Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
we-js-logger
Advanced tools
A logger for Node and Browser JS with Rollbar and Logentries transports
Logger for node processes and browser applications with transports to Rollbar and Logentries
This is an opinionated logger for JS applications:
import Logger from 'we-js-logger';
const log = new Logger({
name: 'my-logger',
environment: 'production',
level: 'debug',
codeVersion: process.env.SHA_VERSION,
logentriesToken: process.env.LOGENTRIES_TOKEN,
rollbarToken: process.env.ROLLBAR_TOKEN,
scrubFields: ['password'], // blacklist field keys being sent through logger
});
This package can be used via npm
and node
with no special considerations.
This package exposes a client
build for browser usage. It is referenced in the browser
field of package.json
, so module loaders that follow this spec will load it easily.
For example, we commonly use webpack
to load this module.
TODO document webpack setup
See https://github.com/wework/we-js-logger/blob/master/API.md#we-js-loggerutillogger for API documentation
log.fatal({ err }, 'Application crashing because something terrible happened.');
log.error({ err, req }, 'API request failed');
log.info({ action }, 'Something relevant happened')
log.debug({ event, action }, 'Something useful for developers happened');
See https://github.com/trentm/node-bunyan#log-method-api for more detail.
More docs coming soon.
Providing the Logger
constructor a logentriesToken
option enables this transport.
This library will initialize Rollbar See https://rollbar.com/docs/notifier/rollbar.js/#quick-start-server for documentation on setting up Rollbar for node processes.
For browser usage, this library expects Rollbar to be loaded via their quick-start script tag. This also allows Rollbar to capture any errors before the logger's initialization code, if that's important to you.
See https://rollbar.com/docs/notifier/rollbar.js/#quick-start-browser for documentation on setting up Rollbar for browser applications
In lieu of a formal style guide, please ensure PRs follow the conventions present, and have been properly linted and tested. Feel free to open issues to discuss.
Be aware this module is tested in both browser and node runtimes.
Runs all tests, static analysis, and bundle for distribution
$ npm start
Runs browser and node tests
$ npm test
Runs browser tests via PhantomJS only
$ npm run test:browser
Runs browser tests via SauceLabs only
$ SAUCELABS=true npm run test:browser
Runs node tests only
$ npm run test:node
Runs browser and node tests in watch mode, re-bundles on src file change
$ npm run tdd
Regenerate API.md
docs from JSDoc comments
$ npm run docs
Packages client and node bundles for distribution, output to /dist
$ npm run bundle
Lints, cleans, bundles, and generates docs for distribution, output to /dist
$ npm run dist
We're using np
to simplify publishing to git + npm. A changelog and docs are generated as part of this script.
$ npm run release <semver level/version>
$ npm run release patch # patch release
$ npm run release 100.10.1 # release specific version
FAQs
A logger for Node and Browser JS with Rollbar and Logentries transports
We found that we-js-logger demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.