Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Bole is a simple and fast logging library for Node.js applications. It is designed to be easy to use and to provide a structured logging format that can be easily parsed and analyzed.
Basic Logging
Bole allows you to create loggers and log messages at different levels (info, debug, error, etc.). The example demonstrates how to set up a basic logger and log an info message.
const bole = require('bole');
bole.output({ level: 'info', stream: process.stdout });
const log = bole('my-app');
log.info('This is an info message');
Custom Output Streams
Bole allows you to direct log output to custom streams, such as a file. The example shows how to log messages to a file named 'app.log'.
const bole = require('bole');
const fs = require('fs');
const outputStream = fs.createWriteStream('app.log');
bole.output({ level: 'info', stream: outputStream });
const log = bole('my-app');
log.info('This message will be written to app.log');
Structured Logging
Bole supports structured logging, allowing you to log additional context with your messages. The example demonstrates logging a user login event with additional context.
const bole = require('bole');
bole.output({ level: 'info', stream: process.stdout });
const log = bole('my-app');
log.info({ user: 'john_doe', action: 'login' }, 'User login event');
Winston is a versatile logging library for Node.js with support for multiple transports (e.g., console, file, HTTP). It offers more features and flexibility compared to Bole, such as log levels, custom formats, and more.
Bunyan is another logging library for Node.js that focuses on structured logging. It provides a similar feature set to Bole but includes additional tools for log management and analysis, such as a CLI tool for pretty-printing logs.
Pino is a fast and low-overhead logging library for Node.js. It is designed for high-performance logging and offers features like JSON logging, log levels, and support for custom serializers. Pino is generally faster than Bole and is suitable for performance-critical applications.
A tiny JSON logger, optimised for speed and simplicity
Log JSON from within Node.js applications. The log format is obviously inspired by the excellent Bunyan and is likely to be output-compatible in most cases. The difference is that bole aims for even more simplicity, supporting only the common-case basics.
bole is designed for global singleton use. Your application has many log sources, but they all aggregate to the same sources. You configure output in one place for an application, regardless of how many modules and dependencies are also using bole for logging.
mymodule.js
const log = require('bole')('mymodule')
module.exports.derp = () => {
log.debug('W00t!')
log.info('Starting mymodule#derp()')
}
main.js
const bole = require('bole')
const mod = require('./mymodule')
bole.output({
level: 'info',
stream: process.stdout
})
mod.derp()
$ node main
{"time":"2014-05-18T23:47:06.545Z","hostname":"tweedy","pid":27374,"level":"info","name":"mymodule","message":"Starting mymodule#derp()"}
bole.setFastTime()
feature (below) to make it even fasterconst log = bole('logname')
and 'logname'
will be attached to the outputlog.debug()
, log.info()
, log.warn()
, log.error()
console.log()
style strfmt output ( usingutil.format()
): log.warn('foo %s', 'bar')
Error
objects and print appropriate Error
properties, including a full stack trace (including any cause where supported)http.IncomingMessage
for simple logging of an HTTP server's req
object. URL, method, headers, remote host details will be included in the log output.objectMode:true
stream for output.Create a new logger with the supplied name
to be attached to each output. If you keep a logger-per module you don't need to pass loggers around, keep your concerns separated.
Loggers have 4 roughly identical log methods, one for each of the supports log-levels. Log levels are recorded on the output and can be used to determine the level of detail passed to the output.
Log methods support the following types of input:
Error
objects: log output will include the error name
, message
, complete stack
and also a code
where there is one. Additionally you can supply further arguments which are passed to util.format()
and attached as a "message"
property to the output: log.warn(err, 'error occurred while fetching session for user %s', user.name)
http.IncomingMessage
for simple access-log style logging. URL, method, headers, remote address and remote port are logged: log.info(req)
, further data can be provided for a "message"
property if required.
Arbitrary objects whose properties will be placed directly on the logged output object. Be careful passing objects with large numbers of properties, in most cases you are best to construct your own objects: log.debug({ dbHost: 'foo', dbPort: 8080 }, 'connecting to database')
, further data can be provided for a "message"
property if required.
console.log style output so you can treat loggers just like console.log()
: log.info('logging a string')
, log.info('it has been said that %d is the meaning of %s', 42, 'life')
, log.debug('foo', 'bar', 'baz')
.
If you require more sophisticated serialisation of your objects, then write a utility function to convert those objects to loggable objects.
The logger
object returned by bole(name)
is also a function that accepts a name
argument. It returns a new logger whose name is the parent logger with the new name appended after a ':'
character. This is useful for splitting a logger up for grouping events. Consider the HTTP server case where you may want to group all events from a particular request together:
const log = bole('server')
http.createServer((req, res) => {
req.log = log(uuid.v4()) // make a new sub-logger
req.log.info(req)
//...
// log an error against this sub-logger
req.log.error(err)
})
In this case, your events would be listed as something like "name":"server:93f57a1a-ae59-46da-a625-8d084a77028a"
and each event for a particular request would have the same "name"
property, distinct from the rest.
Sub-loggers can even be split in to sub-sub loggers, the rabbit hole is ~bottomless.
Add outputs for application-wide logging, accepts either an object for defining a single output or an array of objects defining multiple outputs. Each output requires only a 'level'
and a 'stream'
, where the level defines the minimum debug level to print to this stream and the stream is any WritableStream
that accepts a .write()
method.
If you pass in a stream with objectMode
set to true
then you will receive the raw log objects rather than their stringified versions.
bole.output([
{ level: 'debug', stream: fs.createWriteStream('app.log') },
{ level: 'info', stream: process.stdout }
])
Clears all output streams from the application
If speed is something you care about and you can handle time in milliseconds since epoch (Date.now()
) rather than the full ISO string (new Date().toISOString()
) in your logs then use bole.setFastTime(true)
to shave off some precious microseconds.
Note that this will reset to the default of false
when you use bole.reset()
If you need to serialise specific types of objects then write a utility function to convert to a loggable object.
If you need a special kind of output then write a stream to accept output data.
If you need to filter a present output data in a special way, write a package to do it and publish it in npm.
bole is Copyright (c) 2014 Rod Vagg @rvagg and licensed under the MIT License. All rights not explicitly granted in the MIT License are reserved. See the included LICENSE.md file for more details.
FAQs
A tiny JSON logger
The npm package bole receives a total of 655,638 weekly downloads. As such, bole popularity was classified as popular.
We found that bole demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.