Gathering detailed insights and metrics for koa2-winston
Gathering detailed insights and metrics for koa2-winston
Installations
npm install koa2-winstonDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Min. Node Version
>=8
Node Version
22.4.1
NPM Version
10.8.1
Releases
9
Languages
1
JavaScript
JavaScript (100%)
Developer
yidinghan
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
37 Stars
258 Commits
7 Forks
1 Watchers
19 Branches
5 Contributors
Updated on Apr 28, 2025
Maintainers
1
Package Meta Information
Latest Version
3.2.1
Package Id
koa2-winston@3.2.1
Unpacked Size
50.86 kB
Size
11.20 kB
File Count
9
NPM Version
10.8.1
Node Version
22.4.1
Published on
Oct 24, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
koa2-winston
koa2 version winston logger like express-winston
Add logger to your koa2 server in 3 lines
Usage
Installation
1npm i --save koa2-winston
Quick Start
1const { logger } = require('koa2-winston'); 2app.use(logger());
request log will look like
1{ 2 "req": { 3 "header": { 4 "host": "localhost:3000", 5 "connection": "keep-alive", 6 "upgrade-insecure-requests": "1", 7 "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36", 8 "accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", 9 "dnt": "1", 10 "accept-encoding": "gzip, deflate, sdch, br", 11 "accept-language": "zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4,de;q=0.2,ja;q=0.2,it;q=0.2" 12 }, 13 "url": "/hello", 14 "method": "GET", 15 "href": "http://localhost:3000/hello", 16 "query": {} 17 }, 18 "started_at": 1494554053492, 19 "res": { 20 "header": { 21 "content-type": "application/json; charset=utf-8", 22 "content-length": "16" 23 }, 24 "status": 200 25 }, 26 "duration": 8, 27 "level": "info", 28 "message": "HTTP GET /hello" 29}
Configuration
Each parameter has a default value, and you can customize your logger by changing the configuration
1app.use( 2 logger({ 3 transports: new winston.transports.Console({ json: true, stringify: true }), 4 level: 'info', 5 reqKeys: [ 6 'header', 7 'url', 8 'method', 9 'httpVersion', 10 'href', 11 'query', 12 'length', 13 ], 14 reqSelect: [], 15 reqUnselect: ['header.cookie'], 16 resKeys: ['header', 'status'], 17 resSelect: [], 18 resUnselect: [], 19 }) 20);
Many configuration explain can be found in logger
Examples
Do not record any request fields
1app.use( 2 logger({ 3 reqKeys: [], 4 }) 5);
The req object will be empty
1{ 2 "req": {}, 3 "started_at": 1494486039864, 4 "res": { 5 "header": { 6 "content-type": "text/plain; charset=utf-8", 7 "content-length": "8" 8 }, 9 "status": 200 10 }, 11 "duration": 26, 12 "level": "info", 13 "message": "HTTP GET /" 14}
Do not record any response fields
1app.use( 2 logger({ 3 resKeys: [], 4 }) 5);
The res object will be empty
1{ 2 "req": { 3 "header": { 4 "host": "127.0.0.1:59534", 5 "accept-encoding": "gzip, deflate", 6 "user-agent": "node-superagent/3.5.2", 7 "connection": "close" 8 }, 9 "url": "/", 10 "method": "GET", 11 "href": "http://127.0.0.1:59534/", 12 "query": {} 13 }, 14 "started_at": 1494486039864, 15 "res": {}, 16 "duration": 26, 17 "level": "info", 18 "message": "HTTP GET /" 19}
Do not record UA
1app.use( 2 logger({ 3 reqUnselect: ['header.cookie', 'header.user-agent'], 4 }) 5);
The UA of request will be ignored
1{ 2 "req": { 3 "header": { 4 "host": "127.0.0.1:59534", 5 "accept-encoding": "gzip, deflate", 6 "connection": "close" 7 }, 8 "url": "/", 9 "method": "GET", 10 "href": "http://127.0.0.1:59534/", 11 "query": {} 12 }, 13 "started_at": 1494486039864, 14 "res": { 15 "header": { 16 "content-type": "text/plain; charset=utf-8", 17 "content-length": "8" 18 }, 19 "status": 200 20 }, 21 "duration": 26, 22 "level": "info", 23 "message": "HTTP GET /" 24}
Record a response body filed
1app.use( 2 logger({ 3 resSelect: ['body.success'], 4 }) 5);
The success field on body will be recorded
1{ 2 "req": { 3 "header": { 4 "host": "127.0.0.1:59534", 5 "accept-encoding": "gzip, deflate", 6 "connection": "close" 7 }, 8 "url": "/", 9 "method": "GET", 10 "href": "http://127.0.0.1:59534/", 11 "query": {} 12 }, 13 "started_at": 1494486039864, 14 "res": { 15 "header": { 16 "content-type": "text/plain; charset=utf-8", 17 "content-length": "8" 18 }, 19 "status": 200, 20 "body": { 21 // Any possible value given by the server 22 "success": false 23 } 24 }, 25 "duration": 26, 26 "level": "info", 27 "message": "HTTP GET /" 28}
Simple Benchmark
At node 8.2
middleware x 90,281 ops/sec ±7.89% (13 runs sampled)
At node 8.4
middleware x 112,011 ops/sec ±10.26% (18 runs sampled)
Schema Stringify
With fast-json-stringify support, default transport logger is much faster
1total ops/sec { jsonstringify: 73544 } 2▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ 3total ops/sec { schemastringify: 90223 } 4▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
schemastringify is 1.23x faster then jsonstringify in this case
v1.7.1 vs v2.4.0
1total ops/sec { 'v1.7.1': 111416 } 2▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ 3total ops/sec { 'v2.4.0': 131234 } 4▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
v2.4.0 is 1.18x faster then v1.7.1 in this case
Math.floor vs parseInt
Related commit in HERE
JSPerf link in HERE
Testing in Chrome 70.0.3505 / Mac OS X 10.13.5
parseInt(401 / 100, 10) { 160,092,130 Ops/sec }
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
Math.floor(401 / 100) { 810,032,369 Ops/sec }
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
Math.floor is 5.06x faster then parseInt in this case
v3
Finally, winston v3 support. But winston will install as dependencies not peerDependencies.
