Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The log4js npm package is a logging library for Node.js, inspired by the Java-based Log4j. It provides a flexible logging system that can be configured to log to the console, to files, or to external logging services. It supports multiple log levels, categories, and appenders, allowing for fine-grained control over logging output.
Basic Logging
This code sets up log4js to log messages to the standard output (console). It configures an appender named 'out' that writes to stdout and sets the default logging level to 'info'.
const log4js = require('log4js');
log4js.configure({
appenders: { 'out': { type: 'stdout' } },
categories: { default: { appenders: ['out'], level: 'info' } }
});
const logger = log4js.getLogger();
logger.info('Informational message');
File Appender
This code configures log4js to write log messages to a file named 'app.log' in the 'logs' directory. It creates a file appender and sets the logging level to 'warn'.
const log4js = require('log4js');
log4js.configure({
appenders: { 'file': { type: 'file', filename: 'logs/app.log' } },
categories: { default: { appenders: ['file'], level: 'info' } }
});
const logger = log4js.getLogger();
logger.warn('Warning message');
Log Levels
This code demonstrates the use of different log levels available in log4js. Each level represents a different severity of logging, with 'trace' being the least severe and 'fatal' being the most severe.
const log4js = require('log4js');
const logger = log4js.getLogger('myCategory');
logger.trace('Trace message');
logger.debug('Debug message');
logger.info('Info message');
logger.warn('Warn message');
logger.error('Error message');
logger.fatal('Fatal message');
Multiple Appenders and Categories
This code shows how to configure multiple appenders and categories. The 'default' category logs to both the console and a file, while the 'special' category logs only to a file and only logs messages at the 'error' level or higher.
const log4js = require('log4js');
log4js.configure({
appenders: {
'out': { type: 'stdout' },
'file': { type: 'file', filename: 'logs/app.log' }
},
categories: {
default: { appenders: ['out', 'file'], level: 'info' },
special: { appenders: ['file'], level: 'error' }
}
});
const defaultLogger = log4js.getLogger();
defaultLogger.info('Default category, logged to console and file');
const specialLogger = log4js.getLogger('special');
specialLogger.error('Special category, logged to file only');
Winston is a multi-transport async logging library for Node.js. Like log4js, it supports multiple transports (e.g., file, console, HTTP) and custom log levels. It is highly configurable and is considered one of the most popular logging solutions in the Node.js ecosystem, often compared to log4js for its rich features and flexibility.
Bunyan is a simple and fast JSON logging library for Node.js services. It includes a CLI tool for pretty-printing log files. Bunyan's focus on JSON logging format makes it particularly suitable for use in large-scale distributed systems where log aggregation and analysis are important. It is less configurable than log4js and winston but is valued for its simplicity and streaming capabilities.
Pino is a very low-overhead Node.js logger that outputs logs in JSON format. It is designed for performance and can be significantly faster than other logging libraries like log4js, especially in high-throughput scenarios. Pino's API is relatively minimal compared to log4js, focusing on delivering the best performance possible.
This is a conversion of the log4js framework to work with node. I started out just stripping out the browser-specific code and tidying up some of the javascript to work better in node. It grew from there. Although it's got a similar name to the Java library log4j, thinking that it will behave the same way will only bring you sorrow and confusion.
The full documentation is available here.
There have been a few changes between log4js 1.x and 2.x (and 0.x too). You should probably read this migration guide if things aren't working.
Out of the box it supports the following features:
Optional appenders are available:
Having problems? Jump on the slack channel, or create an issue. If you want to help out with the development, the slack channel is a good place to go as well.
npm install log4js
Minimalist version:
var log4js = require("log4js");
var logger = log4js.getLogger();
logger.level = "debug";
logger.debug("Some debug messages");
By default, log4js will not output any logs (so that it can safely be used in libraries). The level
for the default
category is set to OFF
. To enable logs, set the level (as in the example). This will then output to stdout with the coloured layout (thanks to masylum), so for the above you would see:
[2010-01-17 11:43:37.987] [DEBUG] [default] - Some debug messages
See example.js for a full example, but here's a snippet (also in examples/fromreadme.js
):
const log4js = require("log4js");
log4js.configure({
appenders: { cheese: { type: "file", filename: "cheese.log" } },
categories: { default: { appenders: ["cheese"], level: "error" } },
});
const logger = log4js.getLogger("cheese");
logger.trace("Entering cheese testing");
logger.debug("Got cheese.");
logger.info("Cheese is Comté.");
logger.warn("Cheese is quite smelly.");
logger.error("Cheese is too ripe!");
logger.fatal("Cheese was breeding ground for listeria.");
Output (in cheese.log
):
[2010-01-17 11:43:37.987] [ERROR] cheese - Cheese is too ripe!
[2010-01-17 11:43:37.990] [FATAL] cheese - Cheese was breeding ground for listeria.
If you're writing a library and would like to include support for log4js, without introducing a dependency headache for your users, take a look at log4js-api.
Available here.
There's also an example application.
import * as log4js from "log4js";
log4js.configure({
appenders: { cheese: { type: "file", filename: "cheese.log" } },
categories: { default: { appenders: ["cheese"], level: "error" } },
});
const logger = log4js.getLogger();
logger.level = "debug";
logger.debug("Some debug messages");
We're always looking for people to help out. Jump on slack and discuss what you want to do. Also, take a look at the rules before submitting a pull request.
The original log4js was distributed under the Apache 2.0 License, and so is this. I've tried to keep the original copyright and author credits in place, except in sections that I have rewritten extensively.
FAQs
Port of Log4js to work with node.
The npm package log4js receives a total of 3,628,846 weekly downloads. As such, log4js popularity was classified as popular.
We found that log4js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.