Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
winston-daily-rotate-file
Advanced tools
A transport for winston which logs to a rotating file each day.
The winston-daily-rotate-file npm package is a transport plugin for the winston logger that outputs log messages to a file, rotating the file automatically based on time, size, or both. It is commonly used to manage log files, ensuring they are kept to a manageable size and are rotated out over time for archival purposes.
Time-based log rotation
This feature allows logs to be rotated daily. The '%DATE%' pattern in the filename is replaced with the current date in the 'YYYY-MM-DD' format. Logs older than 14 days are deleted, and logs are zipped when they are rotated.
const winston = require('winston');
const DailyRotateFile = require('winston-daily-rotate-file');
const logger = winston.createLogger({
transports: [
new DailyRotateFile({
filename: 'application-%DATE%.log',
datePattern: 'YYYY-MM-DD',
zippedArchive: true,
maxSize: '20m',
maxFiles: '14d'
})
]
});
Size-based log rotation
This feature allows logs to be rotated when they reach a certain size. In this example, the log file is rotated when it reaches 20 megabytes. The 'maxFiles' option is set to 5, which means that a maximum of 5 rotated log files will be kept.
const winston = require('winston');
const DailyRotateFile = require('winston-daily-rotate-file');
const logger = winston.createLogger({
transports: [
new DailyRotateFile({
filename: 'application-%DATE%.log',
datePattern: 'YYYY-MM-DD',
zippedArchive: true,
maxSize: '20m',
maxFiles: '5'
})
]
});
Customizable file compression
This feature allows the rotated log files to be compressed using gzip. The 'zippedArchive' option is set to true, enabling this functionality.
const winston = require('winston');
const DailyRotateFile = require('winston-daily-rotate-file');
const logger = winston.createLogger({
transports: [
new DailyRotateFile({
filename: 'application-%DATE%.log',
datePattern: 'YYYY-MM-DD',
zippedArchive: true
})
]
});
This package provides a stream that writes logs to a file and rotates it based on time or size, similar to winston-daily-rotate-file. It is not tied to any specific logging library and can be used with any Node.js stream-compatible logging tool.
Similar to winston-daily-rotate-file, this package is used to rotate logs on a time basis. It does not depend on winston and can be used independently to manage log file rotation in any Node.js application.
This package is a rotating file stream for the Bunyan logging library. It offers functionality similar to winston-daily-rotate-file but is specifically designed to work with Bunyan instead of winston.
A transport for winston which logs to a rotating file. Logs can be rotated based on a date, size limit, and old logs can be removed based on count or elapsed days.
Starting with version 2.0.0, the transport has been refactored to leverage the the file-stream-rotator module. Some of the options in the 1.x versions of the transport have changed. Please review the options below to identify any changes needed.
Please note that if you are using winston@2
, you will need to use winston-daily-rotate-file@3
. winston-daily-rotate-file@4
removed support for winston@2
.
npm install winston-daily-rotate-file
The DailyRotateFile transport can rotate files by minute, hour, day, month, year or weekday. In addition to the options accepted by the logger, winston-daily-rotate-file
also accepts the following options:
datePattern
for the rotation times. (default: null)%DATE%
placeholder which will include the formatted datePattern at that point in the filename. (default: 'winston.log.%DATE%'){ flags: 'a' }
) var winston = require('winston');
require('winston-daily-rotate-file');
var transport = new winston.transports.DailyRotateFile({
filename: 'application-%DATE%.log',
datePattern: 'YYYY-MM-DD-HH',
zippedArchive: true,
maxSize: '20m',
maxFiles: '14d'
});
transport.on('rotate', function(oldFilename, newFilename) {
// do something fun
});
var logger = winston.createLogger({
transports: [
transport
]
});
logger.info('Hello World!');
import * as winston from 'winston';
import 'winston-daily-rotate-file';
const transport = new winston.transports.DailyRotateFile({
filename: 'application-%DATE%.log',
datePattern: 'YYYY-MM-DD-HH',
zippedArchive: true,
maxSize: '20m',
maxFiles: '14d'
});
transport.on('rotate', function(oldFilename, newFilename) {
// do something fun
});
const logger = winston.createLogger({
transports: [
transport
]
});
logger.info('Hello World!');
import * as winston from 'winston';
import DailyRotateFile from 'winston-daily-rotate-file';
const transport: DailyRotateFile = new DailyRotateFile({
filename: 'application-%DATE%.log',
datePattern: 'YYYY-MM-DD-HH',
zippedArchive: true,
maxSize: '20m',
maxFiles: '14d'
});
transport.on('rotate', function(oldFilename, newFilename) {
// do something fun
});
const logger = winston.createLogger({
transports: [
transport
]});
logger.info('Hello World!');
This transport emits the following custom events:
MIT
FAQs
A transport for winston which logs to a rotating file each day.
We found that winston-daily-rotate-file demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.