n message',
-        level: 'DEBUG',
-      };
-
-      const actualOutput = stdMocks.flush().stdout[0];
-      JSON.parse(actualOutput).should.be.deep.equal(expectedOutput);
-    });
-
     it('should get not format when LOGGING_FORMATTER_DISABLED environment is true', () => {
@@ -291,0 +262,0 @@ delete require.cache[require.resolve('../../src/lib/logger')];

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Worsened metrics

Total package byte prevSize

32552

decreased by-3.68%

Lines of code

538

decreased by-5.94%

Number of low supply chain risk alerts

43

increased by26.47%

No dependency changes