Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
express-wolox-logger
Advanced tools
ExpressJS logger that wraps pino with additional features like middlewares for unique request ids and automatic logging of request beginnings and endings.
const { logger } = require('express-wolox-logger');
logger.info('hello world');
logger.error('something bad happened');
This will output:
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): hello world
[2019-06-14 17:35:13.772 +0000] ERROR (17439 on my-pc.local): something bad happened
The exported createLogger
function takes one optional argument,
configuration
and
returns a logger instance
.
configuration
(Object)options
(Object)Default (pino): { prettyPrint: { translateTime: true, colorize: false } }
Options for logger instance, check documentation of each package for more details (pino)
loggerOption
(String)Default : 'pino'
Package used as logger, available options are: ['pino']
const { createLogger } = require('express-wolox-logger');
const logger = createLogger({
loggerOption: 'pino',
options: {
customLevels: {
foo: 35
},
useOnlyCustomLevels: true,
level: 'foo'
}
})
logger.foo('hello world');
There is a script included to excecute a benchmark test on the logger functionallity. The script name is bench
and test 10*iterations
logger calls with different messages types and sizes to print.
It can have none or one argument indicating the number of iterations to test, being 100
the default iterations value:
npm run bench [iterations]
We provide an ExpressJs middleware that automatically logs when a request starts and ends. Simply import it and use it like any other middleware.
const { logger, expressMiddleware } = require('express-wolox-logger');
app.use(expressMiddleware({ loggerFn: logger.info }));
This in conjunction with the basic logs will output:
[2019-06-14 17:35:13.770 +0000] INFO (17439 on my-pc.local): Started GET /logger/test with params: {}, query: {}, body: {}.
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): hello world
[2019-06-14 17:35:13.772 +0000] ERROR (17439 on my-pc.local): something bad happened
[2019-06-14 17:35:13.781 +0000] INFO (17439 on my-pc.local): Ended GET /logger/test with status: 200 in 10 ms
The exported expressRequestIdMiddleware
function takes one argument, options
and returns a middleware
.
options
(Object)loggerFn
(Function)Logger function used for start and end log actions.
obfuscatePlaceholder
(String)Default: [SECURE]
String to replace obfuscated body.
obfuscateBody
(Object|Boolean)Default: true
Options for obfuscate body of request, could be a boolean (true or false) that applies to all requests or a object to an specific endpoint and method.
{
obfuscateBody: {
'/some_url': { // this should be a regex of url to obfuscate
POST: true // method to obfuscate
}
}
}
const { logger, expressMiddleware } = require('express-wolox-logger');
app.use(expressMiddleware({ loggerFn: logger.info, obfuscatePlaceholder: '[SECRET]', obfuscateBody: { '/secure': { POST: true } } }));
This in conjunction with the basic logs will output:
[2019-06-14 17:35:13.770 +0000] INFO (17439 on my-pc.local): Started POST /secure with params: {}, query: {}, body: [SECRET].
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): hello world
[2019-06-14 17:35:13.781 +0000] INFO (17439 on my-pc.local): Ended POST /secure with status: 200 in 10 ms
[2019-06-14 17:35:13.770 +0000] INFO (17439 on my-pc.local): Started GET /secure with params: {}, query: {}, body: {}.
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): hello world
[2019-06-14 17:35:13.781 +0000] INFO (17439 on my-pc.local): Ended GET /secure with status: 200 in 10 ms
const { logger, expressMiddleware } = require('express-wolox-logger');
app.use(expressMiddleware({ loggerFn: logger.info, obfuscatePlaceholder: '[SECRET]', obfuscateBody: true }));
This in conjunction with the basic logs will output:
[2019-06-14 17:35:13.770 +0000] INFO (17439 on my-pc.local): Started POST /secure with params: {}, query: {}, body: [SECRET].
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): hello world
[2019-06-14 17:35:13.781 +0000] INFO (17439 on my-pc.local): Ended POST /secure with status: 200 in 10 ms
[2019-06-14 17:35:13.770 +0000] INFO (17439 on my-pc.local): Started GET /secure with params: {}, query: {}, body: [SECRET].
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): hello world
[2019-06-14 17:35:13.781 +0000] INFO (17439 on my-pc.local): Ended GET /secure with status: 200 in 10 ms
We also provide an ExpressJs middleware that appends a request id
to all logs made for a single request. This is useful for better tracking logs when there are several requests going on concurrently. Again, simply import it and use it like any other middleware.
const { expressRequestIdMiddleware } = require('express-wolox-logger');
app.use(expressRequestIdMiddleware());
This, in conjunction with the basic logs will output:
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): [GNc7JovB7] hello world
[2019-06-14 17:35:13.772 +0000] ERROR (17439 on my-pc.local): [GNc7JovB7] something bad happened
Note, that if you are using Sequelize, you need to configure it to use the logger's CLS namespace, otherwise the requests ids
will not persist through sequelize
promises. The same may apply to other frameworks.
For sequelize
, just set the namespace before creating a new sequelize
instance:
const Sequelize = require('sequelize');
const { namespace } = require('express-wolox-logger');
Sequelize.useCLS(namespace);
const sequelize = new Sequelize(...);
The exported expressRequestIdMiddleware
function takes one optional argument, options
and returns a middleware
.
options
(Object)headerName
(String)Default: x-request-id
Header from where the id is taken
idGenerator
(Function)Default: nanoid(10)
Function used for generate ids in each request.
const uuid = require('uuid');
const { expressRequestIdMiddleware } = require('express-wolox-logger');
app.use(expressRequestIdMiddleware({ headerName: 'id', idGenerator: uuid }));
This, in conjunction with the basic logs will output:
[2019-06-14 17:35:13.772 +0000] INFO (17439 on my-pc.local): [a2936029-9bd4-402d-ba43-a4873f228274] hello world
[2019-06-14 17:35:13.772 +0000] ERROR (17439 on my-pc.local): [a2936029-9bd4-402d-ba43-a4873f228274] something bad happened
As a bonus, the previously mentioned request id is taken from the x-request-id
header if supplied, which lets said request id
be transferred across services. You can do this by importing the getRequestId
function and supplying it to the header when making requests.
const axios = require('axios'),
{ getRequestId } = require('express-wolox-logger');
axios.get(URL, { headers: { 'x-request-id': getRequestId() } });
This will result in the requestId being logged through your services until the request chain ends.
We used axios for this example but other requets packages like request-promise work exactly the same way.
If you are wondering how to migrate from wolox express-js boostrap configuration with winston to this package refer to the step by step migration guide
If you are wondering how to upgrade to a major version check this upgrade guide
git checkout -b my-new-feature
)npm test
)git commit -am 'Add some feature'
)git push origin my-new-feature
)This project is maintained by Wolox and it was written by Wolox.
express-wolox-logger is available under the MIT license.
Copyright (c) 2020 Wolox
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
FAQs
ExpressJS Wolox Logger
The npm package express-wolox-logger receives a total of 326 weekly downloads. As such, express-wolox-logger popularity was classified as not popular.
We found that express-wolox-logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.