Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
microservice-chain-logger
Advanced tools
Readme
Text or JSON-formatted logger for microservices with bundled Correlation ID and http-server access logging.
Features:
console.info/warn/error
producing a text or JSON inflated with customizable metadataX-Correlation-ID
which is automatically reflected in the log messages (including access logs)All of the features are optional and you can use only the ones you need.
npm install microservice-chain-logger
const logger = require('microservice-chain-logger');
const app = require('express')();
// this initiates firing logger.info on each request
// with basic access log information: user, status code, method, path
app.use(logger.initAccessLog({
// this (optional) setting tells that access log
// and ALL OTHER LOGS should use JSON format
useJsonTransformer: true
}));
app.get('/', (req, res) => {
// here we use req as the first parameter
// making it possible to recognize X-Correlation-ID
// The object req itself will NOT be logged
logger.info(req, 'root called with headers', req.headers);
res.send('Hello World');
});
// sample express error handler
app.use((err, req, res, next) => {
// Here we log a potential exception object (err).
// It will be automatically recognized as an exception,
// creating stack, file, line and column fields
// in the resulting JSON
logger.error(req, 'there was an error:', err);
next();
});
app.listen(3000);
// just a normal log, no req needed here,
// since it's not in a HTTP-Request context
logger.info('call: curl http://localhost:3000/');
Please note that the logger is a singleton meaning any changes you make to it by replacing a function would have immediate effect on the entire application.
These functions correspond to console
but also add metadata,
e.g. processTime
, correlationId
and any other data you inject
using transformEntry
.
The first parameter has a special meaning. If it's an instance
of express Request, then it's not logged but used as a context,
e.g. as a source for correlationId
app.get('/some/route', (req, res) => {
logger.info('just some text');
logger.warn('you', {can: 'mix'}, 'different', ['types', 1337]);
logger.info(req, 'message with meta data', {from: 'the req'});
});
Note: logger.debug() uses the same console.info() just like logger.info()
Same as logger.info() but adds file, line and column fields referencing the code location where it was called
// outputs "reached this point! in my_file.js:10:2"
logger.infoSource('reached this point!');
Object
or undefined
The access log can be used as a replacement for the morgan
module,
keeping all of the logs in a consistent format and implicitly providing correlationId
for each request.
The request duration is automatically measured and stored in the duration field.
// access log will not be triggered for /status
// because it comes BEFORE acess log middleware
app.get('/status', (req, res) => res.send('healthy'));
// register access log middleware
app.use(logger.initAccessLog());
app.get('/', (req, res) => {
res.send('requests to this and further routes will be logged');
});
Options:
maxMessageLength=8000
for jsonTransformer// init access log and replace transformEntry
// so that it produces JSON when in production environment
app.use(logger.initAccessLog({
useJsonTransformer: process.env.NODE_ENV === 'production',
assignCorrelationId: true
}));
The access log middleware adds a field isAccessLog
to the log
entry, which is then removed in the default transformEntry
.
You can use this flag for special logic for messages coming from access log.
Returns the value of X-Correlation-ID
if provided in the header,
otherwise creates a new one using UUID v4.
app.get('/', (req, res) => {
res.send('correlationId is ' + logger.getCorrelationId(req));
});
Note getCorrelationId()
also sets X-Correlation-ID
header to current req,
thus if called twice it will return the same ID, and if called at least
once then the access log will already contain the correlation ID.
Assigns correlationId
to request
-compatible opts
-object.
It uses getCorrelationId()
internally meaning it has the same
side effect on current req.
const request = require('request');
app.get('/', (req, res, next) => {
request(logger.assignCorrelationid(req, {
uri: 'http://some.other.service/and/path'
}))
.then(() => {
res.send('correlationId is ' + logger.getCorrelationId(req));
})
.catch(next);
});
An alternative way when using superagent
:
const superagent = require('superagent');
app.get('/', (req, res, next) => {
superagent
.get('http://some.other.service/and/path')
.set('X-Correlation-ID', logger.getCorrelationId(req))
.end(function(err, res){
// Do something
});
});
For the most of the cases you should be fine with the functions above, but feel free to hack the library at your on risk.
logger.logFunctions is an object consisting of {info, warn, error, debug}
These functions can be used to override default core logging functions
(default core logging functions are console.info
,
console.debug
, console.warn
and console.error
).
You can either replace single functions, e.g.;
logger.logFunctions.error = (error) => { /* ... send email ... */ };
... or replace the entire logger.logFunctions object.
Params:
console.info/warn/error
Returns String
or undefined
.
Returning undefined
skips the current message.
Replacing this function allows customizing the log format and log filtering. By default a text transformer is used (logger.textTransformer). The text transformer supports displaying the following fields:
// switch to JSON transformer instead
logger.transformEntry = logger.jsonTransformer;
// custom text transformer
logger.transformEntry = (func, entry) => {
// suppress info logging, but keep access logs
if (!entry.isAccessLog && func === console.info) {
return;
}
// output logs as text instead of JSON
return entry.processTime + ' ' + entry.message;
};
Params:
null
Returns Object
.
Replacing this function allows you to alter metadata injection,
on the step BEFORE transformEntry
, e.g. if you want to inject
something from req
other than just correlationId
// extend makeEntry(), so that each record also includes HTTP method
const origianlMakeEntry = logger.makeEntry;
logger.makeEntry = (req, ...messages) => {
const result = origianlMakeEntry(req, ...messages);
if (req) {
result.method = req.method;
}
return result;
};
Params:
console.info
, console.warn
or console.error
The unferlying function for logger.info/warn/error
working with the logging object instead of trying to format mixed parameters
as a single message string. It will NOT call makeEntry
, so if you need
the context just call makeEntry
explicitly to prepare the initial entry.
You can use it to inject specific custom fields directly from your code. Most likely you want to set at least message and processTime properties to keep it consistent with the rest of the library.
logger.applyLogFunction(console.info, {
message: "balloon started",
color: "blue",
size: "medium",
processTime: (new Date()).toISOString()
});
... and yes, you can replace it to match you needs just like other functions above
Here is a sample of how you can replace the standard morgan access log just by changing the config:
{
"middleware": {
"logger": {
"route": "/((?!metrics|status|favicon.ico|robots.txt))*",
"priority": 0,
"module": {
"name": "microservice-chain-logger",
"method": "initAccessLog",
"arguments": [
{
"useJsonTransformer": true
}
]
}
}
}
}
... you may want to move the arguments
part to production.json
,
so that you get JSON in production environment only.
...See more advanced examples on github
MIT
FAQs
JSON logger for microservices with bundled Correlation ID and http-server access logging
The npm package microservice-chain-logger receives a total of 10 weekly downloads. As such, microservice-chain-logger popularity was classified as not popular.
We found that microservice-chain-logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.