Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
The verror npm package provides utilities for constructing and formatting errors in Node.js applications. It allows for richer error information, chaining of errors, and better error handling mechanisms. This package is particularly useful for applications that require detailed error tracking and reporting.
Creating rich errors
This feature allows developers to create errors that can encapsulate more information than standard Error objects. It is useful for debugging and error tracking.
const VError = require('verror');
const err = new VError('This is a rich error with a cause.');
Chaining errors
Chaining errors enables developers to trace through a sequence of errors that led to a failure, making it easier to understand the context and root cause of an issue.
const VError = require('verror');
const cause = new Error('cause');
const err = new VError(cause, 'A higher-level error.');
Formatting error messages
This feature allows for the inclusion of additional information within error objects and provides a structured way to access this information. It's particularly useful for logging and reporting errors with specific codes or data.
const VError = require('verror');
const err = new VError({
name: 'MyError',
info: { errorCode: 'E123' }
}, 'An error occurred.');
const info = VError.info(err);
console.log(info.errorCode); // Outputs: E123
Winston is a multi-transport async logging library for Node.js. While primarily focused on logging rather than error handling, it shares the goal of providing rich information for debugging purposes. Unlike verror, winston is more about logging levels and transports rather than constructing and chaining errors.
Pino is a very low overhead Node.js logger, which, like winston, focuses on logging rather than error handling. It provides mechanisms for structured logging and performance. Pino and verror serve different aspects of application diagnostics; pino does not offer features for error object enhancement or chaining.
This module provides several classes in support of Joyent's Best Practices for Error Handling in Node.js. If you find any of the behavior here confusing or surprising, check out that document first.
The error classes here support:
The classes here are:
First, install the package:
npm install verror
If nothing else, you can use VError as a drop-in replacement for the built-in JavaScript Error class, with the addition of printf-style messages:
var err = new VError('missing file: "%s"', '/etc/passwd');
console.log(err.message);
This prints:
missing file: "/etc/passwd"
You can also pass a cause
argument, which is any other Error object:
var fs = require('fs');
var filename = '/nonexistent';
fs.stat(filename, function (err1) {
var err2 = new VError(err1, 'stat "%s"', filename);
console.error(err2.message);
});
This prints out:
stat "/nonexistent": ENOENT, stat '/nonexistent'
which resembles how Unix programs typically report errors:
$ sort /nonexistent
sort: open failed: /nonexistent: No such file or directory
To match the Unixy feel, when you print out the error, just prepend the
program's name to the VError's message
. Or just call
node-cmdutil.fail(your_verror), which
does this for you.
You can get the next-level Error using err.cause()
:
console.error(err2.cause().message);
prints:
ENOENT, stat '/nonexistent'
Of course, you can chain these as many times as you want, and it works with any kind of Error:
var err1 = new Error('No such file or directory');
var err2 = new VError(err1, 'failed to stat "%s"', '/junk');
var err3 = new VError(err2, 'request failed');
console.error(err3.message);
This prints:
request failed: failed to stat "/junk": No such file or directory
The idea is that each layer in the stack annotates the error with a description of what it was doing. The end result is a message that explains what happened at each level.
You can also decorate Error objects with additional information so that callers can not only handle each kind of error differently, but also construct their own error messages (e.g., to localize them, format them, group them by type, and so on). See the example below.
The two main goals for VError are:
"ip": "192.168.1.2"
and "tcpPort": 80
. This can be used
for feeding into monitoring systems, analyzing large numbers of Errors (as
from a log file), or localizing error messages.To really make this useful, it also needs to be easy to compose Errors:
higher-level code should be able to augment the Errors reported by lower-level
code to provide a more complete description of what happened. Instead of saying
"connection refused", you can say "operation X failed: connection refused".
That's why VError supports causes
.
In order for all this to work, programmers need to know that it's generally safe to wrap lower-level Errors with higher-level ones. If you have existing code that handles Errors produced by a library, you should be able to wrap those Errors with a VError to add information without breaking the error handling code. There are two obvious ways that this could break such consumers:
name
to determine what
kind of Error they've got. To ensure compatibility, you can create VErrors
with custom names, but this approach isn't great because it prevents you from
representing complex failures. For this reason, VError provides
findCauseByName
, which essentially asks: does this Error or any of its
causes have this specific type? If error handling code uses
findCauseByName
, then subsystems can construct very specific causal chains
for debuggability and still let people handle simple cases easily. There's an
example below.name
, message
, and stack
, but also fileName
,
lineNumber
, and a few others. Plus, it's useful for some Error subclasses
to have their own private properties -- and there'd be no way to know whether
these should be copied. For these reasons, VError first-classes these
information properties. You have to provide them in the constructor, you can
only fetch them with the info()
function, and VError takes care of making
sure properties from causes wind up in the info()
output.Let's put this all together with an example from the node-fast RPC library. node-fast implements a simple RPC protocol for Node programs. There's a server and client interface, and clients make RPC requests to servers. Let's say the server fails with an UnauthorizedError with message "user 'bob' is not authorized". The client wraps all server errors with a FastServerError. The client also wraps all request errors with a FastRequestError that includes the name of the RPC call being made. The result of this failed RPC might look like this:
name: FastRequestError
message: "request failed: server error: user 'bob' is not authorized"
rpcMsgid: <unique identifier for this request>
rpcMethod: GetObject
cause:
name: FastServerError
message: "server error: user 'bob' is not authorized"
cause:
name: UnauthorizedError
message: "user 'bob' is not authorized"
rpcUser: "bob"
When the caller uses VError.info()
, the information properties are collapsed
so that it looks like this:
message: "request failed: server error: user 'bob' is not authorized"
rpcMsgid: <unique identifier for this request>
rpcMethod: GetObject
rpcUser: "bob"
Taking this apart:
findCauseByName('FastServerError')
rather than checking the name
field directly.It's not expected that you'd use these complex forms all the time. Despite supporting the complex case above, you can still just do:
new VError("my service isn't working");
for the simple cases.
