Gathering detailed insights and metrics for log4js
Gathering detailed insights and metrics for log4js
Installations
npm install log4jsReleases
Unable to fetch releases
Developer
Developer Guide
BETA
Module System
CommonJS, UMD
Min. Node Version
>=8.0
Typescript Support
Yes
Node Version
16.19.1
NPM Version
8.19.3
Statistics
5,806 Stars
2,219 Commits
770 Forks
112 Watching
15 Branches
155 Contributors
Updated on 26 Nov 2024
Bundle Size
37.34 kB
Minified
12.61 kB
Minified + Gzipped
Languages
JavaScript (98.3%)
TypeScript (1.65%)
Shell (0.04%)
Total Downloads
Cumulative downloads
Total Downloads
1,007,089,064
Last day
-1.9%
981,968
Compared to previous day
Last week
3.2%
5,208,691
Compared to previous week
Last month
13%
21,327,588
Compared to previous month
Last year
15.2%
206,641,865
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Versions
log4js-node 
This is a conversion of the log4js framework to work with node. I started out just stripping out the browser-specific code and tidying up some of the javascript to work better in node. It grew from there. Although it's got a similar name to the Java library log4j, thinking that it will behave the same way will only bring you sorrow and confusion.
The full documentation is available here.
There have been a few changes between log4js 1.x and 2.x (and 0.x too). You should probably read this migration guide if things aren't working.
Out of the box it supports the following features:
- coloured console logging to stdout or stderr
- file appender, with configurable log rolling based on file size or date
- a logger for connect/express servers
- configurable log message layout/patterns
- different log levels for different log categories (make some parts of your app log as DEBUG, others only ERRORS, etc.)
Optional appenders are available:
- SMTP
- GELF
- Loggly
- Logstash (UDP and HTTP)
- logFaces (UDP and HTTP)
- RabbitMQ
- Redis
- Hipchat
- Slack
- mailgun
- InfluxDB
Getting help
Having problems? Jump on the slack channel, or create an issue. If you want to help out with the development, the slack channel is a good place to go as well.
installation
1npm install log4js
usage
Minimalist version:
1var log4js = require("log4js"); 2var logger = log4js.getLogger(); 3logger.level = "debug"; 4logger.debug("Some debug messages");
By default, log4js will not output any logs (so that it can safely be used in libraries). The level for the default category is set to OFF. To enable logs, set the level (as in the example). This will then output to stdout with the coloured layout (thanks to masylum), so for the above you would see:
1[2010-01-17 11:43:37.987] [DEBUG] [default] - Some debug messages
See example.js for a full example, but here's a snippet (also in examples/fromreadme.js):
1const log4js = require("log4js"); 2log4js.configure({ 3 appenders: { cheese: { type: "file", filename: "cheese.log" } }, 4 categories: { default: { appenders: ["cheese"], level: "error" } }, 5}); 6 7const logger = log4js.getLogger("cheese"); 8logger.trace("Entering cheese testing"); 9logger.debug("Got cheese."); 10logger.info("Cheese is Comté."); 11logger.warn("Cheese is quite smelly."); 12logger.error("Cheese is too ripe!"); 13logger.fatal("Cheese was breeding ground for listeria.");
Output (in cheese.log):
1[2010-01-17 11:43:37.987] [ERROR] cheese - Cheese is too ripe! 2[2010-01-17 11:43:37.990] [FATAL] cheese - Cheese was breeding ground for listeria.
Note for library makers
If you're writing a library and would like to include support for log4js, without introducing a dependency headache for your users, take a look at log4js-api.
Documentation
Available here.
There's also an example application.
TypeScript
1import * as log4js from "log4js"; 2log4js.configure({ 3 appenders: { cheese: { type: "file", filename: "cheese.log" } }, 4 categories: { default: { appenders: ["cheese"], level: "error" } }, 5}); 6 7const logger = log4js.getLogger(); 8logger.level = "debug"; 9logger.debug("Some debug messages");
Contributing
We're always looking for people to help out. Jump on slack and discuss what you want to do. Also, take a look at the rules before submitting a pull request.
License
The original log4js was distributed under the Apache 2.0 License, and so is this. I've tried to keep the original copyright and author credits in place, except in sections that I have rewritten extensively.
Stable Version
The latest stable version of the package.
Stable Version
6.9.1
MODERATE
1
MODERATE
5.5/10
Summary
Incorrect Default Permissions in log4js
Affected Versions
< 6.4.0
Patched Versions
6.4.0
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
SAST tool detected but not run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Warn: 18 commits out of 28 are checked with a SAST tool
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
Found 5/11 approved changesets -- score normalized to 4
Reason
dependency not pinned by hash detected -- score normalized to 1
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-audit.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/npm-audit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-audit.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/npm-audit.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/npm-publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/npm-publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/npm-publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/npm-publish.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/log4js-node/log4js-node/npm-publish.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:65
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:67
- Warn: npmCommand not pinned by hash: .github/workflows/node.js.yml:72
- Info: 0 out of 12 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 6 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:26
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:27
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm-audit.yml:1
- Warn: no topLevel permission defined: .github/workflows/npm-publish.yml:1
- Info: no jobLevel write permissions found
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
4.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More