Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
a tiny little log formatter for [pino](https://github.com/pinojs/pino).
a tiny little log formatter for pino.
yeah, i know, pino-colada...
...but is does some weird black box stuff, and i did not like some of the formatting, and i was generally not too happy about certain things, so...
i made pino-tiny!
pino-tiny is ran like any other pino output mangler, you run it as a process and pipe to it. first you need to install it. it's really not meant to be a production log formatter, so prolly install it in your project as a dev-dependency.
npm i -D pino-tiny
--or--
yarn add --dev pino-tiny
...run it with your application that is already using pino to log stuff...
$ node index.js | pino-tiny
Now you can tweak the output a bit with command line arguments
Options:
--help Show help
--version Show version number
-i, --hide-icons Hide level emoji icons.
-l, --hide-letters Hide level letters.
-t, --hide-timestamp Hide the timestamp.
-c, --hide-colors Remove ansi colors from output.
-w, --hide-web Hide web stats.
-m, --msg-key The key to use for message from the JSON log data.
...or put it in your package.json
file...
{
...
"scripts": {
"dev": "nodemon index.js | pino-tiny",
...
}
}
pino-tiny can be used in code too as a prettifier, if you want. here is how you set it up:
const { PinoTinyPrettifier } = require('pino-pretty')
const Pino = require('pino')
const logger = new Pino({
prettifier: PinoTinyPrettifier(/*{[options]}*/),
prettyPrint: true
})
logger.trace('trace message')
logger.debug('debug message')
logger.info('info message')
logger.warn('warn message')
logger.error('error message')
logger.fatal('fatal message')
The prettifier has the same options as the cli. Plus a filter function.
PinoTinyOptions {
hideIcons?: boolean
hideLetters?: boolean
hideTimestamp?: boolean
hideColors?: boolean
hideWeb?: boolean
msgKey?: string
filter?: (data: any) => any | undefined
}
The filter
option allows you to filter and process the log data. So you can do something like
// remove ansi colors and remove messages that have secrets.
const logger = new Pino({
prettifier: PinoTinyPrettifier(
{
hideColor: true,
filter:(data) => {
if (data.hasSecret) {
return { ...data, msg:'*** secret ***' }
} else {
return data
}
}
}
),
prettyPrint: true
})
pino-tiny runs like a process you pipe the output of your application into and it makes nice output. it also exports a function Run
that takes the filter option function as a parameter.
this allows you to control if a log entry gets printed, and you can mangle the output (in the msg property of the log). here is a ridiculous example:
const { Run } = require('pino-tiny')
function filter (data) {
if(data.msg.indexOf('happy') >= 0) {
// nothing happy gets out.
return false;
}
else {
// prepend msg with woah.
return {
...data,
msg: `[woah!] ${data.msg}`
}
}
}
//start the logger
Run(filter)
res
and req
properties in the log data, it will put dimmed request and response info (method, url, status code).msg
and message
in loggerFAQs
a tiny little log formatter for [pino](https://github.com/pinojs/pino).
The npm package pino-tiny receives a total of 184 weekly downloads. As such, pino-tiny popularity was classified as not popular.
We found that pino-tiny demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.