VError, WError, and SError are convenient drop-in replacements for Error
that
support printf-style arguments, first-class causes, informational properties,
and other useful features.
The VError constructor has several forms:
/*
* This is the most general form. You can specify any supported options
* (including "cause" and "info") this way.
*/
new VError(options, sprintf_args...)
/*
* This is a useful shorthand when the only option you need is "cause".
*/
new VError(cause, sprintf_args...)
/*
* This is a useful shorthand when you don't need any options at all.
*/
new VError(sprintf_args...)
All of these forms construct a new VError that behaves just like the built-in
JavaScript Error
class, with some additional methods described below.
In the first form, options
is a plain object with any of the following
optional properties:
Option name | Type | Meaning |
---|---|---|
name | string | Describes what kind of error this is. This is intended for programmatic use to distinguish between different kinds of errors. Note that in modern versions of Node.js, this name is ignored in the stack property value, but callers can still use the name property to get at it. |
cause | any Error object | Indicates that the new error was caused by cause . See cause() below. If unspecified, the cause will be null . |
strict | boolean | If true, then null and undefined values in sprintf_args are passed through to sprintf() . Otherwise, these are replaced with the strings 'null' , and 'undefined ', respectively. |
constructorOpt | function | If specified, then the stack trace for this error ends at function constructorOpt . Functions called by constructorOpt will not show up in the stack. This is useful when this class is subclassed. |
info | object | Specifies arbitrary informational properties that are available through the VError.info(err) static class method. See that method for details. |
The second form is equivalent to using the first form with the specified cause
as the error's cause. This form is distinguished from the first form because
the first argument is an Error.
The third form is equivalent to using the first form with all default option values. This form is distinguished from the other forms because the first argument is not an object or an Error.
The WError
constructor is used exactly the same way as the VError
constructor. The SError
constructor is also used the same way as the
VError
constructor except that in all cases, the strict
property is
overriden to `true.
VError
, WError
, and SError
all provide the same public properties as
JavaScript's built-in Error objects.
Property name | Type | Meaning |
---|---|---|
name | string | Programmatically-usable name of the error. |
message | string | Human-readable summary of the failure. Programmatically-accessible details are provided through VError.info(err) class method. |
stack | string | Human-readable stack trace where the Error was constructed. |
For all of these classes, the printf-style arguments passed to the constructor
are processed with sprintf()
to form a message. For WError
, this becomes
the complete message
property. For SError
and VError
, this message is
prepended to the message of the cause, if any (with a suitable separator), and
the result becomes the message
property.
The stack
property is managed entirely by the underlying JavaScript
implementation. It's generally implemented using a getter function because
constructing the human-readable stack trace is somewhat expensive.
The following methods are defined on the VError
class and as exported
functions on the verror
module. They're defined this way rather than using
methods on VError instances so that they can be used on Errors not created with
VError
.
VError.cause(err)
The cause()
function returns the next Error in the cause chain for err
, or
null
if there is no next error. See the cause
argument to the constructor.
Errors can have arbitrarily long cause chains. You can walk the cause
chain
by invoking VError.cause(err)
on each subsequent return value. If err
is
not a VError
, the cause is null
.
VError.info(err)
Returns an object with all of the extra error information that's been associated
with this Error and all of its causes. These are the properties passed in using
the info
option to the constructor. Properties not specified in the
constructor for this Error are implicitly inherited from this error's cause.
These properties are intended to provide programmatically-accessible metadata about the error. For an error that indicates a failure to resolve a DNS name, informational properties might include the DNS name to be resolved, or even the list of resolvers used to resolve it. The values of these properties should generally be plain objects (i.e., consisting only of null, undefined, numbers, booleans, strings, and objects and arrays containing only other plain objects).
VError.fullStack(err)
Returns a string containing the full stack trace, with all nested errors recursively
reported as 'caused by:' + err.stack
.
VError.findCauseByName(err, name)
The findCauseByName()
function traverses the cause chain for err
, looking
for an error whose name
property matches the passed in name
value. If no
match is found, null
is returned.
If all you want is to know whether there's a cause (and you don't care what it
is), you can use VError.hasCauseWithName(err, name)
.
If a vanilla error or a non-VError error is passed in, then there is no cause
chain to traverse. In this scenario, the function will check the name
property of only err
.
VError.hasCauseWithName(err, name)
Returns true if and only if VError.findCauseByName(err, name)
would return
a non-null value. This essentially determines whether err
has any cause in
its cause chain that has name name
.
VError.errorFromList(errors)
Given an array of Error objects (possibly empty), return a single error representing the whole collection of errors. If the list has:
null
This is useful for cases where an operation may produce any number of errors,
and you ultimately want to implement the usual callback(err)
pattern. You can
accumulate the errors in an array and then invoke
callback(VError.errorFromList(errors))
when the operation is complete.
VError.errorForEach(err, func)
Convenience function for iterating an error that may itself be a MultiError.
In all cases, err
must be an Error. If err
is a MultiError, then func
is
invoked as func(errorN)
for each of the underlying errors of the MultiError.
If err
is any other kind of error, func
is invoked once as func(err)
. In
all cases, func
is invoked synchronously.
This is useful for cases where an operation may produce any number of warnings that may be encapsulated with a MultiError -- but may not be.
This function does not iterate an error's cause chain.
The "Demo" section above covers several basic cases. Here's a more advanced case:
var err1 = new VError('something bad happened');
/* ... */
var err2 = new VError({
'name': 'ConnectionError',
'cause': err1,
'info': {
'errno': 'ECONNREFUSED',
'remote_ip': '127.0.0.1',
'port': 215
}
}, 'failed to connect to "%s:%d"', '127.0.0.1', 215);
console.log(err2.message);
console.log(err2.name);
console.log(VError.info(err2));
console.log(err2.stack);
This outputs:
failed to connect to "127.0.0.1:215": something bad happened
ConnectionError
{ errno: 'ECONNREFUSED', remote_ip: '127.0.0.1', port: 215 }
ConnectionError: failed to connect to "127.0.0.1:215": something bad happened
at Object.<anonymous> (/home/dap/node-verror/examples/info.js:5:12)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:935:3
Information properties are inherited up the cause chain, with values at the top of the chain overriding same-named values lower in the chain. To continue that example:
var err3 = new VError({
'name': 'RequestError',
'cause': err2,
'info': {
'errno': 'EBADREQUEST'
}
}, 'request failed');
console.log(err3.message);
console.log(err3.name);
console.log(VError.info(err3));
console.log(err3.stack);
This outputs:
request failed: failed to connect to "127.0.0.1:215": something bad happened
RequestError
{ errno: 'EBADREQUEST', remote_ip: '127.0.0.1', port: 215 }
RequestError: request failed: failed to connect to "127.0.0.1:215": something bad happened
at Object.<anonymous> (/home/dap/node-verror/examples/info.js:20:12)
at Module._compile (module.js:456:26)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:935:3
You can also print the complete stack trace of combined Error
s by using
VError.fullStack(err).
var err1 = new VError('something bad happened');
/* ... */
var err2 = new VError(err1, 'something really bad happened here');
console.log(VError.fullStack(err2));
This outputs:
VError: something really bad happened here: something bad happened
at Object.<anonymous> (/home/dap/node-verror/examples/fullStack.js:5:12)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
at Function.Module._load (module.js:300:12)
at Function.Module.runMain (module.js:441:10)
at startup (node.js:139:18)
at node.js:968:3
caused by: VError: something bad happened
at Object.<anonymous> (/home/dap/node-verror/examples/fullStack.js:3:12)
at Module._compile (module.js:409:26)
at Object.Module._extensions..js (module.js:416:10)
at Module.load (module.js:343:32)
at Function.Module._load (module.js:300:12)
at Function.Module.runMain (module.js:441:10)
at startup (node.js:139:18)
at node.js:968:3
VError.fullStack
is also safe to use on regular Error
s, so feel free to use
it whenever you need to extract the stack trace from an Error
, regardless if
it's a VError
or not.
MultiError is an Error class that represents a group of Errors. This is used when you logically need to provide a single Error, but you want to preserve information about multiple underlying Errors. A common case is when you execute several operations in parallel and some of them fail.
MultiErrors are constructed as:
new MultiError(error_list)
error_list
is an array of at least one Error
object.
The cause of the MultiError is the first error provided. None of the other
VError
options are supported. The message
for a MultiError consists the
message
from the first error, prepended with a message indicating that there
were other errors.
For example:
err = new MultiError([
new Error('failed to resolve DNS name "abc.example.com"'),
new Error('failed to resolve DNS name "def.example.com"'),
]);
console.error(err.message);
outputs:
first of 2 errors: failed to resolve DNS name "abc.example.com"
See the convenience function VError.errorFromList
, which is sometimes simpler
to use than this constructor.
errors()
Returns an array of the errors used to construct this MultiError.
See separate contribution guidelines.
FAQs
richer JavaScript errors
The npm package verror receives a total of 6,165,049 weekly downloads. As such, verror popularity was classified as popular.
We found that verror demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 14 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.