Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Logging aggregation and distribution
npm i lalog --save
If logging to Loggly then your Loggly token needs to be set in the LOGGLY_TOKEN
environment variable.
If you want to specify a different initial logging level for your application than
the default error
levels you can set the LALOG_LEVEL
environment variable.
Require the Logger
class:
const Logger = require('lalog');
Logger.setLevel('info');
There are 6 levels:
trace, info, warn, error, fatal, security
If you do not call setLevel(...)
then it will default to error
and above.
setLevel
can be used to change the log level at anytime while your app is running and it
will immediately change the level for any loggers that have been created.
const logger = Logger.create({
serviceName: 'service-name',
moduleName: 'module-name',
presets: {}, // optional
addTrackId: true, // options
});
or
const logger = new Logger({
serviceName: 'service-name',
moduleName: 'module-name',
presets: {}, // optional
addTrackId: true, // options
});
Notes on create:
lalog
uses debug
as one of its destinations. The serviceName
and moduleName
props allow
you to filter debug
messages. A debug
name of the form serviceName:moduleName
will be created
which can be used for debugging.presets
is an optional object that will have its contents merged with any object that's logged. Useful for putting in data that you want logged with every message.addTrackId
is truthy then a trackId
(uuid) will be added to presets
.moduleName
is added to presets
as module
.logger.trace({
message: 'I am a message'
});
There are 6 levels at which to write log messages:
trace, info, warn, error, fatal, security
The log will only be written to the destination if the log level has be set at this or above.
It defaults to error
if not set.
The only parameter you can pass to logger.<level>()
is an object which will be written to
the destination after some modifications have been made to it:
error
or above then the object will be written to the destination.time()
and timeEnd()
work pretty much the same as console.time()
and console.timeEnd()
.
time('label')
starts the timer and timeEnd('label')
stops the timer and writes the log.
timeEnd()
operates at the info
level. i.e. it will only write to the destination if the level
is set to info
or trace
.
timeEnd
has the same modifiers that a created logger has inasmuch as it can be called as:
time('label');
// do some stuff
timeEnd.warn('label');
// or
timeEnd.error('label');
timeEnd()
and timeEnd.<level>()
take an optional log object.
This allows you to do:
try {
logger.time('write-to-db');
await writeToDb();
logger.timeEnd('write-to-db');
} catch(err) {
logger.timeEnd.error('write-to-db', { err });
}
This saves you from having to do a logger.error()
and a logger.timeEnd()
if an error is caught.
Also if the level is set to error then the timing will be captured in the event of an error
(in addition to any extra logging data) but not in the event of normal operation because the
default level for logger.timeEnd()
is info
.
0.5.0
FAQs
Logging aggregation and distribution
The npm package lalog receives a total of 71 weekly downloads. As such, lalog popularity was classified as not popular.
We found that lalog demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.