With better backward compatibility, users don't have to worry about the new version of koa2-winston will conflict with other winston usage in the project.
v3.1
The fastest koa2-winston ever. Nearly 3x faster than previous versions.
1total ops/sec { 'v3.0.2': 180020 } 2▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ 3total ops/sec { 'v3.1.0': 541854 } 4▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓
The above statistics come from
npm run bench.
Biggest change
- Remove key recorder
- Generate json-schema for fast-json-stringify, not only for object serialization (log message), but also as key selector.
- Log info object key rename.
1- {req,res}.headers 2+ {req,res}.header
JSDoc
Table of Contents
logger
logger middleware for koa2 use winston
Parameters
payloadobject input arguments (optional, default{})payload.transportsArray<object> customize transports (optional, default[newwinston.transports.Stream({stream:process.stdout})])payload.levelstring default log level of logger (optional, default'info')payload.reqKeysstring default request fields to be logged (optional, default['header','url','method','httpVersion','href','query','length'])payload.reqSelectstring additional request fields to be logged (optional, default[])payload.reqUnselectstring request field will be removed from the log (optional, default['header.cookie'])payload.resKeysstring default response fields to be logged (optional, default['header','status'])payload.resSelectstring additional response fields to be logged (optional, default[])payload.resUnselectstring response field will be removed from the log (optional, default[])payload.loggerwinston.transports.StreamTransportInstance? customize winston loggerpayload.msgstring customize log msg (optional, defaultHTTP%s%s)
Examples
1const { logger } = require('koa2-winston'); 2app.use(logger()); 3// request logger look like down here 4// { 5// "req": { 6// "header": { 7// "host": "127.0.0.1:59534", 8// "accept-encoding": "gzip, deflate", 9// "user-agent": "node-superagent/3.5.2", 10// "connection": "close" 11// }, 12// "url": "/", 13// "method": "GET", 14// "href": "http://127.0.0.1:59534/", 15// "query": {} 16// }, 17// "started_at": 1494486039864, 18// "res": { 19// "header": { 20// "content-type": "text/plain; charset=utf-8", 21// "content-length": "8" 22// }, 23// "status": 200 24// }, 25// "duration": 26, 26// "level": "info", 27// "message": "HTTP GET /" 28// }
Returns function logger middleware
asJsonSchemaPath
Parameters
pathstring
ensureTypeObject
Parameters
schemaobject generated json schema
schemaKeysHandlerFn
Type: Function
Parameters
pathstring
schemaKeysHandler
Parameters
keysArray<string> schema keyshandlerschemaKeysHandlerFn assign path
generateSchema
logger middleware for koa2 use winston
Parameters
payloadobject input arguments (optional, default{})payload.reqKeysArray<string> default request fields to be logged (optional, default['header','url','method','httpVersion','href','query','length'])payload.reqSelectArray<string> additional request fields to be logged (optional, default[])payload.reqUnselectArray<string> request field will be removed from the log (optional, default['header.cookie'])payload.resKeysArray<string> default response fields to be logged (optional, default['header','status'])payload.resSelectArray<string> additional response fields to be logged (optional, default[])payload.resUnselectArray<string> response field will be removed from the log (optional, default[])
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 3/28 approved changesets -- score normalized to 1
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m
- Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m
- Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-g3ch-rx76-35fx
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/yidinghan/koa2-winston/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/yidinghan/koa2-winston/node.js.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:22
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 5 are checked with a SAST tool
Score
2.7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More