![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
sonic-boom
Advanced tools
Package description
The 'sonic-boom' npm package is a fast and efficient logging library designed for Node.js. It is optimized for high-performance logging, making it suitable for applications that require rapid and concurrent log writing. The package provides a simple API for writing logs to files and supports features like file rotation and asynchronous logging.
Basic Logging
This feature allows you to create a basic logger that writes log messages to a specified file. The example demonstrates how to initialize the logger, write a log message, and close the logger.
const SonicBoom = require('sonic-boom');
const logger = new SonicBoom({ dest: './log.txt' });
logger.write('Hello, World!\n');
logger.end();
Asynchronous Logging
Sonic-boom supports asynchronous logging, which can improve performance by not blocking the event loop. The example shows how to enable asynchronous logging by setting the 'sync' option to false.
const SonicBoom = require('sonic-boom');
const logger = new SonicBoom({ dest: './log.txt', sync: false });
logger.write('This is an async log message.\n');
logger.end();
File Rotation
This feature allows you to rotate log files when they reach a certain size. The example demonstrates how to set a minimum length for log files and how to reopen a new log file for continued logging.
const SonicBoom = require('sonic-boom');
const logger = new SonicBoom({ dest: './log.txt', minLength: 4096 });
logger.write('Log message that triggers rotation.\n');
logger.reopen('./new-log.txt');
Pino is a fast and low-overhead logging library for Node.js. It is designed for high-performance logging and offers features like JSON logging, log levels, and log rotation. Compared to sonic-boom, Pino provides a more comprehensive logging solution with additional features like serializers and transport streams.
Winston is a versatile logging library for Node.js that supports multiple transports (e.g., console, file, HTTP). It offers features like log levels, custom formats, and asynchronous logging. While Winston is more feature-rich and flexible, it may not be as performant as sonic-boom for high-throughput logging scenarios.
Bunyan is a simple and fast JSON logging library for Node.js. It provides features like log levels, serializers, and log rotation. Bunyan is similar to sonic-boom in terms of performance but focuses on JSON logging and structured log data, making it suitable for applications that require structured logging.
Readme
Extremely fast utf8-only stream implementation to write to files and file descriptors.
This implementation is partial, but support backpressure and .pipe()
in is here.
However, it is 20x faster than Node Core fs.createWriteStream()
:
benchSonic*1000: 476.229ms
benchCore*1000: 8250.532ms
benchSonic*1000: 478.423ms
benchCore*1000: 8096.463ms
Note that if this is used to log to a windows terminal (cmd.exe
or
powershell), it is needed to run chcp 65001
in the terminal to
correctly display utf-8 characters, see
chcp for more details.
npm i sonic-boom
'use strict'
const SonicBoom = require('sonic-boom')
const sonic = new SonicBoom(process.stdout.fd) // or '/path/to/destination'
for (var i = 0; i < 10; i++) {
sonic.write('hello sonic\n')
}
Creates a new instance of SonicBoom.
The first argument can be:
'a'
)fs.open
or
fs.openSync
.The second argument is the minimum length of the internal buffer that is required before flushing.
It will emit the 'ready'
event when a file descriptor is available.
Writes the string to the file. It will return false to signal the producer to slow down.
Writes the current buffer to the file if a write was not in progress.
Do nothing if minLength
is zero or if it is already writing.
Reopen the file in place, useful for log rotation.
Example:
const stream = new SonicBoom('./my.log')
process.on('SIGUSR2', function () {
stream.reopen()
})
Flushes the buffered data synchronously. This is a costly operation.
Closes the stream, the data will be flushed down asynchronously
Closes the stream immediately, the data is not flushed.
MIT
FAQs
Unknown package
The npm package sonic-boom receives a total of 4,689,927 weekly downloads. As such, sonic-boom popularity was classified as popular.
We found that sonic-boom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.