Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
pino-pretty
Advanced tools
The pino-pretty npm package is a module that can be used to format logs produced by Pino, a Node.js logging library. It takes raw log lines in JSON format and transforms them into a more human-readable form. This is particularly useful during development when you need to quickly understand log output.
Pretty Printing
This feature allows you to format your logs in a more readable way, with options such as colorization for different log levels.
const pino = require('pino');
const pretty = require('pino-pretty');
const stream = pretty({ colorize: true });
const logger = pino(stream);
logger.info('This is a pretty-printed log message.');
Custom Log Formatting
Pino-pretty allows for custom log formatting, including options to translate timestamps and ignore certain fields.
const pino = require('pino');
const pretty = require('pino-pretty');
const stream = pretty({
translateTime: 'SYS:standard',
ignore: 'pid,hostname'
});
const logger = pino(stream);
logger.info('Custom formatted log message.');
Integration with Pino Logger
Pino-pretty can be seamlessly integrated with Pino logger to provide pretty-printing capabilities directly within the logger configuration.
const pino = require('pino');
const logger = pino({
prettyPrint: {
colorize: true
}
});
logger.info('Integrated pino-pretty with Pino logger.');
Bunyan is a simple and fast JSON logging library for node.js services. It comes with a CLI tool for pretty-printing bunyan log output. Compared to pino-pretty, Bunyan provides its own logging capabilities, whereas pino-pretty is specifically designed to format Pino logs.
Winston is a multi-transport async logging library for Node.js. It supports custom formatting and multiple logging transports. Unlike pino-pretty, which is focused on pretty-printing, Winston offers a broader set of logging features including transports for logging to various outputs.
Morgan is an HTTP request logger middleware for Node.js. It can format logs in predefined or custom formats. While morgan is used for logging HTTP requests in web applications, pino-pretty is used for general purpose log formatting.
This module provides a basic log prettifier for the Pino logging library. It reads a standard Pino log line like:
{"level":30,"time":1522431328992,"msg":"hello world","pid":42,"hostname":"foo","v":1}
And formats it to:
[1522431328992] INFO (42 on foo): hello world
Using the example script from the Pino module, and specifying that logs should be colored and the time translated, we can see what the prettified logs will look like:
$ npm install -g pino-pretty
It's recommended to use pino-pretty
with pino
by piping output to the CLI tool:
pino app.js | pino-pretty
--colorize
(-c
): Adds terminal color escape sequences to the output.--crlf
(-f
): Appends carriage return and line feed, instead of just a line
feed, to the formatted log line.--errorProps
(-e
): When formatting an error object, display this list
of properties. The list should be a comma separated list of properties Default: ''
.--levelFirst
(-l
): Display the log level name before the logged date and time.--errorLikeObjectKeys
(-k
): Define the log keys that are associated with
error like objects. Default: err,error
.--messageKey
(-m
): Define the key that contains the main log message.
Default: msg
.--translateTime
(-t
): Translate the epoch time value into a human readable
date and time string. This flag also can set the format string to apply when
translating the date to human readable format. For a list of available pattern
letters see the dateformat
documentation.
yyyy-mm-dd HH:MM:ss.l o
in UTC.SYS:
prefix to translate time to the local system's timezone. A
shortcut SYS:standard
to translate time to yyyy-mm-dd HH:MM:ss.l o
in
system timezone.--search
(-s
): Specify a search pattern according to
jmespath.--ignore
(-i
): Ignore one or several keys: (-i time,hostname
)We recommend against using pino-pretty
in production, and highly
recommend installing pino-pretty
as a development dependency.
When installed, pino-pretty
will be used by pino
as the default
prettifier.
Install pino-pretty
alongside pino
and set the
prettyPrint
option to true
:
const pino = require('pino')
const logger = pino({
prettyPrint: true
})
logger.info('hi')
The prettyPrint
option can also be an object containing pretty-print
options:
const pino = require('pino')
const logger = pino({
prettyPrint: { colorize: true }
})
logger.info('hi')
See the Options section for all possible options.
pino-pretty
exports a factory function that can be used to format log strings.
This factory function is used internally by pino, and accepts an options argument
with keys corresponding to the options described in CLI Arguments:
{
colorize: chalk.supportsColor, // --colorize
crlf: false, // --crlf
errorLikeObjectKeys: ['err', 'error'], // --errorLikeObjectKeys
errorProps: '', // --errorProps
levelFirst: false, // --levelFirst
messageKey: 'msg', // --messageKey
translateTime: false, // --translateTime
search: 'foo == `bar`', // --search
ignore: 'pid,hostname' // --ignore
}
The colorize
default follows
`chalk.supportsColor.
MIT License
FAQs
Prettifier for Pino log lines
The npm package pino-pretty receives a total of 3,436,547 weekly downloads. As such, pino-pretty popularity was classified as popular.
We found that pino-pretty demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.