Tools for debugging your node.js modules and event loop. 

Tools for debugging your node.js modules and event loop

3rdeden

swaagie

diagnostics

Error

Ignore

Warn

License

Maintenance

Miscellaneous

Quality

Supply chain risk

Vulnerability

Admins only

Organization members

Dashboard

<upgradeLink>Upgrade</upgradeLink> to access this feature

About

Blog

Socket CLI

Customers

Socket Dependency Search

Docs

Socket for GitHub

Love

Impersonation Mode Active

Update your browser to the latest version for the best experience.

Your web browser is outdated

Use another browser for the best experience.

Your web browser is unsupported

{{count, number}} commits last two months

{{count, number}} critical severity alert

{{count, number}} critical severity alerts

{{count, number}} dependency vulnerability

{{count, number}} dependency vulnerabilities

{{count, number}} development dependencies

{{count, number}} transitive dependencies

{{count, number}} version published last month

{{count, number}} versions published last month

{{count, number}} version published in last two months

{{count, number}} versions published in last two months

{{count, number}} version published last week

{{count, number}} versions published last week

{{count, number}} version published last year

{{count, number}} versions published last year

Socket undergoes annual SOC2 Type II audits. Socket customers can request a copy of the full SOC2 Type II report.

Allows organization owners and admins to access detailed records of actions taken by members of their organization, complete with timestamps.

Prevent compromised packages from infiltrating your supply chain by monitoring for changes in real-time.

Join our Discord community to get help from Socket engineers and other Socket users.

Compare millions of open source packages on socket.dev

Detect malicious code and risky behavior (e.g. network) in your dependencies using "deep package inspection"

All data is encrypted in transit and at rest using industry standard encryption algorithms.

Get a dedicated Socket account manager and access to Socket’s Customer Success team.

Get dedicated support from Socket engineers via email and Slack.

"Shift left" with the Socket Chrome extension and give intervene early, before developers choose risky or low quality dependencies.

Catch developers using risky dependencies and give them a "speed bump" to encourage good behavior

Install the Socket GitHub app to receive real-time dependency scanning and reports with every pull request.

Integrate Socket into your GitHub SCM to prevent risky dependencies from being installed.

Socket scans for vulnerabilities in your dependencies, including CVEs, security advisories, and more.

Socket supports dependencies in many languages, with most popular ecosystems coming in 2024. We've got you covered no matter what languages you use.

Enforce license policies across your organization

Receive a Microsoft Teams message to the channel of your choice anytime Socket runs a new analysis, has a new finding, or a policy has changed.

Get help migrating from Socket's free plan to Socket's paid plans.

Run Socket on-premises or in your own cloud environment.

Query for any dependency (at any version) across your entire organization

Integrate Socket into your CI/CD pipeline to prevent risky dependencies from being deployed to production.

Analyze an entire project to find supply chain risks

Tag projects to organize and filter your projects

Restrict access based on the roles of individual users within an organization.

Receive a Slack message to the channel of your choice anytime Socket runs a new analysis, has a new finding, or a policy has changed.

Socket is SOC2 Type II compliant and undergoes annual audits.

The Socket CLI allows teams to prevent risky dependencies from being installed, and to get dependency insights from the command line.

Socket supports SAML SSO for single sign-on and identity management.

Integrate Socket into your VS Code IDE to prevent risky dependencies from being installed.

Get a POST request anytime Socket runs a new analysis, has a new finding, or a policy has changed.

Socket will analyzed your SBOMs up to a maximum number of dependencies.

API that allows you to analyze a project, lookup package scores and alerts, and more.

Create API tokens to authenticate with the Socket API and CLI.

The number of developers in your team. A developer is someone who made a commit to your organization's repositories scanned by Socket in the past month.

Use Socket to protect your private repositories.

Socket is always free for open source projects.

Socket retains all reporting data for 3 months, 1 year, or a custom term of your choice.

Access the threat feed that powers Socket.

Unlimited scale, self-hosting, and priority support for large teams.

For open-source projects, individuals, and small teams.

For growing teams with enhanced scale, security, and support.

There is a package with a similar name that is downloaded much more often.

There are packages with similar names that are downloaded much more often.

This may not be the package you want!

Instance

Alert Locations

Package

The {{ecosystem}} package {{- packageName}} receives a total of <strong>{{numWeeklyDownloadCount, number}}</strong> weekly downloads. As such, {{- packageName}} popularity was classified as <strong>{{popularity}}</strong>.

Is {{- packageName}} popular?

Is {{- packageName}} safe to use?

Is {{- packageName}} well maintained?

What is {{- packageName}}?

{{packageDescription}}Version: {{versionString}} was published by {{publisherName}}. Start using Socket to analyze {{- packageName}} and its {{dependencyCount, number}} dependencies to secure your app from supply chain attacks.

Sorry, it seems this package was removed from the registry

Package was removed

This package version has been unpublished, mostly likely due to security reasons

Package version was removed

Provide a detailed description of the malware...

Socket fights vulnerabilities and provides visibility, defense-in-depth, and proactive supply chain protection for JavaScript, Python, and Go dependencies.

Socket - Secure your dependencies. Ship with confidence.

Compare versions

{{- packageName}} - npm Package Compare versions

 * Check if the terminal we're using allows the use of colors.

 * The default stream instance we should be writing against.

 * - color: The color for the namespace, can be a hex/CSS color string, defaults

 *   to automatically generated color from the method name.

 * - colour: Alternate spelling for color, does the same thing.

 * - colors: Force the use of colors or forcefully disable them. If this option

 *   is not supplied the colors will be based on your terminal.

 * - stream: The Stream instance we should write our logs to, defaults to

 *   process.stdout but can be anything you like.

 * - precise: By default our log timing is rounded up to the nearest value. If

 *   you need a more precise timing you can set this true.

 * @param {String} name The namespace of your log function.

 * @param {Object} options Logger configuration.

 * @returns {Function} Configured logging method.

  if ('object' === typeof name) options = name;

  if ('string' !== typeof name) name = resolve(module);

  // All argument normalization has been done, check if the given name is

  if (!enabled(name)) return function nope() {};

  options.colors = 'colors' in options ? options.colors : tty;

  options.color = options.color || options.colour || paint(name);

  options.ansi = options.colors ? kuler(name, options.color) : name;

  options.stream = options.stream || stream;

  // Allow multiple streams, so make sure it's an array which makes iteration

  if (!Array.isArray(options.stream)) options.stream = [options.stream];

  // The actual debug function which does the logging magic.

    // Better formatting for error instances.

    if (line instanceof Error) line = line.stack || line.message || line;

      // The total time we took to execute the next debug statement.

    // Use util.format so we can follow the same API as console.log.

    line = util.format.apply(this, [line].concat(

        Array.prototype.slice.call(arguments, 1)

    , variable = envy.debug || envy.diagnostics || '';

    , variable = envy.diagnostics || envy.debug || '';

  return variable.split(/[\s,]+/).some(function checks(check) {

      return !(new RegExp('^' + check.substr(1) + '$')).test(name);

    return (new RegExp('^' + check + '$')).test(name);

 * Generate a color for a given name. But be reasonably smart about it by

 * understanding name spaces and coloring each namespace a bit lighter so they

 * still have the same base color as the root.

  for (var base = hex(name[0]), i = 0, l = name.length - 1; i < l; i++) {

    base = colorjs(base).mix(colorjs(hex(name[i + 1]))).saturate(1).hexString();

 * Attempt to resolve the name of the application by searching for the

 * package.json use the name property of that. If we cannot find a name property

 * we will use the name of the folder of the module that required us.

 * @param {Module} module The module reference.

    , folder = path.dirname(module.filename);

    var json = path.join(folder, 'package.json');

           'diagnostics' in json.dependencies

        || 'diagnostics' in json.devDependencies

  // We couldn't find a package.json, use a directory/folder as name instead.

  return path.dirname(module.filename).split(path.sep).pop();

 * Override the "default" stream that we write to. This allows you to globally

  stream = output instanceof Stream ? output : stream;

// Expose our private methods so they can be tested.

  "description": "Tools for debugging your node.js modules and event loop",

    "test": "mocha --reporter spec --ui bdd test.js"

    "url": "git://github.com/3rd-Eden/diagnostics.git"

    "url": "https://github.com/3rd-Eden/diagnostics/issues"

  "homepage": "https://github.com/3rd-Eden/diagnostics",

[![Build Status](https://travis-ci.org/3rd-Eden/diagnostics.svg?branch=master)](https://travis-ci.org/3rd-Eden/diagnostics)

Diagnostics provides a set of tools that is designed to help you with debugging

your Node.js and front-end applications. 

We're starting out small but every major release will unlock another piece of

the puzzle. The following tools are already at your disposal: 

Logging is something you always need in your applications, if you don't know

what's going on, it's damn hard to fix it. This is especially true with async

systems when your stack traces are most likely completely useless. In

diagnostics we ship a simple logger which can be turned on and off using

environment variables. So it's out of the way for your users and there when you

var log = require('diagnostics')('example');

The first argument in the function is the namespace of you log function. All log

message will be prefixed with. But we also allow a second argument. This can be

used to configure the logger. The following options can be configured:

- `color`: The color for the namespace, this can be a hex (#FFF) color string or

  the name of a color. If no color is provided we will generate consistently

  hashed color from the given namespace and use that instead.

- `color**s**`: Forcefully enable or disable the use of colors in the log

  output. If no `colors` boolean is provided we will determine if it's a proper

- `stream`: The stream instance we should write our logs to. We default to

  `process.stdout` (unless you change the default using the `.to` method).

- `precise`: By default our log timing is rounded up to the nearest number. If

  you need more precise timing you can set this option to true.

The beauty of this logger is that it allows a custom stream where you can write

the data to. So you can just log it all to a separate server, database and what

not. But we don't just allow one stream we allow multiple streams so you might

want to log to disk AND just output it in your terminal. The only thing you need

To set multiple streams as the default streams or supply an array for the logger

var log = require('diagnostics', { stream: [

var log = require('diagnostics')('example', { stream: [

In addition to using the `DEBUG` environment variable you can also the

		@@ -117,3 +117,3 @@ 'use strict';
		var envy = env()
		, variable = envy.debug \|\| envy.diagnostics \|\| '';
		, variable = envy.diagnostics \|\| envy.debug \|\| '';

		@@ -120,0 +120,0 @@ if (!variable) return false;

		{
		"name": "diagnostics",
		"version": "0.0.3",
		"version": "0.0.4",
		"description": "Tools for debugging your node.js modules and event loop",
		@@ -32,7 +32,7 @@ "main": "index.js",
		"assume": "0.0.x",
		"mocha": "1.19.x",
		"mocha": "1.21.x",
		"pre-commit": "0.0.x"
		},
		"dependencies": {
		"color": "0.6.x",
		"color": "0.7.x",
		"colornames": "0.0.x",
		@@ -39,0 +39,0 @@ "env-variable": "0.0.x",

		# Diagnostics

		[![Build Status](https://travis-ci.org/3rd-Eden/diagnostics.svg?branch=master)](https://travis-ci.org/3rd-Eden/diagnostics)

		Diagnostics provides a set of tools that is designed to help you with debugging
		@@ -66,3 +68,3 @@ your Node.js and front-end applications.
		```js
		var log = require('diagnostics', { stream: [
		var log = require('diagnostics')('example', { stream: [
		stream1,
		@@ -69,0 +71,0 @@ stream2

Improved metrics

Dependency